Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

Updated drawing uploads to use user id in image name

Browse Source 
- Instead of user name.
- Due to issues with advanced charts like emoji zero-width-joiners.
- Could also have security concerns on untrusted instances with certain
webserver config due to double extension possibilities.

Closes #1993
This commit is contained in:
Dan Brown 2020-04-04 00:48:32 +01:00
parent ef416d3e86
commit 3500182c5f
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Uploads/ImageRepo.php
View File

@ -138,7 +138,7 @@ class ImageRepo
*/ */
public function saveDrawing(string $base64Uri, int $uploadedTo): Image public function saveDrawing(string $base64Uri, int $uploadedTo): Image
{ {
$name = 'Drawing-' . user()->getShortName(40) . '-' . strval(time()) . '.png'; $name = 'Drawing-' . strval(user()->id) . '-' . strval(time()) . '.png';
return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo); return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
} }