Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
本当にあった怖い脆弱性の話
Search
Roku
April 10, 2022
Programming
20
39k
本当にあった怖い脆弱性の話
PHPerkaigi 2022 Day2 Track B
Roku
April 10, 2022
Tweet
Share
More Decks by Roku
See All by Roku
Laravel のセキュリティはどうなってる?突撃ソースコードリーディング(PHPカンファレンス福岡2024)
ad5jp
1
800
作って理解するバックドア
ad5jp
0
1.4k
Other Decks in Programming
See All in Programming
◯◯エンジニアになった理由
gessy0129
PRO
0
650
sqlcを利用してsqlに型付けを
kamiyam
0
240
PHPを書く理由、PHPを書いていて良い理由 / Reasons to write PHP and why it is good to write PHP
seike460
PRO
5
460
メルカリ ハロ アプリの技術スタック
atsumo
2
790
ECS向けのドリフト検知機構を実装してみた
tkikuc
0
290
データフレームライブラリ徹底比較
daikikatsuragawa
2
100
ROS 2のZenoh対応とZenohのROS 2対応
takasehideki
2
300
DevFest Android in Korea 2024 - 안드로이드의 문단속 : 앱을 지키는 암호화 이야기
mdb1217
1
160
色んなオートローダーを覗き見る #phpcon_okinawa
o0h
PRO
5
390
ML-прайсинг_на_Lamoda__вошли_и_вышли__приключение_на_20_минут__Слава_Цыганков.pdf
lamodatech
0
140
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
9
1.2k
データマイグレーションの成功戦略~サービスリニューアルで失敗しないための実践ガイド~
tkzwtks
4
250
Featured
See All Featured
Designing Experiences People Love
moore
138
23k
The Invisible Customer
myddelton
119
13k
The Brand Is Dead. Long Live the Brand.
mthomps
53
38k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Designing for humans not robots
tammielis
249
25k
Teambox: Starting and Learning
jrom
132
8.7k
Web Components: a chance to create the future
zenorocha
310
42k
How GitHub Uses GitHub to Build GitHub
holman
473
290k
Pencils Down: Stop Designing & Start Developing
hursman
119
11k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.2k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
9
1.2k
GitHub's CSS Performance
jonrohan
1030
450k
Transcript
ຊ쎂썙썺썶ා썛੬ऑੑ쎅 3PLV !BEKQ
썴쎣쎆ɺલ쎅य़
ࢁా썬쎪 Ծ ʮ3PLV썬쎪ɺอकҾܧҊ݅쎛쎠쎏쎪ʁ ։ൃ썮썶ձࣾ쎅ରԠѱ썦썽쎡썶썛쎪쎛썺썽ɻ ূ݊ձࣾ쎅ސ٬쏨쎮쏤썗쏂쏁쏃쏐쏪쎁쎪쎛써쎀ʯ
쎆쎁쎪썷썢ݏ쎁༧ײ썣썮썶쎅썾ɾɾɾ 썿쎡썙썟썱ɺࣄલௐࠪ쎅쎖डୗ
썴쎣썣ɺ썪쎅ڪ쎤썮썛ޠ쎅࢝쎕쎡썷썺썶
;Γ͕ͳʹࣈͱ ͔ೖΔ͚Ͳɾɾɾ·͊ Өڹͳ͍͔ɻ ͓ɾɾɾʁ 썿쎙썙쎣ɺձһొʢޱ࠲։ઃʣ썢쎠ௐࠪ։࢝
͓͓͓ɾɾɾʁ
ΜΜΜΜʁ 쏧쏋ɾɾɾ 쏛쏍
None
썡쎦썢쎡썛썶썷써썶썷쎤썝썢
쎵쏋쎵쏋ɾɾɾ 쏍쏉썗썗쏽ʂ 썛쎛ɺ썴쎪쎁쎆썱쎆쎁썛ɻ
썴쎅࣌ɺ 쎅쎂ඈ쎊ࠐ쎪썾썤썶쎅쎆
None
શવ쎠쎁썛썡썯썬쎪쎅໔ڐূ
ݸਓใ쏟쏵쎴썗쏡쏽
쎦쎡썿ਅ໘쎂ɾɾɾ썪쎪쎁࣮썮썽쎕썲쎪썢ʁ
쎦쎡썿ਅ໘쎂ɾɾɾ썪쎪쎁࣮썮썽쎕썲쎪썢ʁ 썪쎪쎁ࡶ쎁࣮썮썽 쎟썛쎅쎆ɺੈքத쎅 ਓ쎂ݟ쎠쎣썽쎙 쎁썛쏟쎫쎮쏵 썷써썾썰ɻ
ྫ썟쎇ɺ ɾ쏰썗쏀썣쎿쎮쏒্썢쎠ੜ썮ɺ ɹ쏊쎰쏽쏷썗쏓썾썤쎢ݟੵॻ1%' ɾاۀ쏁쏃쏐쏪쎅ɺ1%'ੜ썮썶ٻॻ ɾ쏕쏯썗쏃쎿쎮쏒쎅ɺެ։લهࣄ쎅ఴ쏟쎫쎮쏵
ྫ썟쎇ɺ ɾ쏰썗쏀썣쎿쎮쏒্썢쎠ੜ썮ɺ ɹ쏊쎰쏽쏷썗쏓썾썤쎢ݟੵॻ1%' ɾاۀ쏁쏃쏐쏪쎅ɺ1%'ੜ썮썶ٻॻ ɾ쏕쏯썗쏃쎿쎮쏒쎅ɺެ։લهࣄ쎅ఴ쏟쎫쎮쏵 ˠશ෦ެ։쏑쎭쏶쎹쏒쏴쎂ஔ썛썽쎆쏊쏫ʂ
썪쎪쎁썪썿쎩ݴ썝ਓ썣썛쎕썰 ʮ63-쎆쏳쏽쏊쏪ʢ쏙쏍쏁쏯ʣ쎁쎪썷썢쎠ɺ ɹ63-쎠쎣쎁썛ݶ쎡ݟ쎣쎁썛썯쎚쎁썛썾썰썢ʯ
썪쎪쎁썪썿쎩ݴ썝ਓ썣썛쎕썰 ʮ63-쎆쏳쏽쏊쏪ʢ쏙쏍쏁쏯ʣ쎁쎪썷썢쎠ɺ ɹ63-쎠쎣쎁썛ݶ쎡ݟ쎣쎁썛썯쎚쎁썛썾썰썢ʯ ɹɹ63-쎩쎠쎁썤쎚ݟ쎣쎁썛 ɹɹ63-썬썟썺썽썛쎣쎇ੈքத썷쎣썾쎙ݟ쎣쎢 ✕
࣮ྫ1̋5*.&4ใ࿙썟썛ࣄ݅ ެ։લ쎅쏡쏶쏃쏴쏴썗쏃쎅ఴ쏟쎫쎮쏵ʢ1%'ʣ 썣ୈࡾऀ썢쎠쎬쎹쏅쏃Մೳ쎁ঢ়ଶ쎂쎁썺썽썡쎡ɺ ྲྀग़ɻ ˠҰาؒҧ썟쎇쎮쏽쎿쎮쏊썗औҾ쎂쎙ܨ썣쎡 ɹ썢쎄쎁썛ࣄҊɻ
썾쎙ඇެ։ྖҬ쎂ஔ썛썶쎠ɺ ݟ썲쎢쎐썤쏰썗쏀쎂쎙 ݟ썲쎠쎣쎁썛쎅썾쎆ʁ
썪썝썰쎢ɻ 쎕썱쏟쎫쎮쏵쎆 ඇެ։ྖҬ쎂ஔ썤ɺ 쏰썗쏀*%썿썿쎙쎂 %#쎂อଘ public function upload(Request $request) {
//ϦΫΤετऔಘ $uploaded_file = $request->file('upload'); //…தུ… //privateσΟεΫʹอଘ $save_path = $uploaded_file->store('userfiles'); //DBʹอଘ $private_file = new PrivateFile(); $private_file->user_id = Auth::id(); $private_file->file_path = $save_path; $private_file->mime_type = $uploaded_file ->getMimeType(); $private_file->save(); //ϓϨϏϡʔ༻ʹURLΛฦ٫ return response()->json([ 'url' => route('private-file', [ $private_file->file_id, $uploaded_file->extension() ]), ]); }
썪썝썰쎢ɻ 쏟쎫쎮쏵༻쎅 쏵썗쏐쎭쏽쎺쎩 ༻ҙ Route::get( ‘/private-files/{private_file}.{ext}', [PrivateFileController::class, ‘view'] )->name('private-file');
썪썝썰쎢ɻ 쎽쏽쏒쏷썗쏳 썢쎠쏟쎫쎮쏵쎩 ฦ٫ public function view(PrivateFile $private_file, string $ext)
{ //ϢʔβIDνΣοΫ if ($private_file->user_id !== Auth::id()) { abort(404); } //ଘࡏνΣοΫ if (!Storage::exists($private_file->file_path)) { abort(404); } //Ϩεϙϯε $headers = ['Content-Type' => $private_file->mime_type]; $content = Storage::get($private_file->file_path); return response($content, 200, $headers); }
썪썝썰쎢ɻ 쏵썗쏐쎭쏽쎺썬쎣 썶63-쎩༻썮썽 ը૾쎩දࣔɻ <img src="{{ route('private-file', [$private_file, $private_file->ext]) }}"
alt=""> ˠ쎬쏍쏡쏷썗쏓썮썶ຊਓҎ֎썣쎬쎹쏅쏃썮썽쎙 ɹ썿쎁쎢ɻ
썶쎕쎂쏷쎺쎮쏽ೝূࠔ쎁ཁ݅쎙썙쎡쎕썰ɻ ྫ썟쎇֎෦쎏쎅쏟쎫쎮쏵ڞ༗ɻ ˠ썴쎣썾쎙쏵썗쏐쎭쏽쎺쎆௨썮썶্썾ɺ ɾਪఆࠔ쎁63-쎂썰쎢 ɾදࣔՄೳ쎁ظؒ쎩੍ݶ ɾදࣔՄೳ쎁ճ쎩੍ݶ ɾ쎬쎹쏅쏃쎅ཤྺ쎩썰
썸쎁쎖쎂쎖쎪쎁େ썤8PSE1SFTT ߘ썣Լॻ썤썾쎙ඇެ։썾쎙ɺ ఴ쏟쎫쎮쏵쎆ެ։쏑쎭쏶쎹쏒쏴쎂ஔ썢쎣쎕썰ɻ 썮썢쎙جຊ쎬쏍쏡쏷썗쏓썮썶쎕쎕쎅쏟쎫쎮쏵໊썾ɻ ˠެ։લهࣄ쎂ݟ쎠쎣썽쎆썛써쎁썛쏟쎫쎮쏵썣 ɹఴ썬쎣쎢Մೳੑ썣썙쎢쎁쎠ɺཁ쎵쏃쏉쏨쎮쏄ɻ
ʮࢁా썬썗쎪ɺௐࠪ։࢝썾ɺ ɹɹ썸쎞썺썿쎛쎇썛쎛썻ݟ썻써쎕썮썶ʯ ࢁా썬쎪 Ծ ʮ쎛쎐썗͆͆͆͆ ɹɾɾɾ썪쎅݅쎆ޱ֎ແ༻썾썡ئ썛썮쎕썰ɻ ɹ໌쎢쎖쎂ग़썶쎠ࢮਓ썣ग़쎕썰ɻʯ
썡٬༷썢쎠Ұචऔ썺썽쎙쎠썺썽ɺ ௐࠪଓߦɻ
None
ɾɾɾʁ
·͔͔ͬͪ͜͞Β ύεϫʔυϦηοτͰ͖ͨΓ ͠ͳ͍ΑͶɾɾɾ
Μɾɾɾʁ
None
썡쎦썢쎡썛썶썷써썶썷쎤썝썢
쏛쏃쏹썗쏓ฏจอଘ
໌썮썶ӡ༻쏟쏷썗 ޱ࠲։ઃ ϑΥʔϜ ొ༰ ֬ೝը໘ ొ ৹ࠪ 쏛쏃쏹썗쏓௨ *%࠾൪ 쏛쏃쏹썗쏓ੜ
ɹɹӡ༻쏟쏷썗্ɺฏจอଘ썲썭쎢쎩ಘ쎁썛 ฉ썤썤썶ݴ썛༁
ɹɹӡ༻쏟쏷썗্ɺฏจอଘ썲썭쎢쎩ಘ쎁썛 ɹɹۀཁ݅쎩ຬ썶썮썻썻ɺฏจอଘෆཁ쎁 ɹɹӡ༻쏟쏷썗쎩ఏҊ썰쎢쎅썣4&쎅ࣄ썾썰ɻ ✕ ฉ썤썤썶ݴ썛༁
썶썿썟쎇ɺ ৹ࠪྃ࣌쎂༗ޮظݶ썤쎅쏒썗쎹쏽쎩ੜ썮ɺ 쏒썗쎹쏽쎅ॳظઃఆ63-쎩쏫썗쏵썾ࣗಈૹɻ ˠظݶ쎂ਖ਼썮썛쏒썗쎹쏽쎅63-썢쎠쎬쎹쏅쏃 ɹ썮썶߹쎅쎖쏛쏃쏹썗쏓ઃఆը໘쎩։썦ɻ ˠ쏰썗쏀ࣗ썣쏛쏃쏹썗쏓쎩ઃఆɻ
쎀썝썮썽쎙༣ૹ썮쎁써쎣쎇썛써쎁썛쎁쎠ɺ ॳظ쏛쏃쏹썗쏓쎆༗ޮظݶ쎅Ծ쏛쏃쏹썗쏓썿 썰쎢ʢ썪쎣썷써쎆ฏจอ࣋ʣɻ ˠॳճ쏷쎺쎮쏽࣌쎂ɺ쏛쏃쏹썗쏓มߋ쎩ڧ੍썰쎢ɻ ʢ썪쎅썿썤ฏจ쎅Ծ쏛쏃쏹썗쏓쎙%#썢쎠আʣ
쎁썳쏛쏃쏹썗쏓ฏจอଘ썣썷쎘쎁쎅썢ʁ
ʮѱҙ쎅ཧऀʯ 쎁썳쏛쏃쏹썗쏓ฏจอଘ썣썷쎘쎁쎅썢ʁ
ɾӡӦձࣾ쎩ୀ৬썮썶ݩࣾһ ɾ։ൃձࣾ쎅ݩ֎쏫쏽쏚썗 ɾFUD શһ쎩৴༻썾썤쎕썰썢ʁ
࣮ྫদ̋ূ݊ސ٬ޱ࠲ෆਖ਼ग़ۚࣄ݅ 쏁쏃쏐쏪։ൃ쎩डୗ썮썶4*FS쎅ࣾһ썣ɺ ސ٬쎅쏛쏃쏹썗쏓쎩ෆਖ਼쎂ೖख썮ɺ ࣗ쎅ޱ࠲쎂ૹۚɻඃֹ쎆ԯԁ༨쎡ɻ
ɾ쏛쏃쏹썗쏓ฏจอଘ ɾཧऀ썣쏛쏃쏹썗쏓쎩ݟ쎣쎢 ɾཧऀ썣쏛쏃쏹썗쏓쎩มߋ썾썤쎢 جຊత쎂શ෦쏊쏫썾썰ɻ
썿썛썝쎦써썾ɺ ཧը໘썾쏛쏃쏹썗쏓쎩 ֬ೝ썮썽쏷쎺쎮쏽ɻ ௐࠪଓߦ
쏷쎺쎮쏽
쎁쎪썷썢ؾ쎂쎁쎢쏫쏕쏯썗쎩ຊೳ썣
썴썺썿൶쎩։썦ɾɾɾ
썪썝썛썝༷썷썿ཧղ ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁྃ ߴߋ৽ "1*
쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ ೖۚࡁ 쎂ߋ৽
썪썝썛썝༷썷썿ཧղ ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁྃ ߴߋ৽ "1*
쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ ೖۚࡁ 쎂ߋ৽ ܾࡁ͕શ֎෦ͳΒ ܾࡁใอ࣋PS௨աͱ͔ͷ ৺ͳ͍͚Ͳɺ ҰԠ͚ͩ͜͜ݟͱ͔͘ɻ
쏇썗쏃쏋쎱쏍쎹 public function webhook(Request $request) { //ϦΫΤετऔಘ $deposit_id = $request->input('rid');
$tran_id = $request->input('tid'); $tran_date = $request->input('tdt'); //֘ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); }
썡쎦썢쎡썛썶썷써썶썷쎤썝썢
public function webhook(Request $request) { //ϦΫΤετऔಘ $deposit_id = $request->input('rid'); $tran_id
= $request->input('tid'); $tran_date = $request->input('tdt'); //֘ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); } 쎙썝Ұ
쏤쎮쏷썗쏓쎂ਖ਼썮썛 lSJEz썬썟썙쎣쎇ɺ ແ݅쎂ೖۚࡁ썿 썮썽ॲཧ썬쎣쎢ɻ public function webhook(Request $request) { //ϦΫΤετऔಘ
$deposit_id = $request->input('rid'); $tran_id = $request->input('tid'); $tran_date = $request->input('tdt'); //֘ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); } 쎙썝Ұ
