laravel的验证类有致命漏洞
public function post_beautyadd(Request $request){
//检查一下邀请码
$invite_uid = inviteCode_to_id($request->input('invite'));
if($Invite = Beauty::where(['id' => $invite_uid])->first()){
$invite_uid = $Invite->id;
}else{
$invite_uid = '';
}
$input = $request->except('_token');
$input['ip'] = ip2long($request->getClientIp());
$input['birthday'] = strtotime($input['birthday']);
$rules = array(
'nickname' => 'required|unique:cdb_beauty',
'mobile' => 'required|unique:cdb_beauty',
'tag' => 'required',
'age' => 'required',
'height' => 'required',
'bust' => 'required',
'waist' => 'required',
'hip' => 'required',
'voice_gold' => 'required|min:1|integer',
'voice_gold_privatevip' => 'required|min:1|integer',
'voice_gold_svip' => 'required|min:1|integer',
'video_gold' => 'required|min:1|integer',
'video_gold_privatevip' => 'required|min:1|integer',
'video_gold_svip' => 'required|min:1|integer',
);
$messages = array(
'required' => '不能为空',
'unique' => '不能重复',
'min' => '至少为 :min',
'integer' => '必须是整数',
);
$validator = Validator::make($input, $rules, $messages);
if ($validator->fails())
return ['status' => false, 'info' => $validator->errors()];
list($status, $result) = Beauty::store($input);
if($invite_uid)
BeautyMedal::domedal($invite_uid, 2, ['invited_beauty_uid' => $result->id]);
if($status)
return ['status' => true, 'url' => '/content/beauty/beautylist?nickname=' . $result->nickname];
else
return ['status' => false, 'info' => ['错误信息' => '请联系系统管理员']];
}
这是我的代码。正常情况呢,都能正常使用,但是,就特么一次,我们的后台人员添加一条信息的时候,他说他可能重复请求太多了。但是呢,出现了添加2条完全一样的信息,但是问题nickname是做了唯一验证的,这就问题大了,就是说。我们不能完全相信 vlidator 这个类的验证方法,最好还是自己写后台验证判断吧加粗文字
//检查一下邀请码
$invite_uid = inviteCode_to_id($request->input('invite'));
if($Invite = Beauty::where(['id' => $invite_uid])->first()){
$invite_uid = $Invite->id;
}else{
$invite_uid = '';
}
$input = $request->except('_token');
$input['ip'] = ip2long($request->getClientIp());
$input['birthday'] = strtotime($input['birthday']);
$rules = array(
'nickname' => 'required|unique:cdb_beauty',
'mobile' => 'required|unique:cdb_beauty',
'tag' => 'required',
'age' => 'required',
'height' => 'required',
'bust' => 'required',
'waist' => 'required',
'hip' => 'required',
'voice_gold' => 'required|min:1|integer',
'voice_gold_privatevip' => 'required|min:1|integer',
'voice_gold_svip' => 'required|min:1|integer',
'video_gold' => 'required|min:1|integer',
'video_gold_privatevip' => 'required|min:1|integer',
'video_gold_svip' => 'required|min:1|integer',
);
$messages = array(
'required' => '不能为空',
'unique' => '不能重复',
'min' => '至少为 :min',
'integer' => '必须是整数',
);
$validator = Validator::make($input, $rules, $messages);
if ($validator->fails())
return ['status' => false, 'info' => $validator->errors()];
list($status, $result) = Beauty::store($input);
if($invite_uid)
BeautyMedal::domedal($invite_uid, 2, ['invited_beauty_uid' => $result->id]);
if($status)
return ['status' => true, 'url' => '/content/beauty/beautylist?nickname=' . $result->nickname];
else
return ['status' => false, 'info' => ['错误信息' => '请联系系统管理员']];
}
这是我的代码。正常情况呢,都能正常使用,但是,就特么一次,我们的后台人员添加一条信息的时候,他说他可能重复请求太多了。但是呢,出现了添加2条完全一样的信息,但是问题nickname是做了唯一验证的,这就问题大了,就是说。我们不能完全相信 vlidator 这个类的验证方法,最好还是自己写后台验证判断吧加粗文字
4 个回复
双子星 - Laravel群:9783891
赞同来自:
[已注销]
赞同来自:
小陆
赞同来自:
易大师
赞同来自: