66use App \Models \Link ;
77use App \Models \Button ;
88use Illuminate \Support \Facades \Route ;
9+ use Illuminate \Support \Facades \File ;
910
1011class LinkTypeViewController extends Controller
1112{
@@ -55,28 +56,47 @@ public function getParamForm($typename, $linkId = 0)
5556 public function blockAsset (Request $ request$ type
5657 {
5758 $ asset$ requestquery ('asset ' );
58-
59+
5960 // Prevent directory traversal in $type
6061 if (preg_match ('/\.\.|\/| \\\\/ ' , $ type
6162 abort (403 , 'Unauthorized action. ' );
6263 }
63-
64+
6465 // Define allowed file extensions
6566 $ allowedExtensions'js ' , 'css ' , 'img ' , 'svg ' , 'gif ' , 'jpg ' , 'jpeg ' , 'png ' , 'mp4 ' , 'mp3 ' ];
66-
67+
6768 $ extensionstrtolower (pathinfo ($ assetPATHINFO_EXTENSION ));
6869 if (!in_array ($ extension$ allowedExtensions
6970 return response ('File type not allowed ' , Response::HTTP_FORBIDDEN );
7071 }
71-
72+
7273 $ basePathrealpath (base_path ("blocks/ $ type ));
73-
74+
7475 $ fullPathrealpath (base_path ("blocks/ $ type/ $ asset ));
75-
76+
7677 if (!$ fullPathfile_exists ($ fullPathstrpos ($ fullPath$ basePath0 ) {
7778 return response ('File not found ' , Response::HTTP_NOT_FOUND );
7879 }
79-
80- return response ()->file ($ fullPath
80+
81+ // Map file extensions to MIME types
82+ $ mimeTypes
83+ 'js ' => 'application/javascript ' ,
84+ 'css ' => 'text/css ' ,
85+ 'img ' => 'image/png ' ,
86+ 'svg ' => 'image/svg+xml ' ,
87+ 'gif ' => 'image/gif ' ,
88+ 'jpg ' => 'image/jpeg ' ,
89+ 'jpeg ' => 'image/jpeg ' ,
90+ 'png ' => 'image/png ' ,
91+ 'mp4 ' => 'video/mp4 ' ,
92+ 'mp3 ' => 'audio/mpeg ' ,
93+ ];
94+
95+ // Determine the MIME type using the mapping
96+ $ mimeType$ mimeTypes$ extension'application/octet-stream ' ;
97+
98+ return response ()->file ($ fullPath
99+ 'Content-Type ' => $ mimeType
100+ ]);
81101 }
82102}
0 commit comments