Merge pull request bagisto#7740 from amit-webkul/image-issue

Fix vulnerability issue on product review image section
devansh-webkul · Jul 3, 2023 · bd19d3f · bd19d3f
2 parents 0914f37 + 5f86f04
commit bd19d3f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 12 deletions.
diff --git a/packages/Webkul/Product/src/Repositories/ProductReviewImageRepository.php b/packages/Webkul/Product/src/Repositories/ProductReviewImageRepository.php
@@ -12,7 +12,7 @@ class ProductReviewImageRepository extends Repository
      *
      * @return string
      */
-    function model(): string
+    public function model(): string
     {
         return 'Webkul\Product\Contracts\ProductReviewImage';
     }
@@ -30,7 +30,6 @@ public function uploadImages($data, $review)
 
         foreach ($data['attachments'] as $imageId => $image) {
             $file = 'attachments.' . $imageId;
-
             $dir = 'review/' . $review->id;
 
             if (
@@ -44,4 +43,4 @@ public function uploadImages($data, $review)
             }
         }
     }
-}
+}
diff --git a/packages/Webkul/Shop/src/Http/Controllers/ReviewController.php b/packages/Webkul/Shop/src/Http/Controllers/ReviewController.php
@@ -3,8 +3,8 @@
 namespace Webkul\Shop\Http\Controllers;
 
 use Webkul\Product\Repositories\ProductRepository;
-use Webkul\Product\Repositories\ProductReviewRepository;
 use Webkul\Product\Repositories\ProductReviewImageRepository;
+use Webkul\Product\Repositories\ProductReviewRepository;
 
 class ReviewController extends Controller
 {
@@ -20,8 +20,7 @@ public function __construct(
         protected ProductRepository $productRepository,
         protected ProductReviewRepository $productReviewRepository,
         protected ProductReviewImageRepository $productReviewImageRepository
-    )
-    {
+    ) {
         parent::__construct();
     }
 
@@ -62,9 +61,10 @@ public function create($slug)
     public function store($id)
     {
         $this->validate(request(), [
-            'comment' => 'required',
-            'rating'  => 'required|numeric|min:1|max:5',
-            'title'   => 'required',
+            'title'          => 'required',
+            'comment'        => 'required',
+            'rating'         => 'required|numeric|min:1|max:5',
+            'attachments.*'  => 'file|mimetypes:image/jpeg,image/png,image/gif,image/bmp,image/webp',
         ]);
 
         $product = $this->productRepository->find($id);
@@ -94,7 +94,7 @@ public function store($id)
      *
      * @param  string  $slug
      * @return \Illuminate\View\View
-    */
+     */
     public function show($slug)
     {
         $product = $this->productRepository->findBySlugOrFail($slug);
@@ -130,7 +130,7 @@ public function destroy($id)
      * Customer delete all reviews from their account
      *
      * @return \Illuminate\Http\Response
-    */
+     */
     public function deleteAll()
     {
         $reviews = auth()->guard('customer')->user()->all_reviews;
@@ -143,4 +143,4 @@ public function deleteAll()
 
         return redirect()->route($this->_config['redirect']);
     }
-}
+}