From 58e4b5fcb6803b8c2c81fe0edcf15406cca209df Mon Sep 17 00:00:00 2001 From: Alan Hardman Date: Sat, 12 Mar 2022 11:17:57 -0700 Subject: [PATCH] Remove vulnerable, unused file preview route --- app/controller/files.php | 36 ------------------------------------ app/routes.ini | 1 - 2 files changed, 37 deletions(-) diff --git a/app/controller/files.php b/app/controller/files.php index 8b8fe1cb..3014213f 100644 --- a/app/controller/files.php +++ b/app/controller/files.php @@ -214,42 +214,6 @@ public function avatar($f3, $params) } } - /** - * GET /files/preview/@id - * - * @param \Base $f3 - * @param array $params - * @throws \Exception - */ - public function preview($f3, $params) - { - $file = new \Model\Issue\File(); - $file->load($params["id"]); - - if (!$file->id || !is_file($file->disk_filename)) { - $f3->error(404); - return; - } - - if (substr($file->content_type, 0, 5) == "image" || $file->content_type == "text/plain") { - $this->_sendFile($file->disk_filename, $file->content_type, null, false); - return; - } - - if ($file->content_type == "text/csv" || $file->content_type == "text/tsv") { - $delimiter = ","; - if ($file->content_type == "text/tsv") { - $delimiter = "\t"; - } - $f3->set("file", $file); - $f3->set("delimiter", $delimiter); - $this->_render("issues/file/preview/table.html"); - return; - } - - $f3->reroute("/files/{$file->id}/{$file->filename}"); - } - /** * GET /files/@id/@name * diff --git a/app/routes.ini b/app/routes.ini index 032723c5..ea27f262 100644 --- a/app/routes.ini +++ b/app/routes.ini @@ -105,7 +105,6 @@ GET /backlog/@filter/@groupid = Controller\Backlog->redirect ; Files GET /files/thumb/@size-@id.@format = Controller\Files->thumb -GET /files/preview/@id = Controller\Files->preview GET /files/@id/@name = Controller\Files->file GET /avatar/@size-@id.@format = Controller\Files->avatar