Login

***kenjis*** · 11-15-2022, 10:45 PM

Okay, I wrote another controller. You cannot set $id to null. But it is still vulnerable.

https://github.com/kenjis/ci4-model-upda...#L103-L123

PHP Code:
public function postUpdate($id = false)
{
    if ($this->validate([
        'title' => 'required|min_length[3]|max_length[255]',
        'body'  => 'required',
    ])) {
        $title = $this->request->getVar('title');
        $slug  = url_title($title, '-', true);

        $data = [
            'title' => $title,
            'slug'  => $slug,
            'body'  => $this->request->getVar('body'),
        ];
        $this->model->update($id, $data);

        return $this->response->redirect(site_url('news2/view/' . $slug));
    }

    return $this->getEdit($id);
} 

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper