From dddc85689bba2bba7a76c55053c8ebbd863b4563 Mon Sep 17 00:00:00 2001 From: jxlwqq Date: Wed, 25 Apr 2018 11:29:33 +0800 Subject: [PATCH 01/10] Update table.blade.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 解决 Files are opend as binary data 的问题。 #7 --- resources/views/table.blade.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/resources/views/table.blade.php b/resources/views/table.blade.php index 2d7fd22..6b66b56 100644 --- a/resources/views/table.blade.php +++ b/resources/views/table.blade.php @@ -336,7 +336,7 @@ function(){ {!! $item['preview'] !!} - + {{ $item['icon'] }} {{ basename($item['name']) }} @@ -346,7 +346,7 @@ function(){ @unless($item['isDir']) - + @endunless @@ -434,4 +434,4 @@ function(){ - \ No newline at end of file + From c36216247a996158920f6897783851ed77bda1f4 Mon Sep 17 00:00:00 2001 From: jxlwqq Date: Wed, 25 Apr 2018 11:32:21 +0800 Subject: [PATCH 02/10] Update list.blade.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 解决 Files are opend as binary data 的问题。 #7 --- resources/views/list.blade.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/resources/views/list.blade.php b/resources/views/list.blade.php index c1c78e1..3a7aa69 100644 --- a/resources/views/list.blade.php +++ b/resources/views/list.blade.php @@ -318,7 +318,7 @@ function(){ {!! $item['preview'] !!}
- + {{ $item['icon'] }} {{ basename($item['name']) }} @@ -333,7 +333,7 @@ function(){
  • Rename & Move
  • Delete
    • @unless($item['isDir']) -
  • Download
    • +
  • Download
    • @endunless
  • Url
    • @@ -419,4 +419,4 @@ function(){
    - \ No newline at end of file + From 16102ce6ffc788e459135c71cdb16da2fb5d1923 Mon Sep 17 00:00:00 2001 From: Song Date: Wed, 25 Apr 2018 14:10:18 +0800 Subject: [PATCH 03/10] Update composer.json --- composer.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index 9b10c9a..76f55ce 100644 --- a/composer.json +++ b/composer.json @@ -13,12 +13,12 @@ ], "require": { "php": ">=7.0.0", - "laravel/framework": "5.5.*", - "encore/laravel-admin": "1.5.*" + "laravel/framework": "~5.5", + "encore/laravel-admin": "~1.5" }, "require-dev": { "phpunit/phpunit": "~6.0", - "laravel/laravel": "5.*" + "laravel/laravel": "~5.5" }, "autoload": { "psr-4": { From 3545f3b88893ad4787ba89925503678b55b689c8 Mon Sep 17 00:00:00 2001 From: z-song Date: Sun, 23 Sep 2018 14:02:37 +0800 Subject: [PATCH 04/10] [fix] Fix issue #16 --- resources/views/list.blade.php | 96 +++++++++++++++++++-------------- resources/views/table.blade.php | 96 +++++++++++++++++++-------------- 2 files changed, 112 insertions(+), 80 deletions(-) diff --git a/resources/views/list.blade.php b/resources/views/list.blade.php index 3a7aa69..25e5d2b 100644 --- a/resources/views/list.blade.php +++ b/resources/views/list.blade.php @@ -74,29 +74,37 @@ showCancelButton: true, confirmButtonColor: "#DD6B55", confirmButtonText: "{{ trans('admin.confirm') }}", + showLoaderOnConfirm: true, closeOnConfirm: false, - cancelButtonText: "{{ trans('admin.cancel') }}" - }, - function(){ - $.ajax({ - method: 'delete', - url: '{{ $url['delete'] }}', - data: { - 'files[]':[path], - _token:LA.token, - }, - success: function (data) { - $.pjax.reload('#pjax-container'); - - if (typeof data === 'object') { - if (data.status) { - swal(data.message, '', 'success'); - } else { - swal(data.message, '', 'error'); + cancelButtonText: "{{ trans('admin.cancel') }}", + preConfirm: function() { + return new Promise(function(resolve) { + + $.ajax({ + method: 'delete', + url: '{{ $url['delete'] }}', + data: { + 'files[]':[path], + _token:LA.token + }, + success: function (data) { + $.pjax.reload('#pjax-container'); + + resolve(data); } - } + }); + + }); + } + }).then(function(result){ + var data = result.value; + if (typeof data === 'object') { + if (data.status) { + swal(data.message, '', 'success'); + } else { + swal(data.message, '', 'error'); } - }); + } }); }); @@ -215,29 +223,37 @@ function closeModal() { showCancelButton: true, confirmButtonColor: "#DD6B55", confirmButtonText: "{{ trans('admin.confirm') }}", + showLoaderOnConfirm: true, closeOnConfirm: false, - cancelButtonText: "{{ trans('admin.cancel') }}" - }, - function(){ - $.ajax({ - method: 'delete', - url: '{{ $url['delete'] }}', - data: { - 'files[]': files, - _token:LA.token, - }, - success: function (data) { - $.pjax.reload('#pjax-container'); - - if (typeof data === 'object') { - if (data.status) { - swal(data.message, '', 'success'); - } else { - swal(data.message, '', 'error'); + cancelButtonText: "{{ trans('admin.cancel') }}", + preConfirm: function() { + return new Promise(function(resolve) { + + $.ajax({ + method: 'delete', + url: '{{ $url['delete'] }}', + data: { + 'files[]': files, + _token:LA.token + }, + success: function (data) { + $.pjax.reload('#pjax-container'); + + resolve(data); } - } + }); + + }); + } + }).then(function (result) { + var data = result.value; + if (typeof data === 'object') { + if (data.status) { + swal(data.message, '', 'success'); + } else { + swal(data.message, '', 'error'); } - }); + } }); }); }); diff --git a/resources/views/table.blade.php b/resources/views/table.blade.php index 6b66b56..d42ce5e 100644 --- a/resources/views/table.blade.php +++ b/resources/views/table.blade.php @@ -52,29 +52,37 @@ showCancelButton: true, confirmButtonColor: "#DD6B55", confirmButtonText: "{{ trans('admin.confirm') }}", + showLoaderOnConfirm: true, closeOnConfirm: false, - cancelButtonText: "{{ trans('admin.cancel') }}" - }, - function(){ - $.ajax({ - method: 'delete', - url: '{{ $url['delete'] }}', - data: { - 'files[]':[path], - _token:LA.token, - }, - success: function (data) { - $.pjax.reload('#pjax-container'); - - if (typeof data === 'object') { - if (data.status) { - swal(data.message, '', 'success'); - } else { - swal(data.message, '', 'error'); + cancelButtonText: "{{ trans('admin.cancel') }}", + preConfirm: function() { + return new Promise(function(resolve) { + + $.ajax({ + method: 'delete', + url: '{{ $url['delete'] }}', + data: { + 'files[]':[path], + _token:LA.token + }, + success: function (data) { + $.pjax.reload('#pjax-container'); + + resolve(data); } - } + }); + + }); + } + }).then(function(result){ + var data = result.value; + if (typeof data === 'object') { + if (data.status) { + swal(data.message, '', 'success'); + } else { + swal(data.message, '', 'error'); } - }); + } }); }); @@ -215,29 +223,37 @@ function closeModal() { showCancelButton: true, confirmButtonColor: "#DD6B55", confirmButtonText: "{{ trans('admin.confirm') }}", + showLoaderOnConfirm: true, closeOnConfirm: false, - cancelButtonText: "{{ trans('admin.cancel') }}" - }, - function(){ - $.ajax({ - method: 'delete', - url: '{{ $url['delete'] }}', - data: { - 'files[]': files, - _token:LA.token, - }, - success: function (data) { - $.pjax.reload('#pjax-container'); - - if (typeof data === 'object') { - if (data.status) { - swal(data.message, '', 'success'); - } else { - swal(data.message, '', 'error'); + cancelButtonText: "{{ trans('admin.cancel') }}", + preConfirm: function() { + return new Promise(function(resolve) { + + $.ajax({ + method: 'delete', + url: '{{ $url['delete'] }}', + data: { + 'files[]': files, + _token:LA.token + }, + success: function (data) { + $.pjax.reload('#pjax-container'); + + resolve(data); } - } + }); + + }); + } + }).then(function (result) { + var data = result.value; + if (typeof data === 'object') { + if (data.status) { + swal(data.message, '', 'success'); + } else { + swal(data.message, '', 'error'); } - }); + } }); }); From 08ef816da82e543f7519d6b17aa34f1ef13adaab Mon Sep 17 00:00:00 2001 From: z-song Date: Mon, 14 Oct 2019 17:05:25 +0800 Subject: [PATCH 05/10] =?UTF-8?q?