From c2fd5c3eaac7b9d8464f57a4a60b248b7d779b0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Denis=20Duli=C3=A7i?= <denisdulici@gmail.com>
Date: Sun, 18 Jul 2021 17:12:37 +0300
Subject: [PATCH] disabled sqli middleware

---
 app/Http/Requests/Common/Contact.php    | 8 +++++++-
 app/Http/Requests/Document/Document.php | 2 +-
 app/Http/Requests/Portal/Profile.php    | 4 ++--
 app/Http/Requests/Setting/Currency.php  | 2 +-
 app/Http/Requests/Setting/Tax.php       | 2 +-
 config/firewall.php                     | 2 +-
 6 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/app/Http/Requests/Common/Contact.php b/app/Http/Requests/Common/Contact.php
index b7e826ca1..b849d0ac6 100644
--- a/app/Http/Requests/Common/Contact.php
+++ b/app/Http/Requests/Common/Contact.php
@@ -18,7 +18,13 @@ class Contact extends FormRequest
         $logo = 'nullable';
 
         $type = $this->request->get('type', 'customer');
-        $company_id = $this->request->get('company_id');
+
+        // @todo must put contact types under a specific array, see category
+        if (empty(config('type.' . $type))) {
+            $type = null;
+        }
+
+        $company_id = (int) $this->request->get('company_id');
 
         // Check if store or update
         if ($this->getMethod() == 'PATCH') {
diff --git a/app/Http/Requests/Document/Document.php b/app/Http/Requests/Document/Document.php
index 8177216af..897f930b1 100644
--- a/app/Http/Requests/Document/Document.php
+++ b/app/Http/Requests/Document/Document.php
@@ -41,7 +41,7 @@ class Document extends FormRequest
         }
 
         // Get company id
-        $company_id = $this->request->get('company_id');
+        $company_id = (int) $this->request->get('company_id');
 
         return [
             'type' => 'required|string',
diff --git a/app/Http/Requests/Portal/Profile.php b/app/Http/Requests/Portal/Profile.php
index 41951dac1..3d9045e26 100644
--- a/app/Http/Requests/Portal/Profile.php
+++ b/app/Http/Requests/Portal/Profile.php
@@ -17,8 +17,8 @@ class Profile extends FormRequest
 
         $picture = 'nullable';
 
-        if ($this->request->get('picture', null)) {
-            $picture = 'mimes:' . config('filesystems.mimes') . '|between:0,' . config('filesystems.max_size') * 1024;
+        if ($this->files->get('picture')) {
+            $picture = 'mimes:' . config('filesystems.mimes') . '|between:0,' . config('filesystems.max_size') * 1024 . '|dimensions:max_width=1000,max_height=1000';
         }
 
         $email = 'required|email|unique:users,email,' . $id . ',id,deleted_at,NULL';
diff --git a/app/Http/Requests/Setting/Currency.php b/app/Http/Requests/Setting/Currency.php
index 257918372..1014b85c7 100644
--- a/app/Http/Requests/Setting/Currency.php
+++ b/app/Http/Requests/Setting/Currency.php
@@ -21,7 +21,7 @@ class Currency extends FormRequest
         }
 
         // Get company id
-        $company_id = $this->request->get('company_id');
+        $company_id = (int) $this->request->get('company_id');
 
         return [
             'name' => 'required|string',
diff --git a/app/Http/Requests/Setting/Tax.php b/app/Http/Requests/Setting/Tax.php
index ab47c77c5..7d9c1b98d 100644
--- a/app/Http/Requests/Setting/Tax.php
+++ b/app/Http/Requests/Setting/Tax.php
@@ -20,7 +20,7 @@ class Tax extends FormRequest
             $id = null;
         }
 
-        $company_id = $this->request->get('company_id');
+        $company_id = (int) $this->request->get('company_id');
 
         $type = 'required|string';
 
diff --git a/config/firewall.php b/config/firewall.php
index dc853a9db..4bf767a6b 100644
--- a/config/firewall.php
+++ b/config/firewall.php
@@ -52,7 +52,7 @@ return [
         'firewall.referrer',
         'firewall.rfi',
         'firewall.session',
-        'firewall.sqli',
+        //'firewall.sqli',
         'firewall.swear',
         'firewall.xss',
         //'App\Http\Middleware\YourCustomRule',