Why i can send parameters on post route with query parameters?

|
themanojyadav 2021-12-14 13:22:09
Hey guys.
I am getting error while implementing payment gateway in laravel 8.
I implemented payu.
But user is getting logged out after coming from payment gateway. How to solve this ?
Edifice_Solutions 2021-12-14 13:32:53
I have want to use laravel schedule,,, but,, ->weeklyOn(1, ‘8:00’); I have column in that database,,, inside of on,, I want to use weeklyOn($monday,) which represent want,, and $tuesday,, which represent 2,, how can I achieve this,,pls
Edifice_Solutions 2021-12-14 13:48:56
I really need expert that can use schedule interval dynamically
Edifice_Solutions 2021-12-14 13:49:15
instead of hard coding the it
Edifice_Solutions 2021-12-14 13:52:17
protected function schedule(Schedule $schedule)
{
// Get all tasks from the database
$tasks = Task::all();

// Go through each task to dynamically set them up.
foreach ($tasks as $task) {
// Use the scheduler to add the task at its desired frequency
$schedule->call(function() use($task) {
// Run your task here
$task->execute();
})->cron($task->frequency);
}
}

Edifice_Solutions 2021-12-14 14:08:24
What I want to achieve but not getting it
rijisoft 2021-12-14 14:21:48
Hi
today i faced with an strange in laravel post request

i write an api for regiter

route :

Route::post(‘/phone’, ‘API\UserPhoneRegisterController@registerUser’)->middleware([‘throttle:10’]);

controller :
public function registerUser(Request $r)
{

$this->validate($r, [
‘phone’ => ‘required’,
‘password’ => [
……..
…`

I want to ignore sending parameters with query string
in postman

post : {{app_url}}/register?phone=098988051682&password=12312345&password_confirmation=12312345B@a

this request work

but i want to can not use query string to send data

🙏🏻✅

Sysome 2021-12-14 14:53:45
excuse me brother, do you have slide for Microsoft Access 2016 Programming? Please kindly share me. thanks.
Edifice_Solutions 2021-12-14 14:59:17
laravel_discuss-102126.jpg
I need and expert that knows how to use laravel scheduler and commads well, I want to achienve something like this,,,
2021-12-14 15:01:14
Edifice_Solutions 2021-12-14 14:59:17
I need and expert that knows how to use laravel scheduler and commads well, I want to achienve something like this,,,

You’ll still need to setup a cron in your server to run php artisan schedule:run every second for this to work

Edifice_Solutions 2021-12-14 15:02:56
2021-12-14 15:01:14
You’ll still need to setup a cron in your server to run php artisan schedule:run every second for this to work

i mean dynamically,, ,instead on doing weeklyOn(1, ‘800am) i want to do something like weeklyOn($first, ‘800)

rijisoft 2021-12-14 15:10:47
rijisoft 2021-12-14 14:21:48
Hi
today i faced with an strange in laravel post request

i write an api for regiter

route :

Route::post(‘/phone’, ‘API\UserPhoneRegisterController@registerUser’)->middleware([‘throttle:10’]);

controller :
public function registerUser(Request $r)
{

$this->validate($r, [
‘phone’ => ‘required’,
‘password’ => [
……..
…`

I want to ignore sending parameters with query string
in postman

post : {{app_url}}/register?phone=098988051682&password=12312345&password_confirmation=12312345B@a

this request work

but i want to can not use query string to send data

🙏🏻✅

anyone can help me 🙏🏻

themanojyadav 2021-12-14 15:17:22
rijisoft 2021-12-14 14:21:48
Hi
today i faced with an strange in laravel post request

i write an api for regiter

route :

Route::post(‘/phone’, ‘API\UserPhoneRegisterController@registerUser’)->middleware([‘throttle:10’]);

controller :
public function registerUser(Request $r)
{

$this->validate($r, [
‘phone’ => ‘required’,
‘password’ => [
……..
…`

I want to ignore sending parameters with query string
in postman

post : {{app_url}}/register?phone=098988051682&password=12312345&password_confirmation=12312345B@a

this request work

but i want to can not use query string to send data

🙏🏻✅

Use body and request type to post. Then it will send data without query string

Sunny Thakur 2021-12-14 15:19:12
rijisoft 2021-12-14 14:21:48
Hi
today i faced with an strange in laravel post request

i write an api for regiter

route :

Route::post(‘/phone’, ‘API\UserPhoneRegisterController@registerUser’)->middleware([‘throttle:10’]);

controller :
public function registerUser(Request $r)
{

$this->validate($r, [
‘phone’ => ‘required’,
‘password’ => [
……..
…`

I want to ignore sending parameters with query string
in postman

post : {{app_url}}/register?phone=098988051682&password=12312345&password_confirmation=12312345B@a

this request work

but i want to can not use query string to send data

🙏🏻✅

Use post method

NanoCellMusic 2021-12-14 19:22:06
Edifice_Solutions 2021-12-14 14:59:17
I need and expert that knows how to use laravel scheduler and commads well, I want to achienve something like this,,,

use a switch statement instead of if statment, you need to set a cron to run artisan schedule:run refer to the docs please

rijisoft 2021-12-14 19:47:19
themanojyadav 2021-12-14 15:17:22
Use body and request type to post. Then it will send data without query string

