From 8538c1b8dfb0b8ce8c6463f254b8aa300b31c97e Mon Sep 17 00:00:00 2001
From: root <root@sides-tck.tck.com.my>
Date: Thu, 28 May 2026 16:41:50 +0800
Subject: [PATCH] =?UTF-8?q?fix(security):=20resolve=20F-24=20=E2=80=94=20a?=
 =?UTF-8?q?dd=20URL=20validation=20for=20CCTV=20links,=20remove=20hardcode?=
 =?UTF-8?q?d=20http://=20prefix?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/Http/Controllers/AdminController.php | 14 +++++++-------
 src/resources/views/layout/cctv.blade.php    |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/app/Http/Controllers/AdminController.php b/src/app/Http/Controllers/AdminController.php
index 2fcc565d..7d4273f0 100644
--- a/src/app/Http/Controllers/AdminController.php
+++ b/src/app/Http/Controllers/AdminController.php
@@ -64,7 +64,7 @@ class AdminController extends Controller
             'latitude' => 'required|numeric',
             'mainriverbasin' => 'nullable|string|max:255',
             'subriverbasin' => 'nullable|string|max:255',
-            'cctv_link' => 'nullable|string|max:500',
+            'cctv_link' => 'nullable|string|max:500|url',
         ]);
 
         $rainfall = $request->has('rainfall') ? 1 : 0;
@@ -137,14 +137,14 @@ class AdminController extends Controller
             'latitude' => 'required|numeric',
             'mainriverbasin' => 'nullable|string|max:255',
             'subriverbasin' => 'nullable|string|max:255',
-            'cctv_link' => 'nullable|string|max:500',
-        ]);
+             'cctv_link' => 'nullable|string|max:500|url',
+         ]);
 
-        $rainfall = $request->has('rainfall') ? 1 : 0;
-        $waterlevel = $request->has('waterlevel') ? 1 : 0;
-        $siren = $request->has('siren') ? 1 : 0;
+         $rainfall = $request->has('rainfall') ? 1 : 0;
+         $waterlevel = $request->has('waterlevel') ? 1 : 0;
+         $siren = $request->has('siren') ? 1 : 0;
 
-        DB::table('station')->where('stationid',$stationid)
+         DB::table('station')->where('stationid',$stationid)
         ->update([
                   
                 'name' => $validated['stationname'],
diff --git a/src/resources/views/layout/cctv.blade.php b/src/resources/views/layout/cctv.blade.php
index c265a5d3..a1df5b77 100644
--- a/src/resources/views/layout/cctv.blade.php
+++ b/src/resources/views/layout/cctv.blade.php
@@ -28,7 +28,7 @@
                         <tr>
                             <td>{{$row->name}}</td>
                             <td>{{$row->district}}</td>
-                            <td ><a href="http://{{$row->cctv_link}}" target="_blank" class="cctv-link">{{$row->name ?? '-'}}</a></td>
+                            <td ><a href="{{$row->cctv_link}}" target="_blank" rel="noopener noreferrer" class="cctv-link">{{$row->name ?? '-'}}</a></td>
                            
                     @endforeach