Force http/https for webhook and add error_log in index

This commit is contained in:
osaajani 2020-06-14 22:17:04 +02:00
parent 54a8029b69
commit 903a8d3770
3 changed files with 14 additions and 1 deletions

View File

@ -27,6 +27,12 @@ class Webhook extends StandardController
*/ */
public function create(int $id_user, string $url, string $type) public function create(int $id_user, string $url, string $type)
{ {
//Must ensure http(s) protocole for protection against ssrf
if (!mb_ereg_match('^http(s?)://', $url))
{
return false;
}
$webhook = [ $webhook = [
'id_user' => $id_user, 'id_user' => $id_user,
'url' => $url, 'url' => $url,
@ -54,6 +60,12 @@ class Webhook extends StandardController
*/ */
public function update_for_user(int $id_user, int $id, string $url, string $type) public function update_for_user(int $id_user, int $id, string $url, string $type)
{ {
//Must ensure http(s) protocole for protection against ssrf
if (!mb_ereg_match('^http(s?)://', $url))
{
return false;
}
$datas = [ $datas = [
'url' => $url, 'url' => $url,
'type' => $type, 'type' => $type,

View File

@ -123,7 +123,7 @@ namespace controllers\publics;
{ {
\FlashMessage\FlashMessage::push('danger', 'Impossible de créer ce webhook.'); \FlashMessage\FlashMessage::push('danger', 'Impossible de créer ce webhook.');
return $this->redirect(\descartes\Router::url('webhooks', 'add')); return $this->redirect(\descartes\Router::url('Webhook', 'add'));
} }
\FlashMessage\FlashMessage::push('success', 'La webhook a bien été créé.'); \FlashMessage\FlashMessage::push('success', 'La webhook a bien été créé.');

View File

@ -25,6 +25,7 @@
} }
catch (\Throwable $e) catch (\Throwable $e)
{ {
error_log($e);
$controller = new \controllers\internals\HttpError(); $controller = new \controllers\internals\HttpError();
$controller->unknown(); $controller->unknown();
} }