=E5=85=BC=E5=AE=B9laravel=206.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.json | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/composer.json b/composer.json index 76f55ce..f7b05cb 100644 --- a/composer.json +++ b/composer.json @@ -13,12 +13,10 @@ ], "require": { "php": ">=7.0.0", - "laravel/framework": "~5.5", - "encore/laravel-admin": "~1.5" + "encore/laravel-admin": "~1.6" }, "require-dev": { - "phpunit/phpunit": "~6.0", - "laravel/laravel": "~5.5" + "phpunit/phpunit": "~6.0" }, "autoload": { "psr-4": { @@ -30,7 +28,6 @@ "providers": [ "Encore\\Admin\\Media\\MediaServiceProvider" ] - } } } From 81ffd69701058035aeadefdefbb01e83f3fe2ae3 Mon Sep 17 00:00:00 2001 From: dobs Date: Fri, 8 May 2020 10:37:17 +0300 Subject: [PATCH 06/10] Some security fixes --- README.md | 5 +++-- src/MediaController.php | 42 +++++++++++++++++++++++------------------ src/MediaManager.php | 33 +++++++++++++++++++++++++++----- 3 files changed, 55 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 49cd7cb..bdbca04 100644 --- a/README.md +++ b/README.md @@ -30,9 +30,10 @@ Add a disk config in `config/admin.php`: 'extensions' => [ 'media-manager' => [ - +            // Select a local disk that you configured in `config/filesystem.php` -         'disk' => 'public' +         'disk' => 'public', + 'allowed_ext' => 'jpg,jpeg,png,pdf,doc,docx,zip' ], ], diff --git a/src/MediaController.php b/src/MediaController.php index 47df705..bccbe3a 100644 --- a/src/MediaController.php +++ b/src/MediaController.php @@ -1,5 +1,4 @@ header('Media manager'); + $content->header('Media manager'); - $path = $request->get('path', '/'); - $view = $request->get('view', 'table'); + $path = $request->get('path', '/'); + $view = $request->get('view', 'table'); - $manager = new MediaManager($path); + $manager = new MediaManager($path); - $content->body(view("laravel-admin-media::$view", [ + $content->body(view("laravel-admin-media::$view", [ 'list' => $manager->ls(), 'nav' => $manager->navigation(), 'url' => $manager->urls(), - ])); - }); + ])); + }); } public function download(Request $request) @@ -33,7 +32,14 @@ public function download(Request $request) $manager = new MediaManager($file); - return $manager->download(); + try { + return $manager->download(); + } catch (\Exception $e) { + return response()->json([ + 'status' => false, + 'message' => $e->getMessage(), + ]); + } } public function upload(Request $request) @@ -63,14 +69,14 @@ public function delete(Request $request) try { if ($manager->delete($files)) { return response()->json([ - 'status' => true, - 'message' => trans('admin.delete_succeeded'), + 'status' => true, + 'message' => trans('admin.delete_succeeded'), ]); } } catch (\Exception $e) { return response()->json([ - 'status' => true, - 'message' => $e->getMessage(), + 'status' => false, + 'message' => $e->getMessage(), ]); } } @@ -85,14 +91,14 @@ public function move(Request $request) try { if ($manager->move($new)) { return response()->json([ - 'status' => true, - 'message' => trans('admin.move_succeeded'), + 'status' => true, + 'message' => trans('admin.move_succeeded'), ]); } } catch (\Exception $e) { return response()->json([ - 'status' => true, - 'message' => $e->getMessage(), + 'status' => false, + 'message' => $e->getMessage(), ]); } } @@ -113,7 +119,7 @@ public function newFolder(Request $request) } } catch (\Exception $e) { return response()->json([ - 'status' => true, + 