Login

***kenjis*** · 11-17-2022, 05:26 PM

I created another controller. I added the validation for id.
But it is still vulnerable.

https://github.com/kenjis/ci4-model-upda...#L101-L123

PHP Code:
    public function update()
    {
        $id = $this->request->getPost('id');

        // Adds validation rule for id.
        $rules = array_merge($this->rules, ['id' => 'required|is_natural_no_zero']);

        if ($this->validate($rules)) {
            $title = $this->request->getVar('title');
            $slug  = url_title($title, '-', true);

            $data = [
                'title' => $title,
                'slug'  => $slug,
                'body'  => $this->request->getVar('body'),
            ];
            $this->model->update($id, $data);

            return $this->response->redirect(site_url('news3/' . $slug));
        }

        return $this->edit($id);
    } 

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper