douhoushou8385 2019-06-03 06:31
浏览 176

我想添加一个自定义中间件来检查POST请求中的任何脚本,该怎么做?

I want to check whether the POST request coming from various user input forms in my application contains any MALICIOUS CODE script or HTML tags if any found I want to redirect back to the form page and display a message that these script characters are not allowed. I can check for this functionality in the controller but I want to do this with middleware, how to do that, can anyone help me??

Please note, I am just a beginner, not that expert, so please forgive me for any errors in question or logic.

The expected result is that, I want to check on form submit that any input field contains any script tags or not? and I want to achieve this via MIDDLEWARE so that I can just include this middleware on requests i want to check.

  • 写回答

1条回答 默认 最新

  • dqqpf32897 2019-06-03 08:43
    关注

    You can use something like the following to check input coming from POST or GET. 

    public function handle($request, Closure $next)
{
    $this->checkRequest($request);

    $response = $next($request);

    return $response;
}

private function checkRequest($request)
{
    print_r($request->all());

    // you can check for request method here as well
    // $request->isMethod('POST') etc
    // ofcourse i am not checking for malicious code you can do that much better or loop through request parameters thats upto you 

    if ($request->has('some') && $this->isMalicious($request->get('some'))) {
        return redirect()->route('go/home')->with(['message' => 'found some in request']);
    }
}

private function isMalicious($input)
{
     if ($input == 'something') return true;

     return false;
}

    How to make a middleware and how to assign it to certain routes or groups or globally can be found here https://laravel.com/docs/5.8/middleware#global-middleware

    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度