admin/sides
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): resolve F-10 — replace leaked exception messages with generic user-facing errors

Browse Source
This commit is contained in:
root
2026-05-28 16:33:37 +08:00
parent 07f22972ee
commit 509afdb4c8
3 changed files with 9 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/app/Http/Controllers/AdminController.php
View File

@@ -4,6 +4,7 @@ namespace App\Http\Controllers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
use Illuminate\Validation\Rules\Password; use Illuminate\Validation\Rules\Password;
class AdminController extends Controller class AdminController extends Controller
@@ -119,12 +120,11 @@ class AdminController extends Controller
return redirect()->back()->with('error', $errorMessage); return redirect()->back()->with('error', $errorMessage);
} catch (\Exception $e) { } catch (\Exception $e) {
// For other exceptions Log::error('Failed to create user', ['error' => $e->getMessage()]);
return redirect()->back()->with('error', $e->getMessage()); return redirect()->back()->with('error', __('toast.error'));
} }
} }
// Function update Station
public function updateStation(Request $request,$stationid) public function updateStation(Request $request,$stationid)
{ {
$validated = $request->validate([ $validated = $request->validate([
@@ -212,8 +212,8 @@ class AdminController extends Controller
return redirect()->back()->with('error', $errorMessage); return redirect()->back()->with('error', $errorMessage);
} catch (\Exception $e) { } catch (\Exception $e) {
// For other exceptions Log::error('Failed to update user', ['error' => $e->getMessage(), 'userid' => $userid]);
return redirect()->back()->with('error', $e->getMessage()); return redirect()->back()->with('error', __('toast.error'));
} }
@@ -251,7 +251,8 @@ class AdminController extends Controller
} catch (\Exception $e) } catch (\Exception $e)
{ {
return redirect()->back()->with('error',$e->getMessage()); Log::error('Failed to update password', ['error' => $e->getMessage(), 'userid' => $userid]);
return redirect()->back()->with('error', __('toast.error'));
} }
} }

7
src/lang/bm/toast.php
View File

@@ -1,16 +1,11 @@
<?php <?php
return [ return [
//Toast Messages 'error' => 'Ralat tidak dijangka berlaku. Sila cuba lagi.',
//Add
'stationsuccess' => 'Stesen berjaya ditambah', 'stationsuccess' => 'Stesen berjaya ditambah',
'usersuccess' => 'Pengguna berjaya ditambah', 'usersuccess' => 'Pengguna berjaya ditambah',
//Update
'stationupdated' => 'Stesen berjaya dikemaskini', 'stationupdated' => 'Stesen berjaya dikemaskini',
'userupdated' => 'Pengguna berjaya dikemaskini', 'userupdated' => 'Pengguna berjaya dikemaskini',
'passwordupdated' => 'Kata laluan berjaya dikemaskini', 'passwordupdated' => 'Kata laluan berjaya dikemaskini',
//Delete
'stationdeleted' => 'Stesen berjaya dipadam', 'stationdeleted' => 'Stesen berjaya dipadam',
'userdeleted' => 'Pengguna berjaya dipadam', 'userdeleted' => 'Pengguna berjaya dipadam',
]; ];

7
src/lang/en/toast.php
View File

@@ -1,16 +1,11 @@
<?php <?php
return [ return [
//Toast Messages 'error' => 'An unexpected error occurred. Please try again.',
//Add
'stationsuccess' => 'Station added succesfully', 'stationsuccess' => 'Station added succesfully',
'usersuccess' => 'User registered successfully', 'usersuccess' => 'User registered successfully',
//Update
'stationupdated' => 'Station updated succesfully', 'stationupdated' => 'Station updated succesfully',
'userupdated' => 'Users updated succesfully', 'userupdated' => 'Users updated succesfully',
'passwordupdated' => 'Password updated succesfully', 'passwordupdated' => 'Password updated succesfully',
//Delete
'stationdeleted' => 'Station deleted succesfully', 'stationdeleted' => 'Station deleted succesfully',
'userdeleted' => 'User deleted successfully', 'userdeleted' => 'User deleted successfully',
]; ];