malhuda/jikan-rest
1
0
Fork 0
mirror of https://github.com/jikan-me/jikan-rest.git synced 2025-02-20 11:23:35 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

added validation against new line and weird characters in q parameter of the search endpoint

Browse Source
This commit is contained in:
pushrbx 2023-07-15 15:26:48 +01:00
parent 1d3aa7b794
commit 3fc1eea801
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Dto/SearchCommand.php
View File

@ -7,7 +7,6 @@ use App\Dto\Concerns\HasLimitParameter;
use App\Dto\Concerns\HasPageParameter;
use App\Enums\SortDirection;
use App\Rules\Attributes\EnumValidation;
use Spatie\Enum\Laravel\Rules\EnumRule;
use Spatie\LaravelData\Attributes\Validation\Alpha;
use Spatie\LaravelData\Attributes\Validation\Max;
use Spatie\LaravelData\Attributes\Validation\Prohibits;

8
app/Features/SearchRequestHandler.php
View File

@ -10,6 +10,7 @@ use Illuminate\Http\Resources\Json\JsonResource;
use Illuminate\Http\Resources\Json\ResourceCollection;
use Illuminate\Http\Response;
use Illuminate\Support\Collection;
use Illuminate\Validation\ValidationException;
use Spatie\Enum\Laravel\Enum;
/**
@ -30,6 +31,13 @@ abstract class SearchRequestHandler implements RequestHandler
{
// note: ->all() doesn't transform the dto, all the parsed data is returned as it was parsed. (and validated)
$requestData = collect($request->all());
$prohibitedSearchCharacters = collect(["\n", "\\n", "\r", "\t", "\0", "%0A"]);
if (in_array($requestData->get("q", ""), $prohibitedSearchCharacters->toArray())
|| $prohibitedSearchCharacters->filter(fn($value) => strpos($requestData->get("q", ""), $value) !== false)->count() > 0) {
throw ValidationException::withMessages([
"q" => "The q parameter cannot contain any of the following characters: \\n, \\r, \\t, \\0, %0A"
]);
}
$builder = $this->queryBuilderService->query(
$this->prepareOrderByParam($requestData)
);

4
app/Rules/MaxResultsPerPageRule.php
View File

@ -3,8 +3,6 @@
namespace App\Rules;
use Illuminate\Contracts\Validation\Rule;
use Illuminate\Support\Env;
use Illuminate\Support\Facades\App;
final class MaxResultsPerPageRule implements Rule
{
@ -37,7 +35,7 @@ final class MaxResultsPerPageRule implements Rule
public function message(): array|string
{
$mrpp = max_results_per_page();
$mrpp = max_results_per_page($this->fallbackLimit);
return "Value {$this->value} is higher than the configured '$mrpp' max value.";
}
}