disabled sqli middleware

2021-07-18 17:12:37 +03:00 · 2021-07-18 17:12:37 +03:00 · c2fd5c3eaa
commit c2fd5c3eaa
parent ca98e2c0c5
6 changed files with 13 additions and 7 deletions
--- a/app/Http/Requests/Common/Contact.php
+++ b/app/Http/Requests/Common/Contact.php
@ -18,7 +18,13 @@ class Contact extends FormRequest
        $logo = 'nullable';

        $type = $this->request->get('type', 'customer');
-        $company_id = $this->request->get('company_id');
+
+        // @todo must put contact types under a specific array, see category
+        if (empty(config('type.' . $type))) {
+            $type = null;
+        }
+
+        $company_id = (int) $this->request->get('company_id');

        // Check if store or update
        if ($this->getMethod() == 'PATCH') {
--- a/app/Http/Requests/Document/Document.php
+++ b/app/Http/Requests/Document/Document.php
@ -41,7 +41,7 @@ class Document extends FormRequest
        }

        // Get company id
-        $company_id = $this->request->get('company_id');
+        $company_id = (int) $this->request->get('company_id');

        return [
            'type' => 'required|string',
--- a/app/Http/Requests/Portal/Profile.php
+++ b/app/Http/Requests/Portal/Profile.php
@ -17,8 +17,8 @@ class Profile extends FormRequest

        $picture = 'nullable';

-        if ($this->request->get('picture', null)) {
-            $picture = 'mimes:' . config('filesystems.mimes') . '|between:0,' . config('filesystems.max_size') * 1024;
+        if ($this->files->get('picture')) {
+            $picture = 'mimes:' . config('filesystems.mimes') . '|between:0,' . config('filesystems.max_size') * 1024 . '|dimensions:max_width=1000,max_height=1000';
        }

        $email = 'required|email|unique:users,email,' . $id . ',id,deleted_at,NULL';
--- a/app/Http/Requests/Setting/Currency.php
+++ b/app/Http/Requests/Setting/Currency.php
@ -21,7 +21,7 @@ class Currency extends FormRequest
        }

        // Get company id
-        $company_id = $this->request->get('company_id');
+        $company_id = (int) $this->request->get('company_id');

        return [
            'name' => 'required|string',
--- a/app/Http/Requests/Setting/Tax.php
+++ b/app/Http/Requests/Setting/Tax.php
@ -20,7 +20,7 @@ class Tax extends FormRequest
            $id = null;
        }

-        $company_id = $this->request->get('company_id');
+        $company_id = (int) $this->request->get('company_id');

        $type = 'required|string';

--- a/config/firewall.php
+++ b/config/firewall.php
@ -52,7 +52,7 @@ return [
        'firewall.referrer',
        'firewall.rfi',
        'firewall.session',
-        'firewall.sqli',
+        //'firewall.sqli',
        'firewall.swear',
        'firewall.xss',
        //'App\Http\Middleware\YourCustomRule',