From 6ec82b82a48c058bdc2a32168c0b53a17d649353 Mon Sep 17 00:00:00 2001 From: Gunnstein Lye <289744+glye@users.noreply.github.com> Date: Mon, 6 Mar 2023 16:02:29 +0100 Subject: [PATCH] IBX-5236: Added version parameter validation in DownloadController --- .../Symfony/Controller/Content/DownloadController.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/eZ/Publish/Core/MVC/Symfony/Controller/Content/DownloadController.php b/eZ/Publish/Core/MVC/Symfony/Controller/Content/DownloadController.php index 35221c0b04a..f1417d1c07e 100644 --- a/eZ/Publish/Core/MVC/Symfony/Controller/Content/DownloadController.php +++ b/eZ/Publish/Core/MVC/Symfony/Controller/Content/DownloadController.php @@ -42,12 +42,19 @@ public function __construct(ContentService $contentService, IOService $ioService * @param \Symfony\Component\HttpFoundation\Request $request * * @return \eZ\Bundle\EzPublishIOBundle\BinaryStreamResponse - * @return \eZ\Publish\API\Repository\Exceptions\NotFoundException + * + * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException + * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException + * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException */ public function downloadBinaryFileAction($contentId, $fieldIdentifier, $filename, Request $request) { if ($request->query->has('version')) { - $content = $this->contentService->loadContent($contentId, null, $request->query->get('version')); + $version = (int) $request->query->get('version'); + if ($version <= 0) { + throw new NotFoundException('File', $filename); + } + $content = $this->contentService->loadContent($contentId, null, $version); } else { $content = $this->contentService->loadContent($contentId); }