security fix: avoid downloading inappropriate files

Author: streamtw

src/Controllers/DownloadController.php

@@ -2,10 +2,18 @@
 
 namespace UniSharp\LaravelFilemanager\Controllers;
 
+use Illuminate\Support\Facades\Storage;
+
 class DownloadController extends LfmController
 {
     public function getDownload()
     {
-        return response()->download($this->lfm->setName(request('file'))->path('absolute'));
+        $file = $this->lfm->setName(request('file'));
+
+        if (!Storage::disk($this->helper->config('disk'))->exists($file->path('storage'))) {
+            abort(404);
+        }
+
+        return response()->download($file->path('absolute'));
     }
 }

src/Controllers/LfmController.php

@@ -84,7 +84,7 @@ public function error($error_type, $variables = [])
     public function applyIniOverrides()
     {
         $overrides = config('lfm.php_ini_overrides', []);
-        
+
         if ($overrides && is_array($overrides) && count($overrides) === 0) {
             return;
         }