aboutsummaryrefslogtreecommitdiffhomepage
path: root/main/app/sprinkles/core
diff options
context:
space:
mode:
authorMarvin Borner2018-04-27 17:28:52 +0200
committerMarvin Borner2018-04-27 17:28:52 +0200
commit4595d19b8db1ed258bbfa24ac2af8768c105354d (patch)
tree5533c1d8726d67af6b648c85c8702899f6d5b687 /main/app/sprinkles/core
parent111c0366708428c49b4e3a1d28b5628b6aec6c06 (diff)
Added many security/verifying things for image upload
Diffstat (limited to 'main/app/sprinkles/core')
-rw-r--r--main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php3
-rw-r--r--main/app/sprinkles/core/templates/pages/test.html.twig19
2 files changed, 4 insertions, 18 deletions
diff --git a/main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php b/main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php
index 3f562a9..c67b886 100644
--- a/main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php
+++ b/main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php
@@ -235,9 +235,6 @@ class ServicesProvider
// Hacky fix to prevent sessions from being hit too much: ignore CSRF middleware for requests for raw assets ;-)
// See https://github.com/laravel/framework/issues/8172#issuecomment-99112012 for more information on why it's bad to hit Laravel sessions multiple times in rapid succession.
$csrfBlacklist = $config['csrf.blacklist'];
- $csrfBlacklist['^/api/posts/image'] = [
- 'POST'
- ];
$csrfBlacklist['^/' . $config['assets.raw.path']] = [
'GET'
];
diff --git a/main/app/sprinkles/core/templates/pages/test.html.twig b/main/app/sprinkles/core/templates/pages/test.html.twig
index 8df9b89..796ee72 100644
--- a/main/app/sprinkles/core/templates/pages/test.html.twig
+++ b/main/app/sprinkles/core/templates/pages/test.html.twig
@@ -1,19 +1,8 @@
-<form method="post" enctype="multipart/form-data" action="{{site.uri.public}}/api/posts/image">
+<form method="post" action="{{ site.uri.public }}/api/posts/image">
{% include "forms/csrf.html.twig" %}
<p>
- <label>Add file (single): </label><br/>
- <input type="file" name="example1"/>
- </p>
- <p>
- <label>Add files (up to 2): </label><br/>
- <input type="file" name="example2[]"/><br/>
- <input type="file" name="example2[]"/>
- </p>
- <p>
- <label>Add files (multiple): </label><br/>
- <input type="file" name="example3[]" multiple="multiple"/>
- </p>
- <p>
- <input type="submit"/>
+ <label>Upload file:</label><br/>
+ <input formenctype="multipart/form-data" type="file" name="image"/>
</p>
+ <input formenctype="multipart/form-data" type="submit"/>
</form> \ No newline at end of file