forked from linuxserver/Heimdall
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSettingsController.php
More file actions
141 lines (116 loc) · 3.95 KB
/
SettingsController.php
File metadata and controls
141 lines (116 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<?php
namespace App\Http\Controllers;
use App\Setting;
use App\SettingGroup;
use Exception;
use enshrined\svgSanitize\Sanitizer;
use Illuminate\Contracts\View\View;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
class SettingsController extends Controller
{
public function __construct()
{
parent::__construct();
$this->middleware('allowed');
}
public function index(): View
{
$settings = SettingGroup::with([
'settings',
])->orderBy('order', 'ASC')->get();
return view('settings.list')->with([
'groups' => $settings,
]);
}
/**
*
* @return RedirectResponse|View
*/
public function edit(int $id)
{
$setting = Setting::find($id);
//die("s: ".$setting->label);
if ((bool) $setting->system === true) {
return abort(404);
}
if (! is_null($setting)) {
return view('settings.edit')->with([
'setting' => $setting,
]);
} else {
$route = route('settings.list', []);
return redirect($route)
->with([
'errors' => collect([__('app.alert.error.not_exist')]),
]);
}
}
public function update(Request $request, int $id): RedirectResponse
{
$setting = Setting::find($id);
$user = $this->user();
$route = route('settings.index', []);
try {
if (is_null($setting)) {
throw new Exception('not_exists');
}
if ($setting->type === 'image') {
$validatedData = $request->validate([
'value' => 'image',
]);
if (!$request->hasFile('value')) {
throw new \Exception('file_too_big');
}
$image = $request->file('value');
$extension = $image->getClientOriginalExtension();
if ($extension === 'svg') {
$sanitizer = new Sanitizer();
$sanitizedSvg = $sanitizer->sanitize(file_get_contents($image->getRealPath()));
// Verify that the sanitization removed malicious content
if (strpos($sanitizedSvg, '<script>') !== false) {
throw new \Exception('SVG contains malicious content and cannot be uploaded.');
}
// Save the sanitized SVG back to the file
file_put_contents($image->getRealPath(), $sanitizedSvg);
}
$path = $image->store('backgrounds', 'public');
if ($path === null) {
throw new \Exception('file_not_stored');
}
$setting_value = $path;
} else {
$data = Setting::getInput($request);
$setting_value = $data->value;
}
$user->settings()->detach($setting->id);
$user->settings()->save($setting, ['uservalue' => $setting_value]);
return redirect($route)
->with([
'success' => __('app.alert.success.setting_updated'),
]);
} catch (Exception $e) {
return redirect($route)
->with([
'errors' => collect([__('app.alert.error.' . $e->getMessage())]),
]);
}
}
public function clear(int $id): RedirectResponse
{
$user = $this->user();
$setting = Setting::find($id);
if ((bool) $setting->system !== true) {
$user->settings()->detach($setting->id);
$user->settings()->save($setting, ['uservalue' => '']);
}
$route = route('settings.index', []);
return redirect($route)
->with([
'success' => __('app.alert.success.setting_updated'),
]);
}
public function search(Request $request)
{
}
}