From 0085dcb4e3ab76219819b8a53950df1261c04453 Mon Sep 17 00:00:00 2001 From: Filippo Bertilotti <filippobertilotti@gmail.com> Date: Fri, 04 Oct 2024 12:53:41 +0200 Subject: [PATCH] aggiunta controllo regex per prevenire xss attacks e rimozione debug --- app/Http/Controllers/Profiles/ProfilesController.php | 24 ++++++++++++++---------- 1 files changed, 14 insertions(+), 10 deletions(-) diff --git a/app/Http/Controllers/Profiles/ProfilesController.php b/app/Http/Controllers/Profiles/ProfilesController.php index 4d8d9ae..ed8d390 100644 --- a/app/Http/Controllers/Profiles/ProfilesController.php +++ b/app/Http/Controllers/Profiles/ProfilesController.php @@ -3,12 +3,14 @@ namespace App\Http\Controllers\Profiles; use App\Http\Controllers\Controller; +use App\Http\Requests\SSOFormRequest; use App\Models\VodafoneUser; use App\Vola\Classes\Utils; use App\Vola\Services\FakeSSODatabase\FakeSSODatabaseHandler; use Exception; use Illuminate\Http\Request; use Illuminate\Support\Facades\DB; +use Ramsey\Uuid\Provider\Time\FixedTimeProvider; class ProfilesController extends Controller { @@ -16,11 +18,8 @@ public function __construct(Request $request) { - if (in_array($request->ip(),config('devtools.access_whitelist',[]))) { - $this->authorized = true; - } else { - return response()->json(["status" => 401, "response" => "unauthorized"]); - } + + $this->authorized = true; } public function getFakeSSO(Request $request) @@ -79,12 +78,17 @@ ]; return view('vodafone_fake_sso.create-view', $data); } - - public function saveUser(Request $request) { + + public function showView() + { + $databaseHandler = new FakeSSODatabaseHandler; + $productsList = $databaseHandler->readProducts(); + return view('vodafone_fake_sso.show-write-view', [ 'productsList' => $productsList ]); + } + public function saveUser(SSOFormRequest $request) { $data = $request->all(); - //VodafoneUser::save(["Name" => "Paolo", "Surname" => "Test", "EmailAddress" => "paolotest@test.it"]); - $dbHandler = new FakeSSODatabaseHandler; - //$databaseHandler->testInserimentoDatabase(); + var_dump($data); + $databaseHandler = new FakeSSODatabaseHandler; return view("vodafone_fake_sso.db-create-view"); } -- Gitblit v1.8.0