Add CSRF check to the Delete all files link in Manage App Logs

composer.json

@@ -297,6 +297,7 @@
             "vendor/laravel/framework/src/Illuminate/Routing/Router.php",
             "vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php",
             "vendor/rap2hpoutre/laravel-log-viewer/src/Rap2hpoutre/LaravelLogViewer/LaravelLogViewer.php",
+            "vendor/rap2hpoutre/laravel-log-viewer/src/controllers/LogViewerController.php",
             "vendor/symfony/console/Descriptor/TextDescriptor.php",
             "vendor/symfony/console/Helper/Helper.php",
             "vendor/symfony/finder/Iterator/SortableIterator.php",

overrides/rap2hpoutre/laravel-log-viewer/src/Rap2hpoutre/LaravelLogViewer/LogViewerController.php

@@ -0,0 +1,155 @@
+<?php
+
+namespace Rap2hpoutre\LaravelLogViewer;
+
+use Illuminate\Support\Facades\Crypt;
+
+if (class_exists("\\Illuminate\\Routing\\Controller")) {	
+    class BaseController extends \Illuminate\Routing\Controller {}	
+} elseif (class_exists("Laravel\\Lumen\\Routing\\Controller")) {	
+    class BaseController extends \Laravel\Lumen\Routing\Controller {}	
+}
+
+/**
+ * Class LogViewerController
+ * @package Rap2hpoutre\LaravelLogViewer
+ */
+class LogViewerController extends BaseController
+{
+    /**
+     * @var \Illuminate\Http\Request
+     */
+    protected $request;
+
+    /**
+     * @var LaravelLogViewer
+     */
+    private $log_viewer;
+
+    /**
+     * @var string
+     */
+    protected $view_log = 'laravel-log-viewer::log';
+
+    /**
+     * LogViewerController constructor.
+     */
+    public function __construct()
+    {
+        $this->log_viewer = new LaravelLogViewer();
+        $this->request = app('request');
+    }
+
+    /**
+     * @return array|mixed
+     * @throws \Exception
+     */
+    public function index()
+    {
+        $folderFiles = [];
+        if ($this->request->input('f')) {
+            $this->log_viewer->setFolder(Crypt::decrypt($this->request->input('f')));
+            $folderFiles = $this->log_viewer->getFolderFiles(true);
+        }
+        if ($this->request->input('l')) {
+            $this->log_viewer->setFile(Crypt::decrypt($this->request->input('l')));
+        }
+
+        if ($early_return = $this->earlyReturn()) {
+            return $early_return;
+        }
+
+        $data = [
+            'logs' => $this->log_viewer->all(),
+            'folders' => $this->log_viewer->getFolders(),
+            'current_folder' => $this->log_viewer->getFolderName(),
+            'folder_files' => $folderFiles,
+            'files' => $this->log_viewer->getFiles(true),
+            'current_file' => $this->log_viewer->getFileName(),
+            'standardFormat' => true,
+            'structure' => $this->log_viewer->foldersAndFiles(),
+            'storage_path' => $this->log_viewer->getStoragePath(),
+
+        ];
+
+        if ($this->request->wantsJson()) {
+            return $data;
+        }
+
+        if (is_array($data['logs']) && count($data['logs']) > 0) {
+            $firstLog = reset($data['logs']);
+            if (!$firstLog['context'] && !$firstLog['level']) {
+                $data['standardFormat'] = false;
+            }
+        }
+
+        return app('view')->make($this->view_log, $data);
+    }
+
+    /**
+     * @return bool|mixed
+     * @throws \Exception
+     */
+    private function earlyReturn()
+    {
+        if ($this->request->input('f')) {
+            $this->log_viewer->setFolder(Crypt::decrypt($this->request->input('f')));
+        }
+
+        if ($this->request->input('dl')) {
+            return $this->download($this->pathFromInput('dl'));
+        } elseif ($this->request->has('clean')) {
+            app('files')->put($this->pathFromInput('clean'), '');
+            return $this->redirect(url()->previous());
+        } elseif ($this->request->has('del')) {
+            app('files')->delete($this->pathFromInput('del'));
+            return $this->redirect($this->request->url());
+        } elseif ($this->request->has('delall') && \Session::token() == $this->request->get('_token')) {
+            $files = ($this->log_viewer->getFolderName())
+                        ? $this->log_viewer->getFolderFiles(true)
+                        : $this->log_viewer->getFiles(true);
+            foreach ($files as $file) {
+                app('files')->delete($this->log_viewer->pathToLogFile($file));
+            }
+            return $this->redirect($this->request->url());
+        }
+        return false;
+    }
+
+    /**
+     * @param string $input_string
+     * @return string
+     * @throws \Exception
+     */
+    private function pathFromInput($input_string)
+    {
+        return $this->log_viewer->pathToLogFile(Crypt::decrypt($this->request->input($input_string)));
+    }
+
+    /**
+     * @param $to
+     * @return mixed
+     */
+    private function redirect($to)
+    {
+        if (function_exists('redirect')) {
+            return redirect($to);
+        }
+
+        return app('redirect')->to($to);
+    }
+
+    /**
+     * @param string $data
+     * @return mixed
+     */
+    private function download($data)
+    {
+        if (function_exists('response')) {
+            return response()->download($data);
+        }
+
+        // For laravel 4.2
+        return app('\Illuminate\Support\Facades\Response')->download($data);
+    }
+}

resources/views/vendor/laravel-log-viewer/log.blade.php

@@ -181,7 +181,7 @@ class="float-right expand btn btn-outline-dark btn-sm mb-2 ml-2"
             </a>
             @if(count($files) > 1)
               -
-              <a id="delete-all-log" href="?delall=true{{ ($current_folder) ? '&f=' . \Illuminate\Support\Facades\Crypt::encrypt($current_folder) : '' }}">
+              <a id="delete-all-log" href="?delall=true&amp;_token={{ csrf_token() }} {{ ($current_folder) ? '&f=' . \Illuminate\Support\Facades\Crypt::encrypt($current_folder) : '' }}">
                 <span class="fa fa-trash-alt"></span> Delete all files
               </a>
             @endif