썻쎕쎡썪썝썰쎢썿 ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁྃ ߴߋ৽ "1*
쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ ೖۚࡁ 쎂ߋ৽ ܾࡁ썲썱쎂 DVSM91045ESJEIUUQT[BSV[BSVFYBNQMFDPNXFCIPPL
ِೖۚ썮์
쏁쏃쏐쏪֎෦썢쎠ॴఆ쎅쏴쎹쎲쏃쏒쎩डऔ쎡ɺ 썴쎅༰쎂Ԡ썯썽ɺ쏑썗쏉쎅࡞쎛ߋ৽쎅 ֤छॲཧ쎩ߦ썝썪썿ɻ ʹී௨썾쎆ઈର쎂쎛쎠쎁썛ةݥ쎁ॲཧ쎩 ɹྫ֎త쎂쎛썺썽썛쎢ɻ ɹɾɾɾ썿썛썝썪썿쎩쎕썱ೝࣝ썮쎕썮쎞썝ɻ 8FCIPPL썿쎆
ɾ௨ৗ8FCIPPL쎩ఏڙ썮썽썛쎢쎿썗쏝쏃쎂쎆 ɹ쏰썗쏀썫썿쎂ݻ༗쎅ʮൿີ伴ʯ썣༻ҙ썬쎣썽썡쎡ɺ ɹ썴쎣쎩༻썛썽쏴쎹쎲쏃쏒쏦쏑쎭쎩쏙쏍쏁쏯썮썶ʮॺ໊ʯ쎩 ɹ쏴쎹쎲쏃쏒쏢쏍쏊썾ૹ썺썽썤쎕썰ɻ ɹ썪쎅썣ਖ਼썮썛썪썿쎩֬ೝ썮ɺਖ਼썮썛࣌쎅쎖ॲཧ쎩࣮ߦ썰쎢쎟썝 ɹ࣮썰쎢ɻ ɾ쏴쎹쎲쏃쏒ݩ쎅*1쎬쏓쏶쏃썣ެ։썬쎣썽썛쎢쎁쎠ɺ ɹ*1쎬쏓쏶쏃쎅쏋쎱쏍쎹쎙ߦ썝ɻ 쎀썝썰쎢쎅ʁ
썪썪썣࠷େ쎅ةػཧ쏧쎮쏽쏒썺쎔썛쎅썾 ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁྃ ߴߋ৽ "1*
쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ ೖۚࡁ 쎂ߋ৽
쎁쎪썸쎚쎠쎿썗쏝쏃썾HSFQ ͓ʁ ਵγϯϓϧ͚ͩͲɺ ͜ΕͬͯΔͷʁ public function transaction(Request $request) { $amount
= $request->input('amount'); $user_id = Auth::id(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($user_id, $amount); return ['success' => true]; }
쎽쏽쏒쏷썗쏳໊썾HSFQ Route::post('/api/transaction', [ApiController::class, 'transaction']); ΘΕͱΔΜ͚ɾɾɾ
쎅63*썾(3&1 $('#transaction').submit(function () { $.ajax( '/api/transaction', 'POST', $(this).serialize() ); })
͓͍͓͍͓͍͓͍
JEUSBOTBDUJPO썾HSFQ ͳΜ ίϝϯτΞτ͞ΕͱΔͳ͍͔͍ ͋ʔͼͬ͘Γͨ͠ɻ ͬͯɾɾɾ {{-- <form id=“transaction”> <div class="form-row">
<div class="form-group col-md-6"> <label>ೖֹۚۚ</label> <input type="number" name="amount"> </div> </div> <button class="btn btn-primary">ೖۚ</button> </form> --}}
썡쎦썢쎡썛썶썷써썶썷쎤썝썢
BQJUSBOTBDUJPO쎆ੜ썤썽쎕썰ɻ 쏰썗쏀쏨쎮쏤썗쏂쎂쏷쎺쎮쏽썮썽썶쎠ୟ써쎕썰ɻ public function transaction(Request $request) { $amount = $request->input('amount');
$user_id = Auth::id(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($user_id, $amount); return ['success' => true]; } Route::post('/api/transaction', [ApiController::class, 'transaction']);
썮썢쎙썪쎅63*ɺ+4쏟쎫쎮쏵썾େެ։썬쎣썽쎕썰ɻ $('#transaction').submit(function () { $.ajax( '/api/transaction', 'POST', $(this).serialize() ); })
썻쎕쎡썶썺썶썪쎣썷써썾ɺ BQJUSBOTBDUJPO ϚΠϖʔδ ͷͲ͔͜ GPSN %FW5PPM썾)5.-Ճ 1045
ِೖۚ썮์1BSU
ɾɾɾ썰쎢썪썿쎆Կ쎙썙쎡쎕썲쎪ɻ 쏐쏃쏒༻쏡쏷쎺쏳쏪쎆ফ썮쎕썮쎞썝ɻ ڧ썛썽ݴ썝쎁쎠ɺສҰ쎣ڈ쎠쎣썶࣌쎅썶쎘ɺ 쏐쏃쏒쏡쏷쎺쏳쏪쎆ɺ ࠷ॳ썢쎠-PDBM&OW썾썮썢ಈ썢쎁썛쎟썝쎂 ݅써썮썽썡썦썿ྑ썛썾썰ɻ ղઆ
썴썝썛썟쎇944쎆େৎ썢
쎕썘େৎ썺쎔썛 <div class="form-row align-items-end"> <div class="form-group col-md-6"> <label>ి൪߸</label> <div>{{ $input->phone_1
}}</div> </div> <div class="form-group col-md-6"> <label>ܞଳి൪߸</label> <div>{{ $input->phone_2 }}</div> </div> </div> <div class="form-row align-items-end"> <div class="form-group col-md-12"> <label>උߟ</label> <div>{!! nl2br(e($input->note)) !!}</div> </div> </div>
썴썝썛썟쎇$43'쎆େৎ썢
protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class, //\App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \App\Http\Middleware\RedirectIfHasProblem::class, ],
$43'쏘썗쎶썗쏓
$43'쎂썻썛썽쎆ɺ썪썸쎠쎅هࣄ썾 ࠷େݶט쎖ࡅ썛썽આ໌썮썽썡쎡쎕썰쎅썾ɺ 썫Ұಡ썦썷썬썛ɻ IUUQT[FOOEFWBEBSUJDMFTFFDFFEDC
-BSBWFM썾쎆ɺಛఆ63-쎅쎖$43'쏋쎱쏍쎹쎩֎썲쎕썰ɻ ຊ݅ݩ쏗쏉쏁쏃쏐쏪썾༻썬쎣썽썛썶쏟쏶썗쏪쏹썗쎹쎂쎆 썴썝썛썝ؾ쎅ར썛썶ػߏ썣쎁썦ɺ શମ썾0/0''썮썢썾썤쎁썢썺썶쎅썾ɺ 8FCIPPL쎅߹썾0''쎂썮썶쎙쎅썿ࢥ쎦쎣쎕썰ɻ쎬쏥썣ɻ 썶썷ɺԾ쎂ಛఆ63-쎅쎖쎆썱썲쎢썿썮썽쎙ɺ ຊ쎂$43'쏋쎱쏍쎹쎩֎썰Ҏ֎쎅ํ๏썣