Merge remote-tracking branch 'origin/develop'

Signed-off-by: snipe <[email protected]>

# Conflicts:
#	config/version.php

Author: snipe

app/Console/Commands/ObjectImportCommand.php

@@ -6,6 +6,7 @@
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputOption;
 use Illuminate\Support\Facades\Log;
+use Symfony\Component\Console\Helper\ProgressIndicator;
 
 ini_set('max_execution_time', env('IMPORT_TIME_LIMIT', 600)); //600 seconds = 10 minutes
 ini_set('memory_limit', env('IMPORT_MEMORY_LIMIT', '500M'));
@@ -29,6 +30,11 @@ class ObjectImportCommand extends Command
      */
     protected $description = 'Import Items from CSV';
 
+    /**
+     * The progress indicator instance.
+     */
+    protected ProgressIndicator $progressIndicator;
+
     /**
      * Create a new command instance.
      *
@@ -39,15 +45,15 @@ public function __construct()
         parent::__construct();
     }
 
-    private $bar;
-
     /**
      * Execute the console command.
      *
      * @return mixed
      */
     public function handle()
     {
+        $this->progressIndicator = new ProgressIndicator($this->output);
+
         $filename = $this->argument('filename');
         $class = title_case($this->option('item-type'));
         $classString = "App\\Importer\\{$class}Importer";
@@ -61,46 +67,25 @@ public function handle()
         // This $logFile/useFiles() bit is currently broken, so commenting it out for now
         // $logFile = $this->option('logfile');
         // Log::useFiles($logFile);
-        $this->comment('======= Importing Items from '.$filename.' =========');
-        $importer->import();
+        $this->progressIndicator->start('======= Importing Items from '.$filename.' =========');
 
-        $this->bar = null;
+        $importer->import();
 
-        if (! empty($this->errors)) {
-            $this->comment('The following Errors were encountered.');
-            foreach ($this->errors as $asset => $error) {
-                $this->comment('Error: Item: '.$asset.' failed validation: '.json_encode($error));
-            }
-        } else {
-            $this->comment('All Items imported successfully!');
-        }
-        $this->comment('');
+        $this->progressIndicator->finish('Import finished.');
     }
 
-    public function errorCallback($item, $field, $errorString)
+    public function errorCallback($item, $field, $error)
     {
-        $this->errors[$item->name][$field] = $errorString;
+        $this->output->write("\x0D\x1B[2K");
+
+        $this->warn('Error: Item: '.$item->name.' failed validation: '.json_encode($error));
     }
 
-    public function progress($count)
+    public function progress($importedItemsCount)
     {
-        if (! $this->bar) {
-            $this->bar = $this->output->createProgressBar($count);
-        }
-        static $index = 0;
-        $index++;
-        if ($index < $count) {
-            $this->bar->advance();
-        } else {
-            $this->bar->finish();
-        }
+        $this->progressIndicator->advance();
     }
 
-    // Tracks the current item for error messages
-    private $updating;
-    // An array of errors encountered while parsing
-    private $errors;
-
     /**
      * Log a message to file, configurable by the --log-file parameter.
      * If a warning message is passed, we'll spit it to the console as well.

app/Helpers/Helper.php

@@ -1123,6 +1123,7 @@ public static function filetype_icon($filename)
             'png'   => 'far fa-image',
             'webp'   => 'far fa-image',
             'avif'   => 'far fa-image',
+            'svg' => 'fas fa-vector-square',
             // word
             'doc'   => 'far fa-file-word',
             'docx'   => 'far fa-file-word',
@@ -1135,7 +1136,7 @@ public static function filetype_icon($filename)
             //Text
             'txt'   => 'far fa-file-alt',
             'rtf'   => 'far fa-file-alt',
-            'xml'   => 'far fa-file-alt',
+            'xml'   => 'fas fa-code',
             // Misc
             'pdf'   => 'far fa-file-pdf',
             'lic'   => 'far fa-save',
@@ -1148,41 +1149,7 @@ public static function filetype_icon($filename)
         return 'far fa-file';
     }
 
