Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FileResponse: added some checks #238

Merged
merged 1 commit into from
Jan 3, 2020
Merged

FileResponse: added some checks #238

merged 1 commit into from
Jan 3, 2020

Conversation

tacoberu
Copy link
Contributor

  • bug fix? yes
  • BC break? no

If the file has strict privileges, it will crash the entire application.

dg
dg reviewed Nov 26, 2019
View reviewed changes
src/Application/Responses/FileResponse.php Outdated
@@ -40,6 +40,9 @@ public function __construct(string $file, string $name = null, string $contentTy
if (!is_file($file)) {
throw new Nette\Application\BadRequestException("File '$file' doesn't exist.");
}
if (!is_readable($file)) {
throw new Nette\Application\BadRequestException("File '$file' doesn't readable.");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is not readable sounds better

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure how useful the is_readable check is when you check fopen result later anyway.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JanTvrdik The sooner the better :-) But I don't insist on it.

dg
dg reviewed Nov 26, 2019
View reviewed changes
src/Application/Responses/FileResponse.php
@@ -88,6 +91,9 @@ public function send(Nette\Http\IRequest $httpRequest, Nette\Http\IResponse $htt

$filesize = $length = filesize($this->file);
$handle = fopen($this->file, 'r');
if (!$handle) {
throw new Nette\Application\BadRequestException("Cannot make handle of '{$this->file}'.");
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cannot open file?

@dg dg force-pushed the master branch 4 times, most recently from 7fe78c1 to 8f1bb54 Compare December 11, 2019 19:32
@dg dg changed the title Fix FileResponse FileResponse: added some checks Jan 3, 2020
@dg dg merged commit 54b0b5c into nette:master Jan 3, 2020
dg pushed a commit that referenced this pull request Jan 3, 2020
@tacoberu @dg
FileResponse: added some checks (#238)
98bd850
dg pushed a commit that referenced this pull request Jan 3, 2020
@tacoberu @dg
FileResponse: added some checks (#238)
285b421
dg pushed a commit that referenced this pull request Jan 4, 2020
@tacoberu @dg
FileResponse: added some checks (#238)
6dbc1b5
dg pushed a commit that referenced this pull request Jan 4, 2020
@tacoberu @dg
FileResponse: added some checks (#238)
9d25d36
dg pushed a commit that referenced this pull request Jan 4, 2020
@tacoberu @dg
FileResponse: added some checks (#238)
4d55dce
dg pushed a commit that referenced this pull request Jan 5, 2020
@tacoberu @dg
FileResponse: added some checks (#238)
fa35b41
dg pushed a commit that referenced this pull request Jan 5, 2020
@tacoberu @dg
FileResponse: added some checks (#238)
f1f2ced
dg pushed a commit that referenced this pull request Jan 5, 2020
@tacoberu @dg
FileResponse: added some checks (#238)
095b6f2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dg dg dg left review comments

@JanTvrdik JanTvrdik JanTvrdik left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tacoberu @JanTvrdik @dg