From d3b42ccc00d55536d17cf39ea2503c6f3dc884f6 Mon Sep 17 00:00:00 2001
From: Philippe Lonchampt <philippelonchampt@gmail.com>
Date: Wed, 28 Oct 2015 11:31:53 +0100
Subject: [PATCH] Fix download to authorize absolute paths

---
 src/Dvlpp/Sharp/Http/UploadController.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/Dvlpp/Sharp/Http/UploadController.php b/src/Dvlpp/Sharp/Http/UploadController.php
index e343f11..85c47c8 100644
--- a/src/Dvlpp/Sharp/Http/UploadController.php
+++ b/src/Dvlpp/Sharp/Http/UploadController.php
@@ -40,11 +40,13 @@ public function download($fileShortPath)
             $path = $fileShortPath;
         }
 
-        $fullpath = config("sharp.upload_storage_base_path") . "/" . $path;
+        if(!starts_with($path, "/")) {
+            $path = config("sharp.upload_storage_base_path") . "/" . $path;
+        }
 
         return (new Response(
-            Storage::disk($disk)->get($fullpath), 200
-        ))->header('Content-Type', Storage::disk($disk)->mimeType($fullpath))
+            Storage::disk($disk)->get($path), 200
+        ))->header('Content-Type', Storage::disk($disk)->mimeType($path))
             ->header("Content-Disposition", "attachment");
     }