Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Łukasz Chruściel lchrusciel

🎯
Focusing
View GitHub Profile
@lchrusciel
lchrusciel / Sorter.php
Created Mar 15, 2022
DQL injection through sorting parameters security bug fix
View Sorter.php
<?php
// src/App/Sorting/Sorter.php
declare(strict_types=1);
namespace App\Sorting;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Sylius\Component\Grid\Data\DataSourceInterface;
@lchrusciel
lchrusciel / ResetPasswordHandler.php
Last active Mar 16, 2022
Reset password token not set to null after reset password security bug fix
View ResetPasswordHandler.php
<?php
// src/CommandHandler/Account/ResetPasswordHandler.php
declare(strict_types=1);
namespace App\CommandHandler\Account;
use Sylius\Bundle\ApiBundle\Command\Account\ResetPassword;
use Sylius\Component\Core\Model\ShopUserInterface;
@lchrusciel
lchrusciel / CacheControlSubscriber.php
Last active Mar 15, 2022
Exposure of sensitive information by using the back button after logging out security bug fix
View CacheControlSubscriber.php
<?php
// src/EventListener/CacheControlSubscriber.php
declare(strict_types=1);
namespace App\EventListener;
use App\SectionResolver\ShopCustomerAccountSubSection;
use Sylius\Bundle\AdminBundle\SectionResolver\AdminSection;
@lchrusciel
lchrusciel / XFrameOptionsSubscriber.php
Created Mar 15, 2022
Missing HTTP headers to avoid login forms clickjacking security bug fix
View XFrameOptionsSubscriber.php
<?php
// src/EventListener/XFrameOptionsSubscriber.php
namespace App\EventListener
final class XFrameOptionsSubscriber implements EventSubscriberInterface
{
public static function getSubscribedEvents(): array
{
@lchrusciel
lchrusciel / ImageUploader.php
Created Mar 15, 2022
SVG sanitizer security bug fix
View ImageUploader.php
<?php
// src/Uploader/ImageUploader.php
declare(strict_types=1);
namespace App\Uploader;
use enshrined\svgSanitize\Sanitizer;
use Gaufrette\Filesystem;
View Sample ProductBundle class
// src/AppBundle/Entity/ProductBundle.php
<?php
declare(strict_types=1);
namespace AppBundle\Entity;
use Sylius\Component\Resource\Model\ResourceInterface;
class ProductBundle implements ResourceInterface
@lchrusciel
lchrusciel / specification.tpl
Created Jul 16, 2015
Specification template for phpspec. Put this file into .phpspec directory in a root of your project.
View specification.tpl
<?php
namespace %namespace%;
use PhpSpec\ObjectBehavior;
/**
* @author Łukasz Chruściel <lukasz.chrusciel@lakion.com>
*/
class %name% extends ObjectBehavior
@lchrusciel
lchrusciel / method.tpl
Created Jul 16, 2015
Method template for phpspec. Put this file into .phpspec directory in a root of your project.
View method.tpl
/**
* @param
*
* @return
*/
public function %name%(%arguments%)
{
// TODO: write logic here
}
@lchrusciel
lchrusciel / class.tpl
Last active Aug 29, 2015
Class template for phpspec. Put this file into .phpspec directory in a root of your project.
View class.tpl
<?php
namespace %namespace%;
/**
* @author Łukasz Chruściel <lukasz.chrusciel@lakion.com>
*/
class %name%
{
}