adminbruno
/
docuseal
mirror of https://github.com/docusealco/docuseal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

check signed blob data purpose

Browse Source
pull/220/head^2
Pete Matsyburka 2 years ago
parent 4ad58fc285
commit c81b4d855b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
app/controllers/api/active_storage_blobs_proxy_controller.rb
Unescape View File

@ -10,9 +10,9 @@ module Api
before_action :set_cors_headers
def show
blob_uuid, = ApplicationRecord.signed_id_verifier.verified(params[:signed_uuid])
blob_uuid, purp = ApplicationRecord.signed_id_verifier.verified(params[:signed_uuid])
if blob_uuid.blank?
if blob_uuid.blank? || purp != 'blob'
Rollbar.error('Blob not found') if defined?(Rollbar)
return head :not_found

Write Preview
Loading…
Cancel
Save