Fix for sql injection vulnerabilities

laravelwebdev · laravelwebdev · commit 30869007666d · 2025-02-19T07:33:18.000+08:00
--- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/laravelwebdev/simpede?shareId=XXXX-XXXX-XXXX-XXXX).
diff --git a/app/Helpers/Api.php b/app/Helpers/Api.php
@@ -15,9 +15,9 @@ public static function getSentryUnreolvedIssues()
 
         $client = new Client;
         try {
-            $response = $client->request('GET', "https://sentry.io/api/0/projects/$organization/$project/issues/", [
+            $response = $client->request('GET', 'https://sentry.io/api/0/projects/{organization}/{project}/issues/', [
                 'headers' => [
-                    'Authorization' => "Bearer $token",
+                    'Authorization' => "Bearer {token}",
                 ],
                 'query' => [
                     'query' => 'is:unresolved',
@@ -34,11 +34,11 @@ public static function getComposerOutdatedPackages($flag = '--no-dev')
     {
         $composer = config('app.composer');
         $home = config('app.composer_home');
-        $process = Process::fromShellCommandline("$composer outdated $flag -f json", base_path(), ['COMPOSER_HOME' => $home]);
+        $process = Process::fromShellCommandline('{composer} outdated {flag} -f json', base_path(), ['COMPOSER_HOME' => '{home}']);
         $process->run();
         $value = $process->getOutput();
         $data = json_decode($value, true);
-        $process = Process::fromShellCommandline("$composer clear-cache", base_path(), ['COMPOSER_HOME' => $home]);
+        $process = Process::fromShellCommandline('{composer} clear-cache', base_path(), ['COMPOSER_HOME' => '{home}']);
         $process->run();
 
         return $data['installed'] ?? [];
diff --git a/routes/web.php b/routes/web.php
@@ -19,11 +19,15 @@
     ->prefix(Nova::path())
     ->group(function () {
         Route::get('/arsip-dokumen/{token}', [ArsipController::class, 'perDetail'])
-            ->name('arsip-per-detail');
+            ->name('arsip-per-detail')
+            ->where('token', '[A-Za-z0-9]+');
         Route::get('/arsip-dokumen/{token}/coa/{coa}', [ArsipController::class, 'perKak'])
-            ->name('arsip-per-kak');
+            ->name('arsip-per-kak')
+            ->where(['token' => '[A-Za-z0-9]+', 'coa' => '[0-9]+']);
         Route::get('/arsip-dokumen/{token}/kak/{kak}', [ArsipController::class, 'daftarFile'])
-            ->name('daftar-file');
+            ->name('daftar-file')
+            ->where(['token' => '[A-Za-z0-9]+', 'kak' => '[0-9]+']);
         Route::get('/download-folder/{token}/kak/{kak}', [ArsipController::class, 'downloadFolder'])
-            ->name('download-folder');
+            ->name('download-folder')
+            ->where(['token' => '[A-Za-z0-9]+', 'kak' => '[0-9]+']);
     });
