IBX-11681: Added filename validation in DownloadController and corresponding tests#756
Open
wiewiurdp wants to merge 2 commits into
Open
Conversation
wiewiurdp
force-pushed
the
IBX-11681-Possibility-to-download-all-files-using-a-loop-which-may-cause-DDoS
branch
from
aa0bf1c to
1ba641c
Compare
wiewiurdp
force-pushed
the
IBX-11681-Possibility-to-download-all-files-using-a-loop-which-may-cause-DDoS
branch
from
1ba641c to
93d53c1
Compare
ibexa-workflow-automation-1
Bot
requested review from
Steveb-p,
ViniTou,
alongosz,
barw4,
bnowak,
ciastektk,
konradoboza,
mikadamczyk and
tbialcz
and removed request for
a team
mikadamczyk
reviewed
May 28, 2026
Contributor
mikadamczyk
left a comment
mikadamczyk
left a comment
There was a problem hiding this comment.
Could we add an integration test for URL-encoded filenames here? Since the new check uses strict equality $field->value->fileName !== $filename, any encoding or decoding differences in the real request flow may cause valid downloads to be rejected as NotFound. Especially for spaces or special characters.
konradoboza
reviewed
May 29, 2026
Contributor
konradoboza
left a comment
konradoboza
left a comment
There was a problem hiding this comment.
Looks good but I think providing the test case that Mikołaj has mentioned makes sense.
wiewiurdp
force-pushed
the
IBX-11681-Possibility-to-download-all-files-using-a-loop-which-may-cause-DDoS
branch
3 times, most recently
from
6b76513 to
be18b9b
Compare
wiewiurdp
force-pushed
the
IBX-11681-Possibility-to-download-all-files-using-a-loop-which-may-cause-DDoS
branch
from
be18b9b to
51d7f2c
Compare
|
konradoboza
reviewed
Jun 1, 2026
| private const FILENAME = 'Q1 report #1 + 100%.jpg'; | ||
|
|
||
| /** @var \Ibexa\Contracts\Core\Repository\ContentService&\PHPUnit\Framework\MockObject\MockObject */ | ||
| private $contentService; |
Contributor
There was a problem hiding this comment.
Please adjust all the similar:
Suggested change
| private $contentService; | |
| private ContentService $contentService; |
| ]); | ||
|
|
||
| $this->contentService | ||
| ->expects($this->once()) |
Contributor
There was a problem hiding this comment.
All occurrences should be fixed:
Suggested change
| ->expects($this->once()) | |
| ->expects(self::once()) |
| $controllerResolver = self::getContainer()->get('controller_resolver'); | ||
| self::assertInstanceOf(ControllerResolverInterface::class, $controllerResolver); | ||
|
|
||
| return new HttpKernel($dispatcher, $controllerResolver, $requestStack, new ArgumentResolver()); |
Contributor
There was a problem hiding this comment.
Newlines for arguments.
| final class DownloadControllerTest extends TestCase | ||
| { | ||
| /** @var \Ibexa\Contracts\Core\Repository\ContentService&\PHPUnit\Framework\MockObject\MockObject */ | ||
| private $contentService; |
Contributor
There was a problem hiding this comment.
Again, the same remark:
Suggested change
| private $contentService; | |
| private ContentService $contentService; |
| ]); | ||
|
|
||
| $this->contentService | ||
| ->expects($this->once()) |
Contributor
There was a problem hiding this comment.
Suggested change
| ->expects($this->once()) | |
| ->expects(self::once()) |
|
|
||
| public function testDownloadBinaryFileActionReturnsNotFoundWhenFilenameDoesNotMatch(): void | ||
| { | ||
| $this->expectException(NotFoundException::class); |
Contributor
There was a problem hiding this comment.
This should be moved to just before triggering the actual function that throws an exception.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Added filename validation to the content download endpoint for binary files.
Previously,
/content/download/{contentId}/{fieldIdentifier}/{filename}accepted anyfilenamevalue from the URL and still returned the file as long ascontentIdandfieldIdentifiermatched an accessible field. This made it possible to enumerate downloadable files more easily by guessing content identifiers and reusing common field identifiers such asfile.This change makes the download controller verify that the
filenameprovided in the URL matches the actual file name stored in the field value. If it does not match, the controller now returnsNotFoundExceptionbefore loading the binary file from storage.