Redirect Security #4
Labels
enhancement
PRs that improve existing functionalities
Comments
|
I think that the best way is to have 2 different methods for that. |
|
A global If a user needs more control, they can use $this->response->redirect() explicitly. |
Sosko
added a commit
to Sosko/CodeIgniter4
that referenced
this issue
Sep 24, 2020
If thy table haven't primary key, and i pass $returnID = false, than the ci4 throw this error: ``` CRITICAL - 2020-09-24 00:47:00 --> pg_query(): Query failed: ERROR: lastval is not yet defined in this session #0 [internal function]: CodeIgniter\Debug\Exceptions->errorHandler(2, 'pg_query(): Que...', '/var/www/ci4/sy...', 196, Array) codeigniter4#1 /var/www/ci4/system/Database/Postgre/Connection.php(196): pg_query(Resource id codeigniter4#9, 'SELECT LASTVAL(...') codeigniter4#2 /var/www/ci4/system/Database/BaseConnection.php(741): CodeIgniter\Database\Postgre\Connection->execute('SELECT LASTVAL(...') codeigniter4#3 /var/www/ci4/system/Database/BaseConnection.php(669): CodeIgniter\Database\BaseConnection->simpleQuery('SELECT LASTVAL(...') codeigniter4#4 /var/www/ci4/system/Database/Postgre/Connection.php(519): CodeIgniter\Database\BaseConnection->query('SELECT LASTVAL(...') codeigniter4#5 /var/www/ci4/system/Model.php(887): CodeIgniter\Database\Postgre\Connection->insertID() codeigniter4#6 /var/www/ci4/app/Models/MyModel.php(46): CodeIgniter\Model->insert(Array, false) codeigniter4#7 /var/www/ci4/app/Controllers/MyController.php(113): App\Models\MyModel->new_connection('1', '1') codeigniter4#8 /var/www/ci4/app/Controllers/MyController.php(54): App\Controllers\MyController->do_create_connection() codeigniter4#9 /var/www/ci4/system/CodeIgniter.php(918): App\Controllers\MyController->create_connection() codeigniter4#10 /var/www/ci4/system/CodeIgniter.php(404): CodeIgniter\CodeIgniter->runController(Object(App\Controllers\MyController)) codeigniter4#11 /var/www/ci4/system/CodeIgniter.php(312): CodeIgniter\CodeIgniter->handleRequest(NULL, Object(Config\Cache), false) codeigniter4#12 /var/www/ci4/public/index.php(45): CodeIgniter\CodeIgniter->run() codeigniter4#13 {main} CRITICAL - 2020-09-24 00:47:00 --> Uncaught CodeIgniter\Format\Exceptions\FormatException: Failed to parse json string, error: "Type is not supported". in /var/www/ci4/system/Format/Exceptions/FormatException.php:9 Stack trace: #0 /var/www/ci4/system/Format/JSONFormatter.php(71): CodeIgniter\Format\Exceptions\FormatException::forInvalidJSON('Type is not sup...') codeigniter4#1 /var/www/ci4/system/API/ResponseTrait.php(414): CodeIgniter\Format\JSONFormatter->format(Array) codeigniter4#2 /var/www/ci4/system/API/ResponseTrait.php(134): CodeIgniter\Debug\Exceptions->format(Array) codeigniter4#3 /var/www/ci4/system/Debug/Exceptions.php(168): CodeIgniter\Debug\Exceptions->respond(Array, 500) codeigniter4#4 [internal function]: CodeIgniter\Debug\Exceptions->exceptionHandler(Object(ErrorException)) codeigniter4#5 {main} thrown #0 [internal function]: CodeIgniter\Debug\Exceptions->shutdownHandler() codeigniter4#1 {main} ``` This will skip to getting inserted ID
Closed
This was referenced Feb 24, 2022
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To help address Unvalidated Redirects and Forwards, the
redirect()method should be able to restrict the URL to only URL's that have been defined in the routes file.This should take effect by default, when the app is set to require all URL's to be routed.
It would be nice to have a way for it to be able to auto-detect a whitelist of URLs that can be used for this, but will need to be determined.
The text was updated successfully, but these errors were encountered: