admin/sides
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): resolve F-24 — add URL validation for CCTV links, remove hardcoded http:// prefix

Browse Source
This commit is contained in:
root
2026-05-28 16:41:50 +08:00
parent abdb5a9fcc
commit 8538c1b8df
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/app/Http/Controllers/AdminController.php
View File

@@ -64,7 +64,7 @@ class AdminController extends Controller
'latitude' => 'required|numeric',
'mainriverbasin' => 'nullable|string|max:255',
'subriverbasin' => 'nullable|string|max:255',
'cctv_link' => 'nullable|string|max:500',
'cctv_link' => 'nullable|string|max:500|url',
]);
$rainfall = $request->has('rainfall') ? 1 : 0;
@@ -137,7 +137,7 @@ class AdminController extends Controller
'latitude' => 'required|numeric',
'mainriverbasin' => 'nullable|string|max:255',
'subriverbasin' => 'nullable|string|max:255',
'cctv_link' => 'nullable|string|max:500',
'cctv_link' => 'nullable|string|max:500|url',
]);
$rainfall = $request->has('rainfall') ? 1 : 0;

2
src/resources/views/layout/cctv.blade.php
View File

@@ -28,7 +28,7 @@
<tr>
<td>{{$row->name}}</td>
<td>{{$row->district}}</td>
<td ><a href="http://{{$row->cctv_link}}" target="_blank" class="cctv-link">{{$row->name ?? '-'}}</a></td>
<td ><a href="{{$row->cctv_link}}" target="_blank" rel="noopener noreferrer" class="cctv-link">{{$row->name ?? '-'}}</a></td>
@endforeach