fix(security): resolve F-24 — add URL validation for CCTV links, remove hardcoded http:// prefix

src/app/Http/Controllers/AdminController.php

@@ -64,7 +64,7 @@ class AdminController extends Controller
             'latitude' => 'required|numeric',
             'mainriverbasin' => 'nullable|string|max:255',
             'subriverbasin' => 'nullable|string|max:255',
-            'cctv_link' => 'nullable|string|max:500',
+            'cctv_link' => 'nullable|string|max:500|url',
         ]);
 
         $rainfall = $request->has('rainfall') ? 1 : 0;
@@ -137,14 +137,14 @@ class AdminController extends Controller
             'latitude' => 'required|numeric',
             'mainriverbasin' => 'nullable|string|max:255',
             'subriverbasin' => 'nullable|string|max:255',
-            'cctv_link' => 'nullable|string|max:500',
+             'cctv_link' => 'nullable|string|max:500|url',
-        ]);
+         ]);
 
-        $rainfall = $request->has('rainfall') ? 1 : 0;
+         $rainfall = $request->has('rainfall') ? 1 : 0;
-        $waterlevel = $request->has('waterlevel') ? 1 : 0;
+         $waterlevel = $request->has('waterlevel') ? 1 : 0;
-        $siren = $request->has('siren') ? 1 : 0;
+         $siren = $request->has('siren') ? 1 : 0;
 
-        DB::table('station')->where('stationid',$stationid)
+         DB::table('station')->where('stationid',$stationid)
         ->update([
                   
                 'name' => $validated['stationname'],

src/resources/views/layout/cctv.blade.php

@@ -28,7 +28,7 @@
                         <tr>
                             <td>{{$row->name}}</td>
                             <td>{{$row->district}}</td>
-                            <td ><a href="http://{{$row->cctv_link}}" target="_blank" class="cctv-link">{{$row->name ?? '-'}}</a></td>
+                            <td ><a href="{{$row->cctv_link}}" target="_blank" rel="noopener noreferrer" class="cctv-link">{{$row->name ?? '-'}}</a></td>
                            
                     @endforeach