Skip to content

L
Liman MYS - Çekirdek
Kaydet (Commit) b1eb88ff authored tarafından Baran Sekin's avatar Baran Sekin
Dosyalara gözat
Seçenekler

Added command injection protection

üst 6f15de8f
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 57 additions and 2 deletions
app/Http/Middleware/XssSanitization.php
Dosyayı görüntüle @ b1eb88ff
......@@ -9,11 +9,16 @@ class XssSanitization
{
public function handle(Request $request, Closure $next)
{
$input = $request->all();
$input = $request->except([
'password',
'old_password',
'password_confirmation',
'liman_password_baran'
]);
array_walk_recursive($input, function(&$input) {
$input = strip_tags($input);
});
$request->merge($input);
return $next($request);
}
}
}
app/System/Command.php 0 → 100644
Dosyayı görüntüle @ b1eb88ff
<?php
namespace App\System;
class Command
{
public static function run($command, $attributes = [], $log = true)
{
return trim(server()->run(self::format($command, $attributes), $log));
}
public static function runSudo($command, $attributes = [], $log = true)
{
return self::run(sudo() . $command, $attributes, $log);
}
private static function format($command, $attributes = [])
{
foreach ($attributes as $attribute => $value) {
$command = str_replace(
"@{:$attribute}",
self::clean($value),
$command
);
$command = str_replace(
"{:$attribute}",
self::cleanWithoutQuotes($value),
$command
);
$command = str_replace(":$attribute:", $value, $command);
}
return $command;
}
private static function cleanWithoutQuotes($value)
{
return preg_replace(
'/^(\'(.*)\'|"(.*)")$/',
'$2$3',
self::clean($value)
);
}
private static function clean($value)
{
return escapeshellarg($value);
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment