From 0085dcb4e3ab76219819b8a53950df1261c04453 Mon Sep 17 00:00:00 2001
From: Filippo Bertilotti <filippobertilotti@gmail.com>
Date: Fri, 04 Oct 2024 12:53:41 +0200
Subject: [PATCH] aggiunta controllo regex per prevenire xss attacks e rimozione debug

---
 app/Http/Controllers/Profiles/ProfilesController.php |   28 ++++++++++++++++++++--------
 1 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/Profiles/ProfilesController.php b/app/Http/Controllers/Profiles/ProfilesController.php
index fe706ad..ed8d390 100644
--- a/app/Http/Controllers/Profiles/ProfilesController.php
+++ b/app/Http/Controllers/Profiles/ProfilesController.php
@@ -3,8 +3,14 @@
 namespace App\Http\Controllers\Profiles;
 
 use App\Http\Controllers\Controller;
+use App\Http\Requests\SSOFormRequest;
+use App\Models\VodafoneUser;
 use App\Vola\Classes\Utils;
+use App\Vola\Services\FakeSSODatabase\FakeSSODatabaseHandler;
+use Exception;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use Ramsey\Uuid\Provider\Time\FixedTimeProvider;
 
 class ProfilesController extends Controller
 {
@@ -12,11 +18,8 @@
 
     public function __construct(Request $request)
     {
-        if (in_array($request->ip(),config('devtools.access_whitelist',[]))) {
-            $this->authorized = true;
-        } else {
-            return response()->json(["status" => 401, "response" => "unauthorized"]);
-        }
+
+        $this->authorized = true;
     }
 
     public function getFakeSSO(Request $request)
@@ -73,11 +76,20 @@
             "sso_getInfoActivationWSC" => \Arr::first($defaultXML["sso"]["getInfoActivationWSC"]["parametri"]["boID"]),
             "picasso_getWebcustomerInformation" => \Arr::first($defaultXML["picasso"]["getWebcustomerInformation"]["parametri"]["k"]),
         ];
-        return view('vodafone_fake_sso.create-view', $data);
+         return view('vodafone_fake_sso.create-view', $data);
     }
 
-    public function saveUser() {
-        
+    public function showView()
+    {
+        $databaseHandler = new FakeSSODatabaseHandler;
+        $productsList = $databaseHandler->readProducts();
+        return view('vodafone_fake_sso.show-write-view', [ 'productsList' => $productsList ]);
+    }
+    public function saveUser(SSOFormRequest $request) {
+        $data = $request->all();
+        var_dump($data);
+        $databaseHandler = new FakeSSODatabaseHandler;
         return view("vodafone_fake_sso.db-create-view");
     }
+
 }

--
Gitblit v1.8.0