'status' => false, 'message' => $e->getMessage(), ]); } diff --git a/src/MediaManager.php b/src/MediaManager.php index 68710ff..1858965 100644 --- a/src/MediaManager.php +++ b/src/MediaManager.php @@ -26,6 +26,12 @@ class MediaManager extends Extension */ protected $storage; + /** + * List of allowed extensions. + * @var string + */ + protected $allowed = []; + /** * @var array */ @@ -50,6 +56,10 @@ public function __construct($path = '/') { $this->path = $path; + if (!empty(config('admin.extensions.media-manager.allowed_ext'))) { + $this->allowed = explode(',', config('admin.extensions.media-manager.allowed_ext')); + } + $this->initStorage(); } @@ -77,10 +87,10 @@ public function ls() $directories = $this->storage->directories($this->path); return $this->formatDirectories($directories) - ->merge($this->formatFiles($files)) - ->sort(function ($item) { - return $item['name']; - })->all(); + ->merge($this->formatFiles($files)) + ->sort(function ($item) { + return $item['name']; + })->all(); } /** @@ -92,7 +102,11 @@ public function ls() */ protected function getFullPath($path) { - return $this->storage->getDriver()->getAdapter()->applyPathPrefix($path); + $path = $this->storage->getDriver()->getAdapter()->applyPathPrefix($path); + if (strstr($fullPath, '..')) { + throw new \Exception('Incorrect path'); + } + return $path; } public function download() @@ -125,6 +139,11 @@ public function delete($path) public function move($new) { + $ext = pathinfo($new, PATHINFO_EXTENSION); + if ($this->allowed && !in_array($ext, $this->allowed)) { + throw new \Exception('File extension ' . $ext . ' is not allowed'); + } + return $this->storage->move($this->path, $new); } @@ -137,6 +156,10 @@ public function move($new) public function upload($files = []) { foreach ($files as $file) { + if ($this->allowed && !in_array($file->getClientOriginalExtension(), $this->allowed)) { + throw new \Exception('File extension ' . $file->getClientOriginalExtension() . ' is not allowed'); + } + $this->storage->putFileAs($this->path, $file, $file->getClientOriginalName()); } From e014ef07c89c0bd9dc6513bd4cd714ff3fb0f6a6 Mon Sep 17 00:00:00 2001 From: dobs Date: Fri, 8 May 2020 11:00:13 +0300 Subject: [PATCH 07/10] CI fix --- src/MediaController.php | 33 +++++++++++++++++---------------- src/MediaManager.php | 6 ++++-- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/src/MediaController.php b/src/MediaController.php index bccbe3a..f6b96a3 100644 --- a/src/MediaController.php +++ b/src/MediaController.php @@ -1,4 +1,5 @@ header('Media manager'); + $content->header('Media manager'); - $path = $request->get('path', '/'); - $view = $request->get('view', 'table'); + $path = $request->get('path', '/'); + $view = $request->get('view', 'table'); - $manager = new MediaManager($path); + $manager = new MediaManager($path); - $content->body(view("laravel-admin-media::$view", [ + $content->body(view("laravel-admin-media::$view", [ 'list' => $manager->ls(), 'nav' => $manager->navigation(), 'url' => $manager->urls(), - ])); - }); + ])); + }); } public function download(Request $request) @@ -36,7 +37,7 @@ public function download(Request $request) return $manager->download(); } catch (\Exception $e) { return response()->json([ - 'status' => false, + 'status' => false, 'message' => $e->getMessage(), ]); } @@ -69,14 +70,14 @@ public function delete(Request $request) try { if ($manager->delete($files)) { return response()->json([ - 'status' => true, - 'message' => trans('admin.delete_succeeded'), + 'status' => true, + 'message' => trans('admin.delete_succeeded'), ]); } } catch (\Exception $e) { return response()->json([ - 'status' => false, - 'message' => $e->getMessage(), + 'status' => false, + 