Saneación de datos. Propuesta.#1
Open
AlbertoVargasMoreno wants to merge 22 commits intohviveros:mainfrom
Open
Conversation
- Add database.ini file - Load credentials from ini file in Database connection - Ignore ini file to avoid commiting credentials - Ignore auto-generated files like .vscode
In order to prevent XSS vulnerabilities. - In index.php, escape product description before outputting - In show.php, escape product descritption and category before outputting - Use ENT_QUOTES flag to handle both single and double quotes
- Updates ProductController to sanitize input data for store method - This enhaces security by preventing potential cross-site scripting (XSS) vulneravbilities.
Revert "Improve security in product views by escaping output" This reverts commit 351337a. - Do escaping in ProductController rather than views - Centralize escaping in controller being a security best practice
No functional changes, just minor formatting for better readability: - Add line breaks and identation to split long link list
- Remove escaping logic from home.php view - Follow security best practice of escaping late in the workflow rather than views - In UserController, escape name and email with htmlspecialchars() before setting session
Enhace security and code quality in multiple areas, through output escaping and input sanitization: - Escape output in ProductController to prevent XSS vulnerabilities - Escape user data to prevent XSS - Sanitize user input on product create/update to prevent injection - Minor format refactors for better readability - Improve documentation for developers
- Provide step-by-step database setup instructions - Expands documentation covering additional prerequisites - Update installation steps to reflect changes >>Sat 20 Apr 16:16
- Guide developers on seeing scenarios of potential code injection vulnerabilities - Show example of potential code injection - Show how output escaping can prevent XSS
- Create base.css with foundational styles for typography and layout - Add card.css for reusable card component styles - Implement form.css with styles for form elements
- Improve products index page structure and styling - Add 'Create New Product' button with improved positioning - Update navigation links for consistent user experience
- Use $_SERVER['HTTP_HOST'] to create flexible asset links
- Adjust button positioning in index.css - Restructure product index page - Implement consistent navigation with "Home" link on both pages
- Move "Back" link to top of pages - Enhance user experience with consistent navigation placement
- Include references to normalize.slim.css and normalize.css - Update todo list
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hola Humbeto,
Mi nombre es Alberto y estoy aprendiendo a programar en PHP. Busco oportunidades para poner en práctica lo aprendido a través de contribuciones open source.
Entre los proyectos de estudiantes de Platzi, encontré tu proyecto y me pareció excelente para contribuir. Es un proyecto muy bien organizado.
Noté algunas mejoras pendientes, como agregar estilos CSS y validación de datos. Trabajé en esas funcionalidades y me gustaría proponer estos cambios.
Revísalos cuando tengas tiempo. Estaré encantado de hacer cualquier ajuste necesario. Mi intención es aprender más sobre el flujo de contribución en GitHub y ayudarte a mejorar tu proyecto.
¡Desde ya, muchas gracias por dedicar tu tiempo a leer mi solicitud y por tu respuesta, incluso si es negativa 😂!