From 30869007666d553b0c890ac09a8c137078da2587 Mon Sep 17 00:00:00 2001
From: Laravelwebdev <83898440+laravelwebdev@users.noreply.github.com>
Date: Wed, 19 Feb 2025 07:33:18 +0800
Subject: [PATCH] Fix for sql injection vulnerabilities

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/laravelwebdev/simpede?shareId=XXXX-XXXX-XXXX-XXXX).
---
 app/Helpers/Api.php |  8 ++++----
 routes/web.php      | 12 ++++++++----
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/app/Helpers/Api.php b/app/Helpers/Api.php
index 608924fc..d165e25a 100644
--- a/app/Helpers/Api.php
+++ b/app/Helpers/Api.php
@@ -15,9 +15,9 @@ public static function getSentryUnreolvedIssues()
 
         $client = new Client;
         try {
-            $response = $client->request('GET', "https://sentry.io/api/0/projects/$organization/$project/issues/", [
+            $response = $client->request('GET', 'https://sentry.io/api/0/projects/{organization}/{project}/issues/', [
                 'headers' => [
-                    'Authorization' => "Bearer $token",
+                    'Authorization' => "Bearer {token}",
                 ],
                 'query' => [
                     'query' => 'is:unresolved',
@@ -34,11 +34,11 @@ public static function getComposerOutdatedPackages($flag = '--no-dev')
     {
         $composer = config('app.composer');
         $home = config('app.composer_home');
-        $process = Process::fromShellCommandline("$composer outdated $flag -f json", base_path(), ['COMPOSER_HOME' => $home]);
+        $process = Process::fromShellCommandline('{composer} outdated {flag} -f json', base_path(), ['COMPOSER_HOME' => '{home}']);
         $process->run();
         $value = $process->getOutput();
         $data = json_decode($value, true);
-        $process = Process::fromShellCommandline("$composer clear-cache", base_path(), ['COMPOSER_HOME' => $home]);
+        $process = Process::fromShellCommandline('{composer} clear-cache', base_path(), ['COMPOSER_HOME' => '{home}']);
         $process->run();
 
         return $data['installed'] ?? [];
diff --git a/routes/web.php b/routes/web.php
index 0439a8e5..f9cd4955 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -19,11 +19,15 @@
     ->prefix(Nova::path())
     ->group(function () {
         Route::get('/arsip-dokumen/{token}', [ArsipController::class, 'perDetail'])
-            ->name('arsip-per-detail');
+            ->name('arsip-per-detail')
+            ->where('token', '[A-Za-z0-9]+');
         Route::get('/arsip-dokumen/{token}/coa/{coa}', [ArsipController::class, 'perKak'])
-            ->name('arsip-per-kak');
+            ->name('arsip-per-kak')
+            ->where(['token' => '[A-Za-z0-9]+', 'coa' => '[0-9]+']);
         Route::get('/arsip-dokumen/{token}/kak/{kak}', [ArsipController::class, 'daftarFile'])
-            ->name('daftar-file');
+            ->name('daftar-file')
+            ->where(['token' => '[A-Za-z0-9]+', 'kak' => '[0-9]+']);
         Route::get('/download-folder/{token}/kak/{kak}', [ArsipController::class, 'downloadFolder'])
-            ->name('download-folder');
+            ->name('download-folder')
+            ->where(['token' => '[A-Za-z0-9]+', 'kak' => '[0-9]+']);
     });