tutorialsuz · sobirjonovs · Jan 13, 2025 · Jan 13, 2025 · Jan 13, 2025
diff --git a/app/Controllers/Controller.php b/app/Controllers/Controller.php
@@ -13,7 +13,7 @@ class Controller extends UrlManager
      */
     protected function dispatch(callable $callable, array $params)
     {
-        array_push($params['data'], request());
-        return call_user_func_array($callable, $params['data']);
+        $data = isset($params['data']) ? array_values($params['data']) : [];
+        return call_user_func_array($callable, $data);
     }
-}
+}
diff --git a/app/Controllers/HomeController.php b/app/Controllers/HomeController.php
@@ -31,11 +31,21 @@ public function create()
      */
     public function store(Request $request)
     {
+        // Verify CSRF token
+        if (!Session::verifyToken($request->input('_token'))) {
+            http_response_code(403);
+            return 'Invalid CSRF token';
+        }
+
         $validated = $request->validate([
-            'email' => 'required',
-            'phone' => 'integer'
+            'email' => 'required|email|max:255',
+            'phone' => 'required|regex:/^[0-9]{10,15}$/' // Validates phone numbers between 10-15 digits
         ]);
 
-        echo "Email: {$validated['email']} | Phone: {$validated['phone']}";
+        // Sanitize and escape output
+        $safeEmail = htmlspecialchars($validated['email'], ENT_QUOTES, 'UTF-8');
+        $safePhone = htmlspecialchars($validated['phone'], ENT_QUOTES, 'UTF-8');
+
+        echo "Email: {$safeEmail} | Phone: {$safePhone}";
     }
 }
diff --git a/composer.json b/composer.json
@@ -17,5 +17,8 @@
         },
         "files": ["config/dic.php", "config/helpers.php", "config/filters.php", "config/auth.php"],
         "classmap": ["config/Kernel.php", "bootstrap/Requests/Request.php"]
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^10.5"
     }
 }