fix(security): resolve F-10 — replace leaked exception messages with generic user-facing errors

2026-05-28 16:33:37 +08:00
parent 07f22972ee
commit 509afdb4c8
3 changed files with 9 additions and 18 deletions
--- a/src/app/Http/Controllers/AdminController.php
+++ b/src/app/Http/Controllers/AdminController.php
@@ -4,6 +4,7 @@ namespace App\Http\Controllers;

 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Log;
 use Illuminate\Validation\Rules\Password;

 class AdminController extends Controller
@@ -119,12 +120,11 @@ class AdminController extends Controller

                return redirect()->back()->with('error', $errorMessage);
            } catch (\Exception $e) {
-                // For other exceptions
-                return redirect()->back()->with('error', $e->getMessage());
+                Log::error('Failed to create user', ['error' => $e->getMessage()]);
+                return redirect()->back()->with('error', __('toast.error'));
            }
    }

-    // Function update Station
    public function updateStation(Request $request,$stationid)
    {
         $validated = $request->validate([
@@ -212,8 +212,8 @@ class AdminController extends Controller

                return redirect()->back()->with('error', $errorMessage);
        } catch (\Exception $e) {
-            // For other exceptions
-            return redirect()->back()->with('error', $e->getMessage());
+            Log::error('Failed to update user', ['error' => $e->getMessage(), 'userid' => $userid]);
+            return redirect()->back()->with('error', __('toast.error'));
        }
        

@@ -251,7 +251,8 @@ class AdminController extends Controller
            
        } catch (\Exception $e)
        {
-            return redirect()->back()->with('error',$e->getMessage());
+            Log::error('Failed to update password', ['error' => $e->getMessage(), 'userid' => $userid]);
+            return redirect()->back()->with('error', __('toast.error'));
        }
    }

--- a/src/lang/bm/toast.php
+++ b/src/lang/bm/toast.php
@@ -1,16 +1,11 @@
 <?php
    return [
-            //Toast Messages
-            //Add
+            'error' => 'Ralat tidak dijangka berlaku. Sila cuba lagi.',
            'stationsuccess' => 'Stesen berjaya ditambah',
            'usersuccess' => 'Pengguna berjaya ditambah',
-
-            //Update
            'stationupdated' => 'Stesen berjaya dikemaskini',
            'userupdated' => 'Pengguna berjaya dikemaskini',
            'passwordupdated' => 'Kata laluan berjaya dikemaskini',
-
-            //Delete
            'stationdeleted' => 'Stesen berjaya dipadam',
            'userdeleted' => 'Pengguna berjaya dipadam',
    ];
--- a/src/lang/en/toast.php
+++ b/src/lang/en/toast.php
@@ -1,16 +1,11 @@
 <?php
    return [
-            //Toast Messages
-            //Add
+            'error' => 'An unexpected error occurred. Please try again.',
            'stationsuccess' => 'Station added succesfully',
            'usersuccess' => 'User registered successfully',
-
-            //Update
            'stationupdated' => 'Station updated succesfully',
            'userupdated' => 'Users updated succesfully',
            'passwordupdated' => 'Password updated succesfully',
-
-            //Delete
            'stationdeleted' => 'Station deleted succesfully',
            'userdeleted' => 'User deleted successfully',
    ];