Add data filtering for HTTP_REFERER and HTTP_USER_AGENT

2020-11-10 23:32:54 +07:00 · 2020-11-10 23:32:54 +07:00 · 635f0ee4df
commit 635f0ee4df
parent 0aea6cee01
3 changed files with 6 additions and 3 deletions
--- a/app/Models/Pages/Auth.php
+++ b/app/Models/Pages/Auth.php
@ -64,7 +64,7 @@ class Auth extends Page
            $this->fIswev = $v->getErrors();
        }

-        $ref = $_SERVER['HTTP_REFERER'] ?? '';
+        $ref = $this->c->Secury->replInvalidChars($_SERVER['HTTP_REFERER'] ?? '');

        $this->fIndex     = 'login';
        $this->nameTpl    = 'login';
--- a/app/Models/Pages/Email.php
+++ b/app/Models/Pages/Email.php
@ -46,7 +46,10 @@ class Email extends Page
        }

        $data = [
-            'redirect' => $this->c->Router->validate($_SERVER['HTTP_REFERER'] ?? '', 'Index'),
+            'redirect' => $this->c->Router->validate(
+                $this->c->Secury->replInvalidChars($_SERVER['HTTP_REFERER'] ?? ''),
+                'Index'
+            ),
        ];

        if ('POST' === $method) {
--- a/app/Models/User/Current.php
+++ b/app/Models/User/Current.php
@ -117,7 +117,7 @@ class Current extends Action
     */
    protected function getUserAgent(): string
    {
-        return \trim($_SERVER['HTTP_USER_AGENT'] ?? '');
+        return \trim($this->c->Secury->replInvalidChars($_SERVER['HTTP_USER_AGENT'] ?? ''));
    }

    /**