czim / file-handling

File Handling Helper
MIT License
14 stars 9 forks source link

[2.3.x] Latest version breaks during `php artisan test` #20

Closed austenc closed 2 months ago

austenc commented 2 months ago

Hello @czim!

We got the latest version today via czim/laravel-paperclip after running composer update. Now we getting the following error when we run artisan test:

Target [Czim\FileHandling\Contracts\Support\UriValidatorInterface] is not instantiable while building [Illuminate\Database\Console\Migrations\FreshCommand, Illuminate\Database\Console\Migrations\MigrateCommand, 0000000000003cf10000000000000000, Czim\FileHandling\Variant\VariantProcessor, 0000000000003cf20000000000000000, Czim\FileHandling\Storage\File\StorableFileFactory]

This points to a somewhat normal paperclip attachment definition in one of our models:

        $this->hasAttachedFile('driving_map', [
            'before' => 'App\Concerns\ConvertHeicFilesToJpegs@convert',
        ]);

image

Not sure why this is happening yet, but wanted to report it since it seems directly related to the security changes. It seems like Laravel is trying to instantiate the interface when running the tests but doesn't know how?

austenc commented 2 months ago

This was a result of using czim/laravel-paperclip version ^4.0. We upgraded to 5.x and we're all set now. Sorry about the false alarm!

czim commented 2 months ago

Not entirely a false alarm. A pretty major security risk with the file-handling package led to a bit of a version shuffle. Normally I wouldn't release it in such a way that breaking changes could result -- but in this case it's actually a benefit, since it increases the likelihood of people migrating away from the risky older versions.

austenc commented 2 months ago

Thank you for the security fix! The bug we encountered exists when trying to use 4.x with the latest file-handling 2.3.x. It's possible others might be affected by this, but the benefit of the changes in paperclip 5.0 and the security fix here is worth the upgrade (which was easy, thank you!)

czim commented 2 months ago

There's now also an update for the 4.x branch, just in case.