BookStack/app/Uploads/Attachment.php
Dan Brown c80396136f
Increased attachment link limit from 192 to 2k
Added test to cover.
Did attempt a 64k limit, but values over 2k significantly increase
chance of other issues since this URL may be used in redirect headers.
Would rather catch issues in-app.

For #4044
2023-02-20 13:05:23 +00:00

109 lines
2.7 KiB
PHP

<?php
namespace BookStack\Uploads;
use BookStack\Auth\Permissions\JointPermission;
use BookStack\Auth\Permissions\PermissionApplicator;
use BookStack\Auth\User;
use BookStack\Entities\Models\Entity;
use BookStack\Entities\Models\Page;
use BookStack\Model;
use BookStack\Traits\HasCreatorAndUpdater;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
/**
* @property int $id
* @property string $name
* @property string $path
* @property string $extension
* @property ?Page $page
* @property bool $external
* @property int $uploaded_to
* @property User $updatedBy
* @property User $createdBy
*
* @method static Entity|Builder visible()
*/
class Attachment extends Model
{
use HasCreatorAndUpdater;
use HasFactory;
protected $fillable = ['name', 'order'];
protected $hidden = ['path', 'page'];
protected $casts = [
'external' => 'bool',
];
/**
* Get the downloadable file name for this upload.
*/
public function getFileName(): string
{
if (str_contains($this->name, '.')) {
return $this->name;
}
return $this->name . '.' . $this->extension;
}
/**
* Get the page this file was uploaded to.
*/
public function page(): BelongsTo
{
return $this->belongsTo(Page::class, 'uploaded_to');
}
public function jointPermissions(): HasMany
{
return $this->hasMany(JointPermission::class, 'entity_id', 'uploaded_to')
->where('joint_permissions.entity_type', '=', 'page');
}
/**
* Get the url of this file.
*/
public function getUrl($openInline = false): string
{
if ($this->external && !str_starts_with($this->path, 'http')) {
return $this->path;
}
return url('/attachments/' . $this->id . ($openInline ? '?open=true' : ''));
}
/**
* Generate a HTML link to this attachment.
*/
public function htmlLink(): string
{
return '<a target="_blank" href="' . e($this->getUrl()) . '">' . e($this->name) . '</a>';
}
/**
* Generate a markdown link to this attachment.
*/
public function markdownLink(): string
{
return '[' . $this->name . '](' . $this->getUrl() . ')';
}
/**
* Scope the query to those attachments that are visible based upon related page permissions.
*/
public function scopeVisible(): Builder
{
$permissions = app()->make(PermissionApplicator::class);
return $permissions->restrictPageRelationQuery(
self::query(),
'attachments',
'uploaded_to'
);
}
}