/**
* Store a newly created resource in storage.
*
* @param CreateMessageRequest $request
* @return Response
*/
public function store(CreateMessageRequest $request)
{
$message = new Message();
$message->fill($request->all());
$message->save();
Flash::info(trans('messages.message_sent_successfully'));
return redirect()->back();
}
public function store(CreateMessageRequest $request)
{
$input = $request->all();
//vulnerability #6 markdown vulnerable to XSS
$message = new Message($input);
Auth::user()->messages()->save($message);
\Session::flash('flash_message', 'Your message has been posted!');
return redirect('messages');
}
public function store(CreateMessageRequest $request)
{
$input = $request->all();
$input['body'] = \Purifier::clean($input['body']);
$input['body'] = \Html::entities($input['body']);
$message = new Message($input);
Auth::user()->messages()->save($message);
\Session::flash('flash_message', 'Your message has been posted!');
return redirect('messages');
}
/**
* @param CreateMessageRequest $request
*
* @return mixed
* @throws ReceiverNotFoundException
* @throws SenderNotFoundException
*/
public function createMessage(CreateMessageRequest $request)
{
$sender = User::find($request->get('sender')['id']);
if (!$sender) {
throw new SenderNotFoundException('messages_sender_not_found');
}
$receiver = User::find($request->get('receiver')['id']);
if (!$receiver) {
throw new ReceiverNotFoundException('messages_receiver_not_found');
}
$message = Message::create($request->only(['subject', 'body']));
$message->sender()->associate($sender);
$message->receiver()->associate($receiver);
$message->save();
return $this->respondSuccess('Message sent!', ['message' => Fractal::item($message, new MessageTransformer())->getArray()]);
}
