Skip to content

S
syncEnrollments
Commit 34ee58ac authored by Taylor Otwell's avatar Taylor Otwell
Browse files
Options

Do some more injection on filters.

parent 4e5a1517
Hide whitespace changes
Inline Side-by-side
Showing with 104 additions and 51 deletions
app/Http/Filters/AuthFilter.php
View file @ 34ee58ac
...@@ -2,30 +2,59 @@ ...@@ -2,30 +2,59 @@
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Routing\Route; use Illuminate\Routing\Route;
use Auth, Redirect, Response; use Illuminate\Contracts\Auth\Authenticator;
use Illuminate\Contracts\Routing\ResponseFactory;
class AuthFilter { class AuthFilter {
/** /**
* Run the request filter. * The authenticator implementation.
* *
* @param \Illuminate\Routing\Route $route * @var Authenticator
* @param \Illuminate\Http\Request $request */
* @return mixed protected $auth;
*/
public function filter(Route $route, Request $request) /**
{ * The response factory implementation.
if (Auth::guest()) *
{ * @var ResponseFactory
if ($request->ajax()) */
{ protected $response;
return Response::make('Unauthorized', 401);
} /**
else * Create a new filter instance.
{ *
return Redirect::guest('auth/login'); * @param Authenticator $auth
} * @param ResponseFactory $response
} * @return void
} */
public function __construct(Authenticator $auth,
ResponseFactory $response)
{
$this->auth = $auth;
$this->response = $response;
}
/**
* Run the request filter.
*
* @param \Illuminate\Routing\Route $route
* @param \Illuminate\Http\Request $request
* @return mixed
*/
public function filter(Route $route, Request $request)
{
if ($this->auth->guest())
{
if ($request->ajax())
{
return $this->response->make('Unauthorized', 401);
}
else
{
return $this->response->redirectGuest('auth/login');
}
}
}
} }
app/Http/Filters/BasicAuthFilter.php
View file @ 34ee58ac
<?php namespace App\Http\Filters; <?php namespace App\Http\Filters;
use Auth; use Illuminate\Contracts\Auth\Authenticator;
class BasicAuthFilter { class BasicAuthFilter {
/**
* The authenticator implementation.
*
* @var Authenticator
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Authenticator $auth
* @return void
*/
public function __construct(Authenticator $auth)
{
$this->auth = $auth;
}
/** /**
* Run the request filter. * Run the request filter.
* *
...@@ -11,7 +29,7 @@ class BasicAuthFilter { ...@@ -11,7 +29,7 @@ class BasicAuthFilter {
*/ */
public function filter() public function filter()
{ {
return Auth::basic(); return $this->auth->basic();
} }
} }
\ No newline at end of file
app/Http/Filters/CsrfFilter.php
View file @ 34ee58ac
<?php namespace App\Http\Filters; <?php namespace App\Http\Filters;
use Session;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Routing\Route; use Illuminate\Routing\Route;
use Illuminate\Session\TokenMismatchException; use Illuminate\Session\TokenMismatchException;
...@@ -13,12 +12,12 @@ class CsrfFilter { ...@@ -13,12 +12,12 @@ class CsrfFilter {
* @param \Illuminate\Routing\Route $route * @param \Illuminate\Routing\Route $route
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return void * @return void
* *
* @throws \Illuminate\Session\TokenMismatchException * @throws \Illuminate\Session\TokenMismatchException
*/ */
public function filter(Route $route, Request $request) public function filter(Route $route, Request $request)
{ {
if (Session::token() != $request->input('_token')) if ($request->getSession()->token() != $request->input('_token'))
{ {
throw new TokenMismatchException; throw new TokenMismatchException;
} }
......
app/Http/Filters/GuestFilter.php deleted 100644 → 0
View file @ 4e5a1517
<?php namespace App\Http\Filters;
use Auth, Redirect;
class GuestFilter {
/**
* Run the request filter.
*
* @return mixed
*/
public function filter()
{
if (Auth::check())
{
return Redirect::to('/');
}
}
}
\ No newline at end of file
app/Http/Filters/MaintenanceFilter.php
View file @ 34ee58ac
<?php namespace App\Http\Filters; <?php namespace App\Http\Filters;
use App, Response; use Illuminate\Contracts\Foundation\Application;
use Illuminate\Contracts\Routing\ResponseFactory;
class MaintenanceFilter { class MaintenanceFilter {
/**
* The application implementation.
*
* @var Application
*/
protected $app;
/**
* The response factory implementation.
*
* @var ResponseFactory
*/
protected $response;
/**
* Create a new filter instance.
*
* @param Application $app
* @return void
*/
public function __construct(Application $app, ResponseFactory $response)
{
$this->app = $app;
$this->response = $response;
}
/** /**
* Run the request filter. * Run the request filter.
* *
...@@ -11,9 +38,9 @@ class MaintenanceFilter { ...@@ -11,9 +38,9 @@ class MaintenanceFilter {
*/ */
public function filter() public function filter()
{ {
if (App::isDownForMaintenance()) if ($this->app->isDownForMaintenance())
{ {
return Response::make('Be right back!'); return $this->response->make('Be right back!', 503);
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment