From af36f933b032aefccc87d17431b6e74673b04af5 Mon Sep 17 00:00:00 2001
From: Dennis Koch <info@pixelarbeit.de>
Date: Fri, 13 Sep 2024 10:35:57 +0200
Subject: [PATCH] security: fix CVE-2024-42485 for 1.x

---
 routes/web.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/routes/web.php b/routes/web.php
index 7b46ce1..4a30d36 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -1,10 +1,17 @@
 <?php
 
+use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Facades\Storage;
+
 Route::get('filament-excel/{path}', function (string $path) {
+    $filename = substr($path, 37);
+    $path = Storage::disk('filament-excel')->path($path);
+
     return
         response()
-            ->download(Storage::disk('filament-excel')->path($path), substr($path, 37))
+            ->download($path, $filename)
             ->deleteFileAfterSend();
 })
+    ->middleware(['web', 'signed'])
     ->where('path', '.*')
     ->name('filament-excel-download');