aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5927 from pixelfed/staging

Browse Source 
Update ReportController, fix type validation
pull/5895/head^2
daniel 5 months ago committed by GitHub
parent 87887f4c67 ccc7f2fc69
commit e5dc95953a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 81 additions and 34 deletions
Show Stats Download Patch File Download Diff File

73
app/Http/Controllers/ReportController.php
Unescape Escape View File

@ -2,13 +2,13 @@
namespace App\Http\Controllers; namespace App\Http\Controllers;
use App\Jobs\ReportPipeline\ReportNotifyAdminViaEmail;
use App\Models\Group;
use App\Profile; use App\Profile;
use App\Report; use App\Report;
use App\Status; use App\Status;
use App\User;
use Auth; use Auth;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Jobs\ReportPipeline\ReportNotifyAdminViaEmail;
class ReportController extends Controller class ReportController extends Controller
{ {
@ -22,10 +22,33 @@ class ReportController extends Controller
public function showForm(Request $request) public function showForm(Request $request)
{ {
$this->validate($request, [ $this->validate($request, [
'type' => 'required|alpha_dash', 'type' => 'required|alpha_dash|in:comment,group,post,user',
'id' => 'required|integer|min:1', 'id' => 'required|integer|min:1',
]); ]);
$type = $request->input('type');
$id = $request->input('id');
$pid = $request->user()->profile_id;
switch ($request->input('type')) {
case 'post':
case 'comment':
Status::findOrFail($id);
break;
case 'user':
Profile::findOrFail($id);
break;
case 'group':
Group::where('profile_id', '!=', $pid)->findOrFail($id);
break;
default:
// code...
break;
}
return view('report.form'); return view('report.form');
} }
@ -110,17 +133,19 @@ class ReportController extends Controller
'copyright', 'copyright',
'impersonation', 'impersonation',
'scam', 'scam',
'terrorism' 'terrorism',
]; ];
if (!in_array($reportType, $types)) { if (! in_array($reportType, $types)) {
if($request->wantsJson()) { if ($request->wantsJson()) {
return abort(400, 'Invalid report type'); return abort(400, 'Invalid report type');
} else { } else {
return redirect('/timeline')->with('error', 'Invalid report type'); return redirect('/timeline')->with('error', 'Invalid report type');
} }
} }
$rpid = null;
switch ($object_type) { switch ($object_type) {
case 'post': case 'post':
$object = Status::findOrFail($object_id); $object = Status::findOrFail($object_id);
@ -129,10 +154,32 @@ class ReportController extends Controller
->whereObjectId($object->id) ->whereObjectId($object->id)
->whereObjectType('App\Status') ->whereObjectType('App\Status')
->count(); ->count();
$rpid = $object->profile_id;
break;
case 'user':
$object = Profile::findOrFail($object_id);
$object_type = 'App\Profile';
$exists = Report::whereUserId(Auth::id())
->whereObjectId($object->id)
->whereObjectType('App\Profile')
->count();
$rpid = $object->id;
break;
case 'group':
$object = Group::findOrFail($object_id);
$object_type = 'App\Models\Group';
$exists = Report::whereUserId(Auth::id())
->whereObjectId($object->id)
->whereObjectType('App\Models\Group')
->count();
$rpid = $object->profile_id;
break; break;
default: default:
if($request->wantsJson()) { if ($request->wantsJson()) {
return abort(400, 'Invalid report type'); return abort(400, 'Invalid report type');
} else { } else {
return redirect('/timeline')->with('error', 'Invalid report type'); return redirect('/timeline')->with('error', 'Invalid report type');
@ -141,7 +188,7 @@ class ReportController extends Controller
} }
if ($exists !== 0) { if ($exists !== 0) {
if($request->wantsJson()) { if ($request->wantsJson()) {
return response()->json(200); return response()->json(200);
} else { } else {
return redirect('/timeline')->with('error', 'You have already reported this!'); return redirect('/timeline')->with('error', 'You have already reported this!');
@ -149,28 +196,28 @@ class ReportController extends Controller
} }
if ($object->profile_id == $profile->id) { if ($object->profile_id == $profile->id) {
if($request->wantsJson()) { if ($request->wantsJson()) {
return response()->json(200); return response()->json(200);
} else { } else {
return redirect('/timeline')->with('error', 'You cannot report your own content!'); return redirect('/timeline')->with('error', 'You cannot report your own content!');
} }
} }
$report = new Report(); $report = new Report;
$report->profile_id = $profile->id; $report->profile_id = $profile->id;
$report->user_id = Auth::id(); $report->user_id = Auth::id();
$report->object_id = $object->id; $report->object_id = $object->id;
$report->object_type = $object_type; $report->object_type = $object_type;
$report->reported_profile_id = $object->profile_id; $report->reported_profile_id = $rpid;
$report->type = $request->input('report'); $report->type = $request->input('report');
$report->message = e($request->input('msg')); $report->message = e($request->input('msg'));
$report->save(); $report->save();
if(config('instance.reports.email.enabled')) { if (config('instance.reports.email.enabled')) {
ReportNotifyAdminViaEmail::dispatch($report)->onQueue('default'); ReportNotifyAdminViaEmail::dispatch($report)->onQueue('default');
} }
if($request->wantsJson()) { if ($request->wantsJson()) {
return response()->json(200); return response()->json(200);
} else { } else {
return redirect('/timeline')->with('status', 'Report successfully sent!'); return redirect('/timeline')->with('status', 'Report successfully sent!');

Write Preview
Loading…
Cancel
Save