From 0085dcb4e3ab76219819b8a53950df1261c04453 Mon Sep 17 00:00:00 2001
From: Filippo Bertilotti <filippobertilotti@gmail.com>
Date: Fri, 04 Oct 2024 12:53:41 +0200
Subject: [PATCH] aggiunta controllo regex per prevenire xss attacks e rimozione debug

---
 app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php |    9 ---------
 app/Http/Requests/SSOFormRequest.php                         |    9 +++++----
 app/Http/Controllers/Profiles/ProfilesController.php         |    7 +------
 3 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/app/Http/Controllers/Profiles/ProfilesController.php b/app/Http/Controllers/Profiles/ProfilesController.php
index 1be7e2b..ed8d390 100644
--- a/app/Http/Controllers/Profiles/ProfilesController.php
+++ b/app/Http/Controllers/Profiles/ProfilesController.php
@@ -87,13 +87,8 @@
     }
     public function saveUser(SSOFormRequest $request) {
         $data = $request->all();
-        //print_r($data);
+        var_dump($data);
         $databaseHandler = new FakeSSODatabaseHandler;
-        $databaseHandler->insertDataIntoTables($data);
-        //$databaseHandler->testMultiSelect($data);
-
-
-
         return view("vodafone_fake_sso.db-create-view");
     }
 
diff --git a/app/Http/Requests/SSOFormRequest.php b/app/Http/Requests/SSOFormRequest.php
index 2127691..68bd4ce 100644
--- a/app/Http/Requests/SSOFormRequest.php
+++ b/app/Http/Requests/SSOFormRequest.php
@@ -3,6 +3,7 @@
 namespace App\Http\Requests;
 
 use Illuminate\Foundation\Http\FormRequest;
+use Mews\Purifier\Purifier;
 
 class SSOFormRequest extends FormRequest
 {
@@ -24,10 +25,10 @@
     public function rules()
     {
         return [
-            'EmailAddress' => 'required|email',
-            'Name' => 'required',
-            'Surname' => 'required',
-            'sim_1' => 'digits_between:10,10'
+            'EmailAddress' => 'required|email|not_regex:/<[^>]+?>/',
+            'Name' => 'required|not_regex:/<[^>]+?>/',
+            'Surname' => 'required|not_regex:/<[^>]+?>/',
+            'sim_1' => 'digits_between:10,10|not_regex:/<[^>]+?>/'
         ];
     }
 }
diff --git a/app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php b/app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php
index 7a18b6c..e26def4 100644
--- a/app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php
+++ b/app/Vola/Services/FakeSSODatabase/FakeSSODatabaseHandler.php
@@ -21,11 +21,8 @@
                                            'IdPiano' => $data['IdPiano'],
                                            'LinkedUser' => $userModel->id]);
 
-            print_r($data["products_select"]);
-
             foreach ($data["products_select"] as $index => $value) {
                 $product = Products::find($value);
-                echo "iproduct: $product->id, id msisdn: $msisdnModel->id ";
                 $product->msisdn()->attach($msisdnModel->id);
             }
 
@@ -39,11 +36,5 @@
     public function readProducts(): array {
         $productsList = Products::select("Name", "id")->get()?->toArray();
         return $productsList;
-    }
-
-    public function testMultiSelect(array $data) {
-        var_dump($data["products_select"]);
-        print_r($data["products_select"][0]);
-        print_r($data["products_select"][1]);
     }
 }

--
Gitblit v1.8.0