I want to offer users in the userarea to download all files from the storage/app/downloads/ folder. I thought about doing it like this in the route file:
Route::get('/home/downloads/{file}', 'Home\DownloadController@show');
and in the controller:
public function show($filename)
{
$path = storage_path('app/downloads/' . $filename);
if(!\File::exists($path)){
return back();
}
return response()->download($path);
}
Now I could create a download link for example like this:
<a href="/home/downloads/logo.jpg">Download Logo</a>
I am just not sure if this is a safe way of doing it. Is it possible for users to download files outside the download folder? At least sneaky urls like
/home/downloads/../User.php
would not be recognizes in route/web.php. But I am not sure if I am overseeing some other possible danger.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire