ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S3649/php/how-to-fix-it/laravel.adoc
Marco Borgeaud 6550e65756
Diff blocks: fix some incorrect use for php (#2804) 
Improvement identified in #2790.

Add a prefix to the diff-id when it is used multiple times in different
"how to fix it in XYZ" sections to avoid ambiguity and pedantically
follow the spec:

> A single and unique diff-id should be used only once for each type of
code example as shown in the description of a rule.

Obvious typos around `diff-type` were fixed.
2023-08-10 15:57:24 +02:00

75 lines
1.5 KiB
Plaintext
Raw Blame History

== How to fix it in Laravel
=== Code examples
include::../../common/fix/code-rationale.adoc[]
==== Noncompliant code example
[source,php,diff-id=11,diff-type=noncompliant]
----
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
class UserController extends Controller
{
public function authenticate(Request $request)
{
$user = $request->input('user');
$pass = $request->input('pass');
$query = "SELECT * FROM users WHERE user = '" . $user . "' AND pass = '" . $pass . "'";
$users = DB::select($query); // Noncompliant
if (count($users) != 1)
{
abort(401);
}
return view('authenticated.index');
}
}
----
==== Compliant solution
[source,php,diff-id=11,diff-type=compliant]
----
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
class UserController extends Controller
{
public function authenticate(Request $request)
{
$user = $request->input('user');
$pass = $request->input('pass');
$user_exists = DB::table('users')
->where('user', $user)
->where('pass', $pass)
->exists();
if (!$user_exists)
{
abort(401);
}
return view('authenticated.index');
}
}
----
=== How does this work?
:secure_feature: Illuminate
:unsafe_function: DB::raw()
include::../../common/fix/secure-by-design.adoc[]
Reference in New Issue View Git Blame Copy Permalink