-    public static function show_file_inline($filename)
-    {
-        $extension = substr(strrchr($filename, '.'), 1);
-
-        if ($extension) {
-            switch ($extension) {
-                case 'jpg':
-                case 'jpeg':
-                case 'gif':
-                case 'png':
-                case 'webp':
-                case 'avif':
-                    return true;
-                    break;
-                default:
-                    return false;
-            }
-        }
 
-        return false;
-    }
-
-    /**
-     * Generate a random encrypted password.
-     *
-     * @author Wes Hulette <[email protected]>
-     *
-     * @since 5.0.0
-     *
-     * @return string
-     */
-    public static function generateEncyrptedPassword(): string
-    {
-        return bcrypt(self::generateUnencryptedPassword());
-    }
 
     /**
      * Get a random unencrypted password.

app/Helpers/StorageHelper.php

@@ -7,6 +7,7 @@
 use Illuminate\Http\RedirectResponse;
 use Symfony\Component\HttpFoundation\BinaryFileResponse;
 use Symfony\Component\HttpFoundation\StreamedResponse;
+use Illuminate\Contracts\Filesystem\FileNotFoundException;
 class StorageHelper
 {
     public static function downloader($filename, $disk = 'default') : BinaryFileResponse | RedirectResponse | StreamedResponse
@@ -25,4 +26,64 @@ public static function downloader($filename, $disk = 'default') : BinaryFileResp
                 return Storage::disk($disk)->download($filename);
         }
     }
+
+
+    /**
+     * This determines the file types that should be allowed inline and checks their fileinfo extension
+     * to determine that they are safe to display inline.
+     *
+     * @author <A. Gianotto> [<[email protected]]>
+     * @since v7.0.14
+     * @param $file_with_path
+     * @return bool
+     */
+    public static function allowSafeInline($file_with_path) {
+
+        $allowed_inline = [
+            'pdf',
+            'svg',
+            'jpg',
+            'gif',
+            'svg',
+            'avif',
+            'webp',
+            'png',
+        ];
+
+
+        // The file exists and is allowed to be displayed inline
+        if (Storage::exists($file_with_path) && (in_array(pathinfo($file_with_path, PATHINFO_EXTENSION), $allowed_inline))) {
+            return true;
+        }
+        return false;
+
+    }
+
+    /**
+     * Decide whether to show the file inline or download it.
+     */
+    public static function showOrDownloadFile($file, $filename) {
+
+        $headers = [];
+
+        if (request('inline') == 'true') {
+
+            $headers = [
+                'Content-Disposition' => 'inline',
+            ];
+
+            // This is NOT allowed as inline - force it to be displayed as text in the browser
+            if (self::allowSafeInline($file) != true) {
+                $headers = array_merge($headers, ['Content-Type' => 'text/plain']);
+            }
+        }
+
+        // Everything else seems okay, but the file doesn't exist on the server.
+        if (Storage::missing($file)) {
+            throw new FileNotFoundException();
+        }
+
+        return Storage::download($file, $filename, $headers);
+
+    }
 }

app/Http/Controllers/Accessories/AccessoriesFilesController.php

@@ -106,50 +106,29 @@ public function destroy($accessoryId = null, $fileId = null) : RedirectResponse
      * @param int $accessoryId
      * @param int $fileId
      */
-    public function show($accessoryId = null, $fileId = null, $download = true) : View | RedirectResponse | Response | BinaryFileResponse | StreamedResponse
+    public function show($accessoryId = null, $fileId = null) : View | RedirectResponse | Response | BinaryFileResponse | StreamedResponse
     {
 
-        Log::debug('Private filesystem is: '.config('filesystems.default'));
-        $accessory = Accessory::find($accessoryId);
-
-
 
         // the accessory is valid
-        if (isset($accessory->id)) {
+        if ($accessory = Accessory::find($accessoryId)) {
             $this->authorize('view', $accessory);
             $this->authorize('accessories.files', $accessory);
 
-            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $accessory->id)->find($fileId)) {
-                return redirect()->route('accessories.index')->with('error',  trans('admin/users/message.log_record_not_found'));
-            }
-
-            $file = 'private_uploads/accessories/'.$log->filename;
-
-            if (Storage::missing($file)) {
-                Log::debug('FILE DOES NOT EXISTS for '.$file);
-                Log::debug('URL should be '.Storage::url($file));
+            if ($log = Actionlog::whereNotNull('filename')->where('item_id', $accessory->id)->find($fileId)) {
+                $file = 'private_uploads/accessories/'.$log->filename;
 
-                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
-            } else {
-
-                // Display the file inline
-                if (request('inline') == 'true') {
-                    $headers = [
-                        'Content-Disposition' => 'inline',
-                    ];
-                    return Storage::download($file, $log->filename, $headers);
+                try {
+                    return StorageHelper::showOrDownloadFile($file, $log->filename);
+                } catch (\Exception $e) {
+                    return redirect()->route('accessories.show', ['accessory' => $accessory])->with('error',  trans('general.file_not_found'));
                 }
+            }
 
+            return redirect()->route('accessories.show', ['accessory' => $accessory])->with('error',  trans('general.log_record_not_found'));
 
-                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
-                // won't work, as they're not accessible via the web
-                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
-                    return StorageHelper::downloader($file);
-                }
-            }
         }
 
-        return redirect()->route('accessories.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
+        return redirect()->route('accessories.index')->with('error', trans('general.file_not_found'));
     }
 }

app/Http/Controllers/Api/StatuslabelsController.php

@@ -95,7 +95,8 @@ public function store(Request $request) : JsonResponse
         $request->except('deployable', 'pending', 'archived');
 
         if (! $request->filled('type')) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, ['type' => ['Status label type is required.']]), 500);
+
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['type' => ['Status label type is required.']]));
         }
 
         $statuslabel = new Statuslabel;

app/Http/Controllers/Assets/AssetFilesController.php

@@ -61,43 +61,30 @@ public function store(UploadFileRequest $request, $assetId = null) : RedirectRes
      */
     public function show($assetId = null, $fileId = null) : View | RedirectResponse | Response | StreamedResponse | BinaryFileResponse
     {
-        $asset = Asset::find($assetId);
-        // the asset is valid
-        if (isset($asset->id)) {
-            $this->authorize('view', $asset);
-
-            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $asset->id)->find($fileId)) {
-                return response('No matching record for that asset/file', 500)
-                    ->header('Content-Type', 'text/plain');
-            }
-
-            $file = 'private_uploads/assets/'.$log->filename;
+        if ($asset = Asset::find($assetId)) {
 
-            if ($log->action_type == 'audit') {
-                $file = 'private_uploads/audits/'.$log->filename;
-            }
+            $this->authorize('view', $asset);
 
-            if (! Storage::exists($file)) {
-                return response('File '.$file.' not found on server', 404)
-                    ->header('Content-Type', 'text/plain');
-            }
+            if ($log = Actionlog::whereNotNull('filename')->where('item_id', $asset->id)->find($fileId)) {
+                $file = 'private_uploads/assets/'.$log->filename;
 
-            if (request('inline') == 'true') {
+                if ($log->action_type == 'audit') {
+                    $file = 'private_uploads/audits/'.$log->filename;
+                }
 
-                $headers = [
-                    'Content-Disposition' => 'inline',
-                ];
+                try {
+                     return StorageHelper::showOrDownloadFile($file, $log->filename);
+                } catch (\Exception $e) {
+                    return redirect()->route('hardware.show', ['hardware' => $asset])->with('error',  trans('general.file_not_found'));
+                }
 
-                return Storage::download($file, $log->filename, $headers);
             }
 
-            return StorageHelper::downloader($file);
+            return redirect()->route('hardware.show', ['hardware' => $asset])->with('error',  trans('general.log_record_not_found'));
         }
-        // Prepare the error message
-        $error = trans('admin/hardware/message.does_not_exist', ['id' => $fileId]);
 
-        // Redirect to the hardware management page
-        return redirect()->route('hardware.index')->with('error', $error);
+        return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
+
     }
 
     /**

app/Http/Controllers/Assets/AssetsController.php

@@ -17,7 +17,6 @@
 use App\Models\Setting;
 use App\Models\Statuslabel;
 use App\Models\User;
-use Illuminate\Support\Facades\Auth;
 use App\View\Label;
 use Carbon\Carbon;
 use Illuminate\Support\Facades\DB;