'message' => $e->getMessage(), ]); } } @@ -91,14 +92,14 @@ public function move(Request $request) try { if ($manager->move($new)) { return response()->json([ - 'status' => true, - 'message' => trans('admin.move_succeeded'), + 'status' => true, + 'message' => trans('admin.move_succeeded'), ]); } } catch (\Exception $e) { return response()->json([ - 'status' => false, - 'message' => $e->getMessage(), + 'status' => false, + 'message' => $e->getMessage(), ]); } } diff --git a/src/MediaManager.php b/src/MediaManager.php index 1858965..a8357da 100644 --- a/src/MediaManager.php +++ b/src/MediaManager.php @@ -28,6 +28,7 @@ class MediaManager extends Extension /** * List of allowed extensions. + * * @var string */ protected $allowed = []; @@ -106,6 +107,7 @@ protected function getFullPath($path) if (strstr($fullPath, '..')) { throw new \Exception('Incorrect path'); } + return $path; } @@ -141,7 +143,7 @@ public function move($new) { $ext = pathinfo($new, PATHINFO_EXTENSION); if ($this->allowed && !in_array($ext, $this->allowed)) { - throw new \Exception('File extension ' . $ext . ' is not allowed'); + throw new \Exception('File extension '.$ext.' is not allowed'); } return $this->storage->move($this->path, $new); @@ -157,7 +159,7 @@ public function upload($files = []) { foreach ($files as $file) { if ($this->allowed && !in_array($file->getClientOriginalExtension(), $this->allowed)) { - throw new \Exception('File extension ' . $file->getClientOriginalExtension() . ' is not allowed'); + throw new \Exception('File extension '.$file->getClientOriginalExtension().' is not allowed'); } $this->storage->putFileAs($this->path, $file, $file->getClientOriginalName()); From 667268240251ba6faec39fc44df6d32fe08d5fd2 Mon Sep 17 00:00:00 2001 From: Song Date: Mon, 28 Sep 2020 16:24:32 +0800 Subject: [PATCH 08/10] Update README.md --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 49cd7cb..64cd8ba 100644 --- a/README.md +++ b/README.md @@ -17,10 +17,14 @@ Media manager for `local` disk. ## Installation -``` -$ composer require laravel-admin-ext/media-manager -vvv +```shell +// For laravel-admin 1.x +composer require laravel-admin-ext/media-manager:1.x -vvv + +// For laravel-admin 2.x +composer require laravel-admin-ext/media-manager:2.x -vvv -$ php artisan admin:import media-manager +php artisan admin:import media-manager ``` Add a disk config in `config/admin.php`: From cd45d7e3600187be12402076c31c8d8e02037d87 Mon Sep 17 00:00:00 2001 From: Yomag84 Date: Sun, 17 Oct 2021 01:19:20 +0100 Subject: [PATCH 09/10] Path erro Correcting the path --- src/MediaManager.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/MediaManager.php b/src/MediaManager.php index a8357da..4a71c85 100644 --- a/src/MediaManager.php +++ b/src/MediaManager.php @@ -103,12 +103,12 @@ public function ls() */ protected function getFullPath($path) { - $path = $this->storage->getDriver()->getAdapter()->applyPathPrefix($path); + $fullPath = $this->storage->getDriver()->getAdapter()->applyPathPrefix($path); if (strstr($fullPath, '..')) { throw new \Exception('Incorrect path'); } - return $path; + return fullPath; } public function download() From 58ca6459ded495df78b0d6905ad21fc73ed1e682 Mon Sep 17 00:00:00 2001 From: Ergashev Adizbek Date: Sat, 20 Nov 2021 22:46:57 +0500 Subject: [PATCH 10/10] Update MediaManager.php Fix var name --- src/MediaManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/MediaManager.php b/src/MediaManager.php index 4a71c85..392e264 100644 --- a/src/MediaManager.php +++ b/src/MediaManager.php @@ -108,7 +108,7 @@ protected function getFullPath($path) throw new \Exception('Incorrect path'); } - return fullPath; + return $fullPath; } public function download()