Fix csrf issue for content update routes

changeweb · Aug 13, 2021 · f796452 · am0o0 · Aug 13, 2021 · changeweb
1 parent a6497ac
commit f796452
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 21 deletions.
diff --git a/app/Http/Controllers/CertificateController.php b/app/Http/Controllers/CertificateController.php
@@ -69,12 +69,12 @@ public function edit(Certificate $certificate)
     /**
      * Update the specified resource in storage.
      *
-     * @param  int  $id
+     * @param  Request $request
      * @return \Illuminate\Http\Response
      */
-    public function update($id)
+    public function update(Request $request)
     {
-        $tb = Certificate::find($id);
+        $tb = Certificate::find($request->id);
         $tb->active = 0;
         $tb->save();
         return back()->with('status',__('File removed'));

diff --git a/app/Http/Controllers/EventController.php b/app/Http/Controllers/EventController.php
@@ -73,12 +73,12 @@ public function edit($id)
      * Update the specified resource in storage.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @param  int  $id
+     * @param  Request $request
      * @return \Illuminate\Http\Response
      */
-    public function update($id)
+    public function update(Request $request)
     {
-      $tb = Event::find($id);
+      $tb = Event::find($request->id);
       $tb->active = 0;
       $tb->save();
       return back()->with('status','File removed');

diff --git a/app/Http/Controllers/NoticeController.php b/app/Http/Controllers/NoticeController.php
@@ -72,12 +72,12 @@ public function edit($id)
     /**
      * Update the specified resource in storage.
      *
-     * @param  int  $id
+     * @param  Request $request
      * @return \Illuminate\Http\Response
      */
-    public function update($id)
+    public function update(Request $request)
     {
-      $tb = Notice::find($id);
+      $tb = Notice::find($request->id);
       $tb->active = 0;
       $tb->save();
       return back()->with('status',__('File removed'));

diff --git a/app/Http/Controllers/RoutineController.php b/app/Http/Controllers/RoutineController.php
@@ -120,12 +120,12 @@ public function edit($id)
      * Update the specified resource in storage.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @param  int  $id
+     * @param  Request $request
      * @return \Illuminate\Http\Response
      */
-    public function update($id)
+    public function update(Request $request)
     {
-      $tb = Routine::find($id);
+      $tb = Routine::find($request->id);
       $tb->active = 0;
       $tb->save();
       return back()->with('status',__('File removed'));

diff --git a/app/Http/Controllers/SyllabusController.php b/app/Http/Controllers/SyllabusController.php
@@ -95,12 +95,12 @@ public function edit($id)
      * Update the specified resource in storage.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @param  int  $id
+     * @param  Request $request
      * @return \Illuminate\Http\Response
      */
-    public function update($id)
+    public function update(Request $request)
     {
-      $tb = Syllabus::find($id);
+      $tb = Syllabus::find($request->id);
       $tb->active = 0;
       $tb->save();
       return back()->with('status',__('File removed'));

diff --git a/resources/views/components/uploaded-files-list.blade.php b/resources/views/components/uploaded-files-list.blade.php
@@ -34,7 +34,13 @@
         @endif
         <td>{{($file->active === 1)?'Yes':'No'}}</td>
         <td>
-          <a href="{{url('academic/remove/'.$upload_type.'/'.$file->id)}}" class="btn btn-danger btn-sm" role="button"><i class="material-icons">delete</i> @lang('Remove')</a>
+          <a href="{{url('academic/remove/'.$upload_type)}}" onclick="event.preventDefault();
+            document.getElementById('remove-file-'+{{$file->id}}).submit();" class="btn btn-danger btn-sm" role="button"><i class="material-icons">delete</i> @lang('Remove')</a>
+
+          <form id="remove-file-{{$file->id}}" action="{{url('academic/remove/'.$upload_type)}}" method="POST" style="display: none;">
+            {{ csrf_field() }}
+            <input type="hidden" name="id" value="{{$file->id}}">
+          </form>
         </td>
       </tr>
       @endforeach

diff --git a/routes/web.php b/routes/web.php
@@ -100,11 +100,11 @@
     Route::get('routine', 'RoutineController@index');
     Route::get('routine/{section_id}', 'RoutineController@create');
     Route::prefix('remove')->name('remove.')->group(function () {
-        Route::get('syllabus/{id}', 'SyllabusController@update');
-        Route::get('notice/{id}', 'NoticeController@update');
-        Route::get('event/{id}', 'EventController@update');
-        Route::get('certificate/{id}', 'CertificateController@update');
-        Route::get('routine/{id}', 'RoutineController@update');
+        Route::get('syllabus', 'SyllabusController@update');
+        Route::get('notice', 'NoticeController@update');
+        Route::post('event', 'EventController@update');
+        Route::get('certificate', 'CertificateController@update');
+        Route::get('routine', 'RoutineController@update');
     });
 });