groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-02-25 19:09:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Render HTML as plain text via attachment_view controller

Browse source 
This makes it consistent with the public paths and ensures all HTML is only rendered in our sandbox
This commit is contained in:
Jan Böhmer 2026-02-24 22:48:18 +01:00
parent 4a5cc454ce
commit a1fd3199d6
1 changed files with 19 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/Controller/AttachmentFileController.php
View file

@ -88,8 +88,10 @@ class AttachmentFileController extends AbstractController
$file_path = $this->helper->toAbsoluteInternalFilePath($attachment);
$response = new BinaryFileResponse($file_path);
$response = $this->forbidHTMLContentType($response);
//Set header content disposition, so that the file will be downloaded
$response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT);
$response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $attachment->getFilename());
return $response;
}
@ -105,8 +107,23 @@ class AttachmentFileController extends AbstractController
$file_path = $this->helper->toAbsoluteInternalFilePath($attachment);
$response = new BinaryFileResponse($file_path);
$response = $this->forbidHTMLContentType($response);
//Set header content disposition, so that the file will be downloaded
$response->setContentDisposition(ResponseHeaderBag::DISPOSITION_INLINE);
$response->setContentDisposition(ResponseHeaderBag::DISPOSITION_INLINE, $attachment->getFilename());
return $response;
}
private function forbidHTMLContentType(BinaryFileResponse $response): BinaryFileResponse
{
$mimeType = $response->getFile()->getMimeType();
if ($mimeType === 'text/html') {
$mimeType = 'text/plain';
}
$response->headers->set('Content-Type', $mimeType);
return $response;
}