security fix

rap2hpoutre · Mar 7, 2018 · cda89c0 · cda89c0
1 parent 2d62e30
commit cda89c0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/src/controllers/LogViewerController.php b/src/controllers/LogViewerController.php
@@ -20,13 +20,13 @@ public function index()
     {
 
         if ($this->request->input('l')) {
-            LaravelLogViewer::setFile(base64_decode($this->request->input('l')));
+            LaravelLogViewer::setFile(\Crypt::decrypt($this->request->input('l')));
         }
 
         if ($this->request->input('dl')) {
-            return $this->download(LaravelLogViewer::pathToLogFile(base64_decode($this->request->input('dl'))));
+            return $this->download(LaravelLogViewer::pathToLogFile(\Crypt::decrypt($this->request->input('dl'))));
         } elseif ($this->request->has('del')) {
-            app('files')->delete(LaravelLogViewer::pathToLogFile(base64_decode($this->request->input('del'))));
+            app('files')->delete(LaravelLogViewer::pathToLogFile(\Crypt::decrypt($this->request->input('del'))));
             return $this->redirect($this->request->url());
         } elseif ($this->request->has('delall')) {
             foreach(LaravelLogViewer::getFiles(true) as $file){

diff --git a/src/views/log.blade.php b/src/views/log.blade.php
@@ -71,7 +71,7 @@
       <p class="text-muted"><i>by Rap2h</i></p>
       <div class="list-group">
         @foreach($files as $file)
-          <a href="?l={{ base64_encode($file) }}"
+          <a href="?l={{ \Crypt::encrypt($file) }}"
              class="list-group-item @if ($current_file == $file) llv-active @endif">
             {{$file}}
           </a>
@@ -120,10 +120,10 @@ class="fa fa-search"></span></button>@endif
       @endif
       <div class="p-3">
         @if($current_file)
-          <a href="?dl={{ base64_encode($current_file) }}"><span class="fa fa-download"></span>
+          <a href="?dl={{ \Crypt::encrypt($current_file) }}"><span class="fa fa-download"></span>
             Download file</a>
           -
-          <a id="delete-log" href="?del={{ base64_encode($current_file) }}"><span
+          <a id="delete-log" href="?del={{ \Crypt::encrypt($current_file) }}"><span
                 class="fa fa-trash"></span> Delete file</a>
           @if(count($files) > 1)
             -