From 0085dcb4e3ab76219819b8a53950df1261c04453 Mon Sep 17 00:00:00 2001 From: Filippo Bertilotti <filippobertilotti@gmail.com> Date: Fri, 04 Oct 2024 12:53:41 +0200 Subject: [PATCH] aggiunta controllo regex per prevenire xss attacks e rimozione debug --- app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php | 9 --------- app/Http/Requests/SSOFormRequest.php | 9 +++++---- app/Http/Controllers/Profiles/ProfilesController.php | 7 +------ 3 files changed, 6 insertions(+), 19 deletions(-) diff --git a/app/Http/Controllers/Profiles/ProfilesController.php b/app/Http/Controllers/Profiles/ProfilesController.php index 1be7e2b..ed8d390 100644 --- a/app/Http/Controllers/Profiles/ProfilesController.php +++ b/app/Http/Controllers/Profiles/ProfilesController.php @@ -87,13 +87,8 @@ } public function saveUser(SSOFormRequest $request) { $data = $request->all(); - //print_r($data); + var_dump($data); $databaseHandler = new FakeSSODatabaseHandler; - $databaseHandler->insertDataIntoTables($data); - //$databaseHandler->testMultiSelect($data); - - - return view("vodafone_fake_sso.db-create-view"); } diff --git a/app/Http/Requests/SSOFormRequest.php b/app/Http/Requests/SSOFormRequest.php index 2127691..68bd4ce 100644 --- a/app/Http/Requests/SSOFormRequest.php +++ b/app/Http/Requests/SSOFormRequest.php @@ -3,6 +3,7 @@ namespace App\Http\Requests; use Illuminate\Foundation\Http\FormRequest; +use Mews\Purifier\Purifier; class SSOFormRequest extends FormRequest { @@ -24,10 +25,10 @@ public function rules() { return [ - 'EmailAddress' => 'required|email', - 'Name' => 'required', - 'Surname' => 'required', - 'sim_1' => 'digits_between:10,10' + 'EmailAddress' => 'required|email|not_regex:/<[^>]+?>/', + 'Name' => 'required|not_regex:/<[^>]+?>/', + 'Surname' => 'required|not_regex:/<[^>]+?>/', + 'sim_1' => 'digits_between:10,10|not_regex:/<[^>]+?>/' ]; } } diff --git a/app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php b/app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php index 7a18b6c..e26def4 100644 --- a/app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php +++ b/app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php @@ -21,11 +21,8 @@ 'IdPiano' => $data['IdPiano'], 'LinkedUser' => $userModel->id]); - print_r($data["products_select"]); - foreach ($data["products_select"] as $index => $value) { $product = Products::find($value); - echo "iproduct: $product->id, id msisdn: $msisdnModel->id "; $product->msisdn()->attach($msisdnModel->id); } @@ -39,11 +36,5 @@ public function readProducts(): array { $productsList = Products::select("Name", "id")->get()?->toArray(); return $productsList; - } - - public function testMultiSelect(array $data) { - var_dump($data["products_select"]); - print_r($data["products_select"][0]); - print_r($data["products_select"][1]); } } -- Gitblit v1.8.0