PDF-Generator für Eventschluss; CSRF-Protection
This commit is contained in:
@@ -10,8 +10,7 @@ use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Carbon;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Log;
|
||||
use Nette\Utils\Random;
|
||||
use Dompdf\Dompdf;
|
||||
|
||||
class PreApplicationController extends Controller
|
||||
{
|
||||
@@ -159,4 +158,38 @@ class PreApplicationController extends Controller
|
||||
}
|
||||
abort(404);
|
||||
}
|
||||
|
||||
public function generatePDF(Request $request){
|
||||
if(Auth::check()){
|
||||
if(!$request->has('event_id')){
|
||||
return ["messageStatus" => "failure", "errorMessage" => __("controller_messages.PreApplicationController.event_id_missing")];
|
||||
}
|
||||
|
||||
$event = ChaosEvents::find($request->input('event_id'));
|
||||
|
||||
if(!$event){
|
||||
return ["messageStatus" => "failure", "errorMessage" => __("controller_messages.PreApplicationController.event_not_found")];
|
||||
}
|
||||
if($event->active == 0 || $event->to_date_internal < today()){
|
||||
return ["messageStatus" => "failure", "errorMessage" => __("controller_messages.PreApplicationController.event_not_active")];
|
||||
}
|
||||
|
||||
|
||||
$options = new \Dompdf\Options();
|
||||
$options->set('isRemoteEnabled', true);
|
||||
$options->set('isHtml5ParserEnabled', true);
|
||||
$options->set('chroot', public_path());
|
||||
$dompdf = new Dompdf($options);
|
||||
$dompdf->setPaper('A4', 'portrait');
|
||||
|
||||
$applications = PreApplications::where('event_id', $request->input('event_id'))->get();
|
||||
$dompdf->loadHtml(view('pdf.pre_application', ['applications' => $applications, 'event' => $event]));
|
||||
|
||||
$dompdf->render();
|
||||
|
||||
$dompdf->stream('Voranträge_' . $event->shortname . '_' . $event->from_date_visible->format('Y') . '.pdf', ['Attachment' => 0]);
|
||||
exit;
|
||||
}
|
||||
abort(404);
|
||||
}
|
||||
}
|
||||
|
||||
38
app/Http/Middleware/ForceCsrfOnLocalhost.php
Normal file
38
app/Http/Middleware/ForceCsrfOnLocalhost.php
Normal file
@@ -0,0 +1,38 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Illuminate\Foundation\Http\Middleware\PreventRequestForgery as Middleware;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class ForceCsrfOnLocalhost extends Middleware
|
||||
{
|
||||
/**
|
||||
* Determine if the request has a valid origin based on the Sec-Fetch-Site header.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return bool
|
||||
*/
|
||||
protected function hasValidOrigin($request)
|
||||
{
|
||||
// If it's localhost, we want to skip origin verification and fall back to token verification
|
||||
if ($this->isLocalhost($request)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return parent::hasValidOrigin($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if the request is from localhost.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return bool
|
||||
*/
|
||||
protected function isLocalhost($request)
|
||||
{
|
||||
$host = $request->getHost();
|
||||
|
||||
return in_array($host, ['localhost', '127.0.0.1', '::1']) || str_ends_with($host, '.localhost');
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user