Skip to content

Commit

Permalink
Escape data for front-end
Browse files Browse the repository at this point in the history
  • Loading branch information
@lanhktc
lanhktc committed Dec 1, 2020
1 parent 5904e44 commit f4b2811
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 2 deletions.
9 changes: 8 additions & 1 deletion src/Front/Controllers/ShopCartController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,10 @@ public function getCheckout()
public function addToCart()
{
$data = request()->all();

//Process escape
$data = sc_clean($data);

$productId = $data['product_id'];
$qty = $data['qty'] ?? 0;
$storeId = $data['storeId'] ?? config('app.storeId');
Expand Down Expand Up @@ -574,7 +578,6 @@ public function addOrder(Request $request)
//Set session info order
session(['dataOrder' => $dataOrder]);
session(['arrCartDetail' => $arrCartDetail]);

//Create new order
$newOrder = (new ShopOrder)->createOrder($dataOrder, $dataTotal, $arrCartDetail);

Expand All @@ -597,6 +600,10 @@ public function addOrder(Request $request)
'country' => $shippingAddress['country'] ?? '',
'phone' => $shippingAddress['phone'] ?? '',
];

//Process escape
$addressNew = sc_clean($addressNew);

ShopCustomer::find($uID)->addresses()->save(new ShopCustomerAddress(sc_clean($addressNew)));
session()->forget('address_process'); //destroy address_process
}
Expand Down
3 changes: 3 additions & 0 deletions src/Front/Controllers/ShopContentController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,9 @@ public function postContact(Request $request)
->withErrors($validator)
->withInput();
}
// Process escape
$data = sc_clean($data);

//Send email
$data['content'] = str_replace("\n", "<br>", $data['content']);

Expand Down
6 changes: 5 additions & 1 deletion src/Front/Models/ShopOrder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,13 @@ public function scopeSort($query, $sortBy = null, $sortOrder = 'desc')
*/
public function createOrder($dataOrder, $dataTotal, $arrCartDetail)
{
//Process escape
$dataOrder = sc_clean($dataOrder);
$dataTotal = sc_clean($dataTotal);
$arrCartDetail = sc_clean($arrCartDetail);

try {
DB::connection(SC_CONNECTION)->beginTransaction();
$dataOrder = sc_clean($dataOrder);
$dataOrder['domain'] = url('/');
$uID = $dataOrder['customer_id'];
$currency = $dataOrder['currency'];
Expand Down

1 comment on commit f4b2811

@lanhktc
Copy link
Collaborator Author

@lanhktc lanhktc commented on f4b2811 Dec 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix error s-cart/s-cart#52

Please # to comment.