From 15dc3a503108fb221d75c47f049d909128397528 Mon Sep 17 00:00:00 2001
From: TBK <tbk@jjtc.eu>
Date: Sun, 16 Feb 2020 15:08:50 +0100
Subject: [PATCH] Fix for settings & user controllers forms being able to have
 nullable input

---
 app/Dockerfile         |  2 +-
 docker-compose.yml     |  2 +-
 validation_fixes.patch | 96 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 98 insertions(+), 2 deletions(-)
 create mode 100644 validation_fixes.patch

diff --git a/app/Dockerfile b/app/Dockerfile
index c10e7fc..c3ecaf0 100644
--- a/app/Dockerfile
+++ b/app/Dockerfile
@@ -67,7 +67,7 @@ RUN set -ex \
   && tar --strip-components=1 -xzf BookStack-${BOOKSTACK_VERSION}.tar.gz \
   && rm -rf ${BOOKSTACK}-${BOOKSTACK_VERSION}.tar.gz .env.example .gitattributes .github .gitignore .travis.yml tests/ public/index.php \
   && ln -s init.php bootstrap/autoload.php \
-  && curl -LJO https://gist.githubusercontent.com/TBK/6abf876e9559cf2477ad0d16bbf648db/raw/c9806280ac859c069d4df640e53b6d3346871637/validator_and_shelf_cover_fix.patch \
+  && curl -LJO https://gist.githubusercontent.com/TBK/6abf876e9559cf2477ad0d16bbf648db/raw/ba66290094f7362203949b608749cefbc96652c7/validator_and_shelf_cover_fix.patch \
   && patch -p1 < validator_and_shelf_cover_fix.patch \
   && rm validator_and_shelf_cover_fix.patch \
   && echo "Get Dependencies:" \
diff --git a/docker-compose.yml b/docker-compose.yml
index e4269f8..a3ec1d1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -25,7 +25,7 @@ services:
       - backend
 
   app:
-    image: jjtc/bookstack-ppm:0.28.2-r1
+    image: jjtc/bookstack-ppm:0.28.2-r2
     build: ./app/
     restart: unless-stopped
     depends_on:
diff --git a/validation_fixes.patch b/validation_fixes.patch
new file mode 100644
index 0000000..36b2ec7
--- /dev/null
+++ b/validation_fixes.patch
@@ -0,0 +1,96 @@
+--- a/app/Http/Controllers/AttachmentController.php
++++ b/app/Http/Controllers/AttachmentController.php
+@@ -37,7 +37,7 @@ class AttachmentController extends Controller
+     {
+         $this->validate($request, [
+             'uploaded_to' => 'required|integer|exists:pages,id',
+-            'file' => 'required|file'
++            'file' => 'required'
+         ]);
+ 
+         $pageId = $request->get('uploaded_to');
+@@ -66,7 +66,7 @@ class AttachmentController extends Controller
+     {
+         $this->validate($request, [
+             'uploaded_to' => 'required|integer|exists:pages,id',
+-            'file' => 'required|file'
++            'file' => 'required'
+         ]);
+ 
+         $pageId = $request->get('uploaded_to');
+
+--- a/app/Http/Controllers/BookshelfController.php
++++ b/app/Http/Controllers/BookshelfController.php
+@@ -146,7 +146,7 @@ class BookshelfController extends Controller
+         $this->validate($request, [
+             'name' => 'required|string|max:255',
+             'description' => 'string|max:1000',
+-            'image' => $this->imageRepo->getImageValidationRules(),
++            'image' => $this->getImageValidationRules(),
+         ]);
+ 
+ 
+--- a/app/Http/Controllers/Controller.php
++++ b/app/Http/Controllers/Controller.php
+@@ -195,6 +195,6 @@ abstract class Controller extends BaseController
+      */
+     protected function getImageValidationRules(): string
+     {
+-        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,bmp,webp,tiff';
++        return 'nullable|image_extension|no_double_extension';
+     }
+ }
+
+--- a/app/Http/Controllers/SettingController.php
++++ b/app/Http/Controllers/SettingController.php
+@@ -44,7 +44,7 @@ class SettingController extends Controller
+         $this->preventAccessInDemoMode();
+         $this->checkPermission('settings-manage');
+         $this->validate($request, [
+-            'app_logo' => $this->imageRepo->getImageValidationRules(),
++            'app_logo' => $this->getImageValidationRules(),
+         ]);
+ 
+         // Cycles through posted settings and update them
+@@ -57,7 +57,7 @@ class SettingController extends Controller
+         }
+ 
+         // Update logo image if set
+-        if ($request->has('app_logo')) {
++        if ($request->has('app_logo') && !$request->has('app_logo_reset') && !$request->has('setting-app-logo')) {
+             $logoFile = $request->file('app_logo');
+             $this->imageRepo->destroyByType('system');
+             $image = $this->imageRepo->saveNew($logoFile, 'system', 0, null, 86);
+
+--- a/app/Http/Controllers/UserController.php
++++ b/app/Http/Controllers/UserController.php
+@@ -155,7 +155,7 @@ class UserController extends Controller
+             'password'         => 'min:6|required_with:password_confirm',
+             'password-confirm' => 'same:password|required_with:password',
+             'setting'          => 'array',
+-            'profile_image'    => $this->imageRepo->getImageValidationRules(),
++            'profile_image'    => $this->getImageValidationRules(),
+         ]);
+ 
+         $user = $this->userRepo->getById($id);
+@@ -191,7 +191,7 @@ class UserController extends Controller
+         }
+ 
+         // Save profile image if in request
+-        if ($request->has('profile_image')) {
++        if ($request->has('profile_image') && !$request->has('profile_image_reset')) {
+             $imageUpload = $request->file('profile_image');
+             $this->imageRepo->destroyImage($user->avatar);
+             $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
+
+--- a/app/Uploads/ImageRepo.php
++++ b/app/Uploads/ImageRepo.php
+@@ -225,6 +225,6 @@ class ImageRepo
+      */
+     public function getImageValidationRules(): string
+     {
+-        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,bmp,webp,tiff';
++        return 'image_extension|no_double_extension';
+     }
+ }
+