From 0085dcb4e3ab76219819b8a53950df1261c04453 Mon Sep 17 00:00:00 2001 From: Filippo Bertilotti <filippobertilotti@gmail.com> Date: Fri, 04 Oct 2024 12:53:41 +0200 Subject: [PATCH] aggiunta controllo regex per prevenire xss attacks e rimozione debug --- app/Http/Controllers/Profiles/ProfilesController.php | 29 +++++++++++++++++++++++------ 1 files changed, 23 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/Profiles/ProfilesController.php b/app/Http/Controllers/Profiles/ProfilesController.php index 4a87420..ed8d390 100644 --- a/app/Http/Controllers/Profiles/ProfilesController.php +++ b/app/Http/Controllers/Profiles/ProfilesController.php @@ -3,8 +3,14 @@ namespace App\Http\Controllers\Profiles; use App\Http\Controllers\Controller; +use App\Http\Requests\SSOFormRequest; +use App\Models\VodafoneUser; use App\Vola\Classes\Utils; +use App\Vola\Services\FakeSSODatabase\FakeSSODatabaseHandler; +use Exception; use Illuminate\Http\Request; +use Illuminate\Support\Facades\DB; +use Ramsey\Uuid\Provider\Time\FixedTimeProvider; class ProfilesController extends Controller { @@ -12,11 +18,8 @@ public function __construct(Request $request) { - if (in_array($request->ip(),config('devtools.access_whitelist',[]))) { - $this->authorized = true; - } else { - return response()->json(["status" => 401, "response" => "unauthorized"]); - } + + $this->authorized = true; } public function getFakeSSO(Request $request) @@ -73,6 +76,20 @@ "sso_getInfoActivationWSC" => \Arr::first($defaultXML["sso"]["getInfoActivationWSC"]["parametri"]["boID"]), "picasso_getWebcustomerInformation" => \Arr::first($defaultXML["picasso"]["getWebcustomerInformation"]["parametri"]["k"]), ]; - return view('vodafone_fake_sso.create-view', $data); + return view('vodafone_fake_sso.create-view', $data); } + + public function showView() + { + $databaseHandler = new FakeSSODatabaseHandler; + $productsList = $databaseHandler->readProducts(); + return view('vodafone_fake_sso.show-write-view', [ 'productsList' => $productsList ]); + } + public function saveUser(SSOFormRequest $request) { + $data = $request->all(); + var_dump($data); + $databaseHandler = new FakeSSODatabaseHandler; + return view("vodafone_fake_sso.db-create-view"); + } + } -- Gitblit v1.8.0