From 509afdb4c862de9909548e5d10e348b55024f613 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 28 May 2026 16:33:37 +0800 Subject: [PATCH] =?UTF-8?q?fix(security):=20resolve=20F-10=20=E2=80=94=20r?= =?UTF-8?q?eplace=20leaked=20exception=20messages=20with=20generic=20user-?= =?UTF-8?q?facing=20errors?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/app/Http/Controllers/AdminController.php | 13 +++++++------ src/lang/bm/toast.php | 7 +------ src/lang/en/toast.php | 7 +------ 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/src/app/Http/Controllers/AdminController.php b/src/app/Http/Controllers/AdminController.php index 5e890cd0..c448413a 100644 --- a/src/app/Http/Controllers/AdminController.php +++ b/src/app/Http/Controllers/AdminController.php @@ -4,6 +4,7 @@ namespace App\Http\Controllers; use Illuminate\Http\Request; use Illuminate\Support\Facades\DB; +use Illuminate\Support\Facades\Log; use Illuminate\Validation\Rules\Password; class AdminController extends Controller @@ -119,12 +120,11 @@ class AdminController extends Controller return redirect()->back()->with('error', $errorMessage); } catch (\Exception $e) { - // For other exceptions - return redirect()->back()->with('error', $e->getMessage()); + Log::error('Failed to create user', ['error' => $e->getMessage()]); + return redirect()->back()->with('error', __('toast.error')); } } - // Function update Station public function updateStation(Request $request,$stationid) { $validated = $request->validate([ @@ -212,8 +212,8 @@ class AdminController extends Controller return redirect()->back()->with('error', $errorMessage); } catch (\Exception $e) { - // For other exceptions - return redirect()->back()->with('error', $e->getMessage()); + Log::error('Failed to update user', ['error' => $e->getMessage(), 'userid' => $userid]); + return redirect()->back()->with('error', __('toast.error')); } @@ -251,7 +251,8 @@ class AdminController extends Controller } catch (\Exception $e) { - return redirect()->back()->with('error',$e->getMessage()); + Log::error('Failed to update password', ['error' => $e->getMessage(), 'userid' => $userid]); + return redirect()->back()->with('error', __('toast.error')); } } diff --git a/src/lang/bm/toast.php b/src/lang/bm/toast.php index bde917c2..2dbe9ee9 100644 --- a/src/lang/bm/toast.php +++ b/src/lang/bm/toast.php @@ -1,16 +1,11 @@ 'Ralat tidak dijangka berlaku. Sila cuba lagi.', 'stationsuccess' => 'Stesen berjaya ditambah', 'usersuccess' => 'Pengguna berjaya ditambah', - - //Update 'stationupdated' => 'Stesen berjaya dikemaskini', 'userupdated' => 'Pengguna berjaya dikemaskini', 'passwordupdated' => 'Kata laluan berjaya dikemaskini', - - //Delete 'stationdeleted' => 'Stesen berjaya dipadam', 'userdeleted' => 'Pengguna berjaya dipadam', ]; diff --git a/src/lang/en/toast.php b/src/lang/en/toast.php index 2fcf290e..d0476cbb 100644 --- a/src/lang/en/toast.php +++ b/src/lang/en/toast.php @@ -1,16 +1,11 @@ 'An unexpected error occurred. Please try again.', 'stationsuccess' => 'Station added succesfully', 'usersuccess' => 'User registered successfully', - - //Update 'stationupdated' => 'Station updated succesfully', 'userupdated' => 'Users updated succesfully', 'passwordupdated' => 'Password updated succesfully', - - //Delete 'stationdeleted' => 'Station deleted succesfully', 'userdeleted' => 'User deleted successfully', ];