Security fix for customer information and fixed issue #762

This commit is contained in:
Prashant Singh 2019-03-30 18:55:10 +05:30
parent 8af43eb5cc
commit 1d372621ce
3 changed files with 37 additions and 9 deletions

View File

@ -70,7 +70,7 @@ class AddressController extends Controller
public function store()
{
request()->merge(['address1' => implode(PHP_EOL, array_filter(request()->input('address1')))]);
$data = collect(request()->input())->except('_token')->toArray();
$this->validate(request(), [
@ -107,9 +107,15 @@ class AddressController extends Controller
*/
public function edit($id)
{
$address = $this->address->find($id);
$addresses = $this->customer->addresses;
return view($this->_config['view'], compact('address'));
foreach($addresses as $address) {
if($id == $address->id) {
return view($this->_config['view'], compact('address'));
}
}
return redirect()->route('customer.address.index');
}
/**
@ -133,9 +139,19 @@ class AddressController extends Controller
$data = collect(request()->input())->except('_token')->toArray();
$this->address->update($data, $id);
$addresses = $this->customer->addresses;
session()->flash('success', trans('shop::app.customer.account.address.edit.success'));
foreach($addresses as $address) {
if($id == $address->id) {
session()->flash('success', trans('shop::app.customer.account.address.edit.success'));
$this->address->update($data, $id);
return redirect()->route('customer.address.index');
}
}
session()->flash('success', trans('shop::app.security-warning'));
return redirect()->route('customer.address.index');
}
@ -169,10 +185,16 @@ class AddressController extends Controller
*/
public function destroy($id)
{
$this->address->delete($id);
if (request()->is('customer/*') || request()->is('admin/*')) {
$this->address->delete($id);
session()->flash('success', trans('shop::app.customer.account.address.delete.success'));
session()->flash('success', trans('shop::app.customer.account.address.delete.success'));
return redirect()->back();
return redirect()->back();
} else {
session()->flash('warning', trans('shop::app.security-warning'));
return redirect()->route('customer.address.index');
}
}
}

View File

@ -34,6 +34,7 @@ class OrderDataGrid extends DataGrid
'type' => 'number',
'searchable' => false,
'sortable' => true,
'filterable' => true
]);
$this->addColumn([
@ -42,6 +43,7 @@ class OrderDataGrid extends DataGrid
'type' => 'datetime',
'searchable' => true,
'sortable' => true,
'filterable' => true
]);
$this->addColumn([
@ -50,6 +52,7 @@ class OrderDataGrid extends DataGrid
'type' => 'price',
'searchable' => true,
'sortable' => true,
'filterable' => true
]);
$this->addColumn([
@ -74,7 +77,8 @@ class OrderDataGrid extends DataGrid
return '<span class="badge badge-md badge-warning">Pending Payment</span>';
else if ($value->status == "fraud")
return '<span class="badge badge-md badge-danger">Fraud</span>';
}
},
'filterable' => true
]);
}

View File

@ -1,6 +1,8 @@
<?php
return [
'security-warning' => 'Suspicious Activity Found!!!',
'layouts' => [
'my-account' => 'My Account',
'profile' => 'Profile',