Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Remove vulnerable, unused file preview route
  • Loading branch information
Alanaktion committed Mar 12, 2022
1 parent 00c6bbf commit 58e4b5f
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 37 deletions.
36 changes: 0 additions & 36 deletions app/controller/files.php
Expand Up @@ -214,42 +214,6 @@ public function avatar($f3, $params)
}
}

/**
* GET /files/preview/@id
*
* @param \Base $f3
* @param array $params
* @throws \Exception
*/
public function preview($f3, $params)
{
$file = new \Model\Issue\File();
$file->load($params["id"]);

if (!$file->id || !is_file($file->disk_filename)) {
$f3->error(404);
return;
}

if (substr($file->content_type, 0, 5) == "image" || $file->content_type == "text/plain") {
$this->_sendFile($file->disk_filename, $file->content_type, null, false);
return;
}

if ($file->content_type == "text/csv" || $file->content_type == "text/tsv") {
$delimiter = ",";
if ($file->content_type == "text/tsv") {
$delimiter = "\t";
}
$f3->set("file", $file);
$f3->set("delimiter", $delimiter);
$this->_render("issues/file/preview/table.html");
return;
}

$f3->reroute("/files/{$file->id}/{$file->filename}");
}

/**
* GET /files/@id/@name
*
Expand Down
1 change: 0 additions & 1 deletion app/routes.ini
Expand Up @@ -105,7 +105,6 @@ GET /backlog/@filter/@groupid = Controller\Backlog->redirect

; Files
GET /files/thumb/@size-@id.@format = Controller\Files->thumb
GET /files/preview/@id = Controller\Files->preview
GET /files/@id/@name = Controller\Files->file
GET /avatar/@size-@id.@format = Controller\Files->avatar

Expand Down

0 comments on commit 58e4b5f

Please sign in to comment.