From cec312a1457328aec60c4be6c68fd821e68b666a Mon Sep 17 00:00:00 2001 From: Joren Thijs <41837971+Joren-Thijs@users.noreply.github.com> Date: Tue, 5 May 2020 01:39:14 +0200 Subject: [PATCH 1/3] added Regex to lease requests --- app/Http/Requests/StoreLeaseRequest.php | 4 ++-- app/Http/Requests/UpdateLeaseRequest.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/Http/Requests/StoreLeaseRequest.php b/app/Http/Requests/StoreLeaseRequest.php index fa8d9bc..7151a53 100644 --- a/app/Http/Requests/StoreLeaseRequest.php +++ b/app/Http/Requests/StoreLeaseRequest.php @@ -26,8 +26,8 @@ public function rules() 'rentable_id' => 'required|integer|min:1|exists:App\Models\Rentable,id', 'start_time' => 'required', 'end_time' => 'required', - 'phone_nr' => 'required|string|min:8|max:12', - 'license_plate' => 'required|string|min:1|max:9' + 'phone_nr' => 'required|string|min:8|max:12|regex:/^(\+\d{1,2}\s?)?1?\-?\.?\s?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$/', // Regex for phone number + 'license_plate' => 'required|string|min:1|max:9|regex:/^[a-zA-Z0-9_.-]*$/' // Regex for license plate ]; } diff --git a/app/Http/Requests/UpdateLeaseRequest.php b/app/Http/Requests/UpdateLeaseRequest.php index 031fbcb..66e25c3 100644 --- a/app/Http/Requests/UpdateLeaseRequest.php +++ b/app/Http/Requests/UpdateLeaseRequest.php @@ -27,8 +27,8 @@ public function rules() 'rentable_id' => 'required|integer|min:1|exists:App\Models\Rentable,id', 'start_time' => 'required', 'end_time' => 'required', - 'phone_nr' => 'required|string|min:8|max:12', - 'license_plate' => 'required|string|min:1|max:9' + 'phone_nr' => 'required|string|min:8|max:12|regex:/^(\+\d{1,2}\s?)?1?\-?\.?\s?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$/', + 'license_plate' => 'required|string|min:1|max:9|regex:/^[a-zA-Z0-9_.-]*$/' ]; } From 61ecdd96b39f6a3e32a3f5ed7a88c4c60084c393 Mon Sep 17 00:00:00 2001 From: Joren Thijs <41837971+Joren-Thijs@users.noreply.github.com> Date: Tue, 5 May 2020 02:32:11 +0200 Subject: [PATCH 2/3] added regexes for rentables --- app/Http/Requests/StoreRentableRequest.php | 16 ++++++++++++++-- app/Http/Requests/UpdateRentableRequest.php | 16 ++++++++++++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/app/Http/Requests/StoreRentableRequest.php b/app/Http/Requests/StoreRentableRequest.php index a07122c..e8c1c59 100644 --- a/app/Http/Requests/StoreRentableRequest.php +++ b/app/Http/Requests/StoreRentableRequest.php @@ -6,6 +6,16 @@ class StoreRentableRequest extends FormRequest { + /** + * Sanitize before rules() + */ + protected function sanitizeInput() + { + $input = $this->all(); + $input['description'] = preg_replace("~[\p{M}]~uis", "", $this->input('description')); + $this->replace($input); + } + /** * Get the validation rules that apply to the request. * @@ -17,12 +27,12 @@ public function rules() return [ 'user_id' => 'required|integer|min:1|exists:App\Models\User,id', - 'adress' => 'required|string|min:3|max:150', + 'adress' => 'required|string|min:3|max:150|regex:/^[a-zA-Z0-9_ .-]*$/', // Regex for Adress 'postal_code' => 'required|numeric|digits:4|min:1|max:9999', 'date_of_hire' => 'required|date_format:Y-m-d|after_or_equal:' . $todayDate, 'start_time' => 'required', 'end_time' => 'required', - 'price' => 'required|numeric|min:0.01|max:1000', + 'price' => 'required|numeric|min:0.01|max:1000|regex:/^[0-9]+(\.[0-9]{1,2})?$/', //Regex for Decimal with 2 decimal places 'bankaccount_nr' => 'required|string|regex:/^[A-Z]{2}(?:[ ]?