akaunting / laravel-firewall

Web Application Firewall (WAF) package for Laravel
https://akaunting.com
MIT License
942 stars 106 forks source link

Rfi Middleware not working correctly #62

Closed SlawomirLech95 closed 1 year ago

SlawomirLech95 commented 1 year ago

Hello, I found two bugs in "Rfi Middleware":

  1. If the last input in request is url (Always $result is true),
  2. The code bellow, also not checks urls because always method checkContent get "true", method checkContent should check items from matched items from the third parameter of preg_match function
    
    if (!$result = preg_match($pattern, $this->applyExceptions($value))) {
    continue;
    }

if (!$this->checkContent($result)) { continue; }



"preg_match() returns 1 if the pattern matches given subject, 0 if it does not, or false on failure."
denisdulici commented 1 year ago

Feel free to send a PR, and I'd be more than happy to review and merge it.