]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/SettingController.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #3556 from GongMingCai/development
[bookstack] / app / Http / Controllers / SettingController.php
diff --git a/app/Http/Controllers/SettingController.php b/app/Http/Controllers/SettingController.php
index 7f7f4c9caddd791d8b67a7d7f825edab50665667..f5e48ca4cc5413ae6c6afcbf5fbb091391e6ce6a 100644 (file)
--- a/app/Http/Controllers/SettingController.php
+++ b/app/Http/Controllers/SettingController.php
@@ -11,16 +11,27 @@ class SettingController extends Controller
 {
     protected ImageRepo $imageRepo;
 
 {
     protected ImageRepo $imageRepo;
 
+    protected array $settingCategories = ['features', 'customization', 'registration'];
+
     public function __construct(ImageRepo $imageRepo)
     {
         $this->imageRepo = $imageRepo;
     }
 
     /**
     public function __construct(ImageRepo $imageRepo)
     {
         $this->imageRepo = $imageRepo;
     }
 
     /**
-     * Display a listing of the settings.
+     * Handle requests to the settings index path.
+     */
+    public function index()
+    {
+        return redirect('/settings/features');
+    }
+
+    /**
+     * Display the settings for the given category.
      */
      */
-    public function index(string $category)
+    public function category(string $category)
     {
     {
+        $this->ensureCategoryExists($category);
         $this->checkPermission('settings-manage');
         $this->setPageTitle(trans('settings.settings'));
 
         $this->checkPermission('settings-manage');
         $this->setPageTitle(trans('settings.settings'));
 
@@ -39,6 +50,7 @@ class SettingController extends Controller
      */
     public function update(Request $request, string $category)
     {
      */
     public function update(Request $request, string $category)
     {
+        $this->ensureCategoryExists($category);
         $this->preventAccessInDemoMode();
         $this->checkPermission('settings-manage');
         $this->validate($request, [
         $this->preventAccessInDemoMode();
         $this->checkPermission('settings-manage');
         $this->validate($request, [
@@ -63,7 +75,7 @@ class SettingController extends Controller
         }
 
         // Clear logo image if requested
         }
 
         // Clear logo image if requested
-        if ($category === 'customization' &&  $request->get('app_logo_reset', null)) {
+        if ($category === 'customization' && $request->get('app_logo_reset', null)) {
             $this->imageRepo->destroyByType('system');
             setting()->remove('app-logo');
         }
             $this->imageRepo->destroyByType('system');
             setting()->remove('app-logo');
         }
@@ -71,6 +83,13 @@ class SettingController extends Controller
         $this->logActivity(ActivityType::SETTINGS_UPDATE, $category);
         $this->showSuccessNotification(trans('settings.settings_save_success'));
 
         $this->logActivity(ActivityType::SETTINGS_UPDATE, $category);
         $this->showSuccessNotification(trans('settings.settings_save_success'));
 
-        return redirect("/settings/${category}");
+        return redirect("/settings/{$category}");
+    }
+
+    protected function ensureCategoryExists(string $category): void
+    {
+        if (!in_array($category, $this->settingCategories)) {
+            abort(404);
+        }
     }
 }
     }
 }
The core source code for the BookStack project.