[0-9]){14,20}$/', // Regex for IBAN numbers 'description' => 'required|string|max:150', ]; @@ -35,6 +45,8 @@ public function rules() */ protected function getValidatorInstance() { + $this->sanitizeInput(); + return parent::getValidatorInstance()->after(function () { // convert to unix timestamps $start_time = $this->input('start_time'); diff --git a/app/Http/Requests/UpdateRentableRequest.php b/app/Http/Requests/UpdateRentableRequest.php index 336f4a4..4898a7c 100644 --- a/app/Http/Requests/UpdateRentableRequest.php +++ b/app/Http/Requests/UpdateRentableRequest.php @@ -14,6 +14,16 @@ public function __construct(IRentableRepository $rentableRepo) $this->rentableRepo = $rentableRepo; } + /** + * Sanitize before rules() + */ + protected function sanitizeInput() + { + $input = $this->all(); + $input['description'] = preg_replace("~[\p{M}]~uis", "", $this->input('description')); + $this->replace($input); + } + /** * Get the validation rules that apply to the request. * @@ -25,12 +35,12 @@ public function rules() return [ 'rentable_id' => 'required|integer|min:1|exists:App\Models\Rentable,id', - 'adress' => 'required|string|min:3|max:150', + 'adress' => 'required|string|min:3|max:150|regex:/^[a-zA-Z0-9_ .-]*$/', // Regex for Adress 'postal_code' => 'required|numeric|digits:4|min:1|max:9999', 'date_of_hire' => 'required|date_format:Y-m-d|after_or_equal:' . $todayDate, 'start_time' => 'required', 'end_time' => 'required', - 'price' => 'required|numeric|min:0.01|max:1000', + 'price' => 'required|numeric|min:0.01|max:1000|regex:/^[0-9]+(\.[0-9]{1,2})?$/', //Regex for Decimal with 2 decimal places 'bankaccount_nr' => 'required|string|regex:/^[A-Z]{2}(?:[ ]?[0-9]){14,20}$/', // Regex for IBAN numbers 'description' => 'required|string|max:150', ]; @@ -43,6 +53,8 @@ public function rules() */ protected function getValidatorInstance() { + $this->sanitizeInput(); + return parent::getValidatorInstance()->after(function () { // Get the current rentable $rentable = $this->rentableRepo->getRentable($this->input('rentable_id')); From 34761d8ee648d780960f02e016ec9588990b9882 Mon Sep 17 00:00:00 2001 From: Joren Thijs <41837971+Joren-Thijs@users.noreply.github.com> Date: Tue, 5 May 2020 02:39:43 +0200 Subject: [PATCH 3/3] added regex to user requests --- app/Http/Requests/StoreUserRequest.php | 14 +++++++++++++- app/Http/Requests/UpdateUserRequest.php | 22 +++++++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/app/Http/Requests/StoreUserRequest.php b/app/Http/Requests/StoreUserRequest.php index 5424978..98d3829 100644 --- a/app/Http/Requests/StoreUserRequest.php +++ b/app/Http/Requests/StoreUserRequest.php @@ -6,6 +6,16 @@ class StoreUserRequest extends FormRequest { + /** + * Sanitize before rules() + */ + protected function sanitizeInput() + { + $input = $this->all(); + $input['name'] = preg_replace("~[\p{M}]~uis", "", $this->input('name')); + $this->replace($input); + } + /** * Get the validation rules that apply to the request. * @@ -17,7 +27,7 @@ public function rules() 'name' => 'required|string|min:1|max:150', 'email' => 'required|email:rfc,dns', 'password' => 'required|string|min:8|max:128', - 'role' => 'required|string|min:1|max:150', + 'role' => 'required|string|min:1|max:150|regex:/^[a-zA-Z]+$/', // Regex for ASCII letters ]; } @@ -28,6 +38,8 @@ public function rules() */ protected function getValidatorInstance() { + $this->sanitizeInput(); + return parent::getValidatorInstance()->after(function () { // Check if password and confirm password match if ($this->input('password') != $this->input('confirm_password')) { diff --git a/app/Http/Requests/UpdateUserRequest.php b/app/Http/Requests/UpdateUserRequest.php index 9d49dce..cb0627d 100644 --- a/app/Http/Requests/UpdateUserRequest.php +++ b/app/Http/Requests/UpdateUserRequest.php @@ -6,6 +6,16 @@ class UpdateUserRequest extends FormRequest { + /** + * Sanitize before rules() + */ + protected function sanitizeInput() + { + $input = $this->all(); + $input['name'] = preg_replace("~[\p{M}]~uis", "", $this->input('name')); + $this->replace($input); + } + /** * Get the validation rules that apply to the request. * @@ -17,7 +27,17 @@ public function rules() 'name' => 'required|string|min:1|max:150', 'email' => 'email:rfc,dns', 'password' => 'string|min:8|max:128', - 'role' => 'string|min:1|max:150', + 'role' => 'string|min:1|max:150|regex:/^[a-zA-Z]+$/', // Regex for ASCII letters ]; } + + /** + * Validate request + * + * @return Illuminate\Foundation\Http\FormRequest::getValidatorInstance + */ + protected function getValidatorInstance() + { + $this->sanitizeInput(); + } }