Add Views to blog#10
Conversation
|
|
||
| public function uploadImage(Request $request, Response $response, $args) | ||
| { | ||
| $params = $request->getParsedBody(); |
There was a problem hiding this comment.
At the moment, this allows anybody to upload files, to a folder that is publicly accessible via the web server. This is a major security vulnerability. I'd recommend reading https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload for why this is a bad idea.
A way around this could be to add something similar to the blog editing method.
| return $this->ci->view->render($response, 'raw/upload_message.json.twig', [ | ||
| 'image_url' => $image_url, | ||
| ]); | ||
| } |
There was a problem hiding this comment.
Instead of using twig to generate JSON, Slim has a way of being able to automatically generate the JSON for you:
return $response->withJson([
'image_url' => $image_url,
]);
There was a problem hiding this comment.
Although having said that, in newer versions of Slim this has disappeared, so something like this would be better.
$payload = json_encode([
'image_url' => $image_url,
], JSON_THROW_ON_ERROR);
$response->getBody()->write($payload);
return $response->withHeader('Content-Type', 'application/json');
|
Apologies, I reviewed this a while ago but forgot to press the submit button 🙃 |
There was a problem hiding this comment.
Rather than re-creating a new base template, it'd be worth extending of UserFrosting's main one, so that it has the same style:
|
Thanks for submitting this PR. It does have quite a few new features in it; in future, could you do an individual pull-request per feature, it just makes reviewing and making sense of the changes a lot easier (and therefore take less time for it to be merged). |
| public function up() | ||
| { | ||
| $this->schema->table('blog_posts', function (Blueprint $table) { | ||
| $table->string('post_style_slug'); |
There was a problem hiding this comment.
There's a new column here, but it appears to not be used anywhere?
| public function up() | ||
| { | ||
| $this->schema->table('blogs', function (Blueprint $table) { | ||
| $table->string('blog_style_slug', 500)->unique()->comment('Style twig template file'); |
There was a problem hiding this comment.
There's a new column here, but it appears to not be used anywhere?
2 participants
Add Views to blog and blog post