I know that
my question is how to prevent this request dosen’t work in laravel ( I mean sending parameters in query parameters on post request )

rijisoft 2021-12-14 19:50:14
laravel_discuss-102138.jpg
See this picture
method is post
some parameters in query
other in body

and work

i want to client force sending parameters in body

rijisoft 2021-12-14 19:51:59
rijisoft 2021-12-14 19:50:14
See this picture
method is post
some parameters in query
other in body

and work

i want to client force sending parameters in body

and my question is why laravel works in this way
It’s ok?
No security problem ? can send post parameters in query string? and why/?!!!!!

Lolmanian 2021-12-14 19:53:14
rijisoft 2021-12-14 19:51:59
and my question is why laravel works in this way
It’s ok?
No security problem ? can send post parameters in query string? and why/?!!!!!

Check your method. You’re not using post

rijisoft 2021-12-14 19:58:02
Lolmanian 2021-12-14 19:53:14
Check your method. You’re not using post

laravel_discuss-102141.jpg
this is my route

Lolmanian 2021-12-14 20:02:07
rijisoft 2021-12-14 19:58:02
this is my route

Oh, just saw the earlier picture. You have nothing to worry about. That’s just the way postman shows parameters( GET and POST).

It’s not a laravel problem and definitely not a security issue

eipekco 2021-12-14 20:02:21
Hello guys, im running docker service in Ubuntu os. But when im going to url :

Menumaker.local

I have 404 not found error

Why?

I add this url in hosts file.

themanojyadav 2021-12-14 20:06:12
rijisoft 2021-12-14 19:50:14
See this picture
method is post
some parameters in query
other in body

and work

i want to client force sending parameters in body

Get all query params in your controller. And check if count of query param is greater than 0 then reject the request.
I guess you want this.

rijisoft 2021-12-14 20:07:21
Lolmanian 2021-12-14 20:02:07
Oh, just saw the earlier picture. You have nothing to worry about. That’s just the way postman shows parameters( GET and POST).

It’s not a laravel problem and definitely not a security issue

why i can send parameters on post route with query parameters ? 4

rijisoft 2021-12-14 20:07:37
this is my question
themanojyadav 2021-12-14 20:08:27
rijisoft 2021-12-14 20:07:21
why i can send parameters on post route with query parameters ? 4

Because it is consider as a url.

themanojyadav 2021-12-14 20:09:03
rijisoft 2021-12-14 20:07:21
why i can send parameters on post route with query parameters ? 4

It is actually a url. But you can manually restrict this.

rijisoft 2021-12-14 20:09:20
themanojyadav 2021-12-14 20:08:27
Because it is consider as a url.

public function handle($request, Closure $next)
{
if($request->isMethod(‘post’)){
$request->query->replace([]);
}
return $next($request);
}

rijisoft 2021-12-14 20:09:40
rijisoft 2021-12-14 20:09:20
public function handle($request, Closure $next)
{
if($request->isMethod(‘post’)){
$request->query->replace([]);
}
return $next($request);
}

i write this Middleware for it
it’s okay?

rijisoft 2021-12-14 20:11:01
themanojyadav 2021-12-14 20:08:27
Because it is consider as a url.

Our security manager says if client can send post parameters apis in query , it’s easly to sniffing

themanojyadav 2021-12-14 20:11:48
rijisoft 2021-12-14 20:09:20
public function handle($request, Closure $next)
{
if($request->isMethod(‘post’)){
$request->query->replace([]);
}
return $next($request);
}

I guess it will replace the query param array to null. It is good.
But if you want to do this. You don’t need to do this because im your controller you are never getting values from param. Instead get values from post.

rijisoft 2021-12-14 20:12:58
themanojyadav 2021-12-14 20:11:48
I guess it will replace the query param array to null. It is good.
But if you want to do this. You don’t need to do this because im your controller you are never getting values from param. Instead get values from post.

I test it
dd($request->password , $request->get(‘passowrd’) , $request->input(‘password’)) ;
all of them print password

themanojyadav 2021-12-14 20:13:18
rijisoft 2021-12-14 20:11:01
Our security manager says if client can send post parameters apis in query , it’s easly to sniffing

For security, you can reject the request. Suppose if someone wants to attack then just reject that type of request.
Allow genuine user only

rijisoft 2021-12-14 20:13:49
themanojyadav 2021-12-14 20:11:48
I guess it will replace the query param array to null. It is good.
But if you want to do this. You don’t need to do this because im your controller you are never getting values from param. Instead get values from post.

only $request->post(‘password’) return null

rijisoft 2021-12-14 20:14:41
themanojyadav 2021-12-14 20:13:18
For security, you can reject the request. Suppose if someone wants to attack then just reject that type of request.
Allow genuine user only

it’s a team project
I only write apis with laravel
maybe our frontend developer for some reason send paramters on query params
we want to ignore the query params in post api

|