/** * Store a newly created resource in storage. * * @param CreateMessageRequest $request * @return Response */ public function store(CreateMessageRequest $request) { $message = new Message(); $message->fill($request->all()); $message->save(); Flash::info(trans('messages.message_sent_successfully')); return redirect()->back(); }
public function store(CreateMessageRequest $request) { $input = $request->all(); //vulnerability #6 markdown vulnerable to XSS $message = new Message($input); Auth::user()->messages()->save($message); \Session::flash('flash_message', 'Your message has been posted!'); return redirect('messages'); }
public function store(CreateMessageRequest $request) { $input = $request->all(); $input['body'] = \Purifier::clean($input['body']); $input['body'] = \Html::entities($input['body']); $message = new Message($input); Auth::user()->messages()->save($message); \Session::flash('flash_message', 'Your message has been posted!'); return redirect('messages'); }
/** * @param CreateMessageRequest $request * * @return mixed * @throws ReceiverNotFoundException * @throws SenderNotFoundException */ public function createMessage(CreateMessageRequest $request) { $sender = User::find($request->get('sender')['id']); if (!$sender) { throw new SenderNotFoundException('messages_sender_not_found'); } $receiver = User::find($request->get('receiver')['id']); if (!$receiver) { throw new ReceiverNotFoundException('messages_receiver_not_found'); } $message = Message::create($request->only(['subject', 'body'])); $message->sender()->associate($sender); $message->receiver()->associate($receiver); $message->save(); return $this->respondSuccess('Message sent!', ['message' => Fractal::item($message, new MessageTransformer())->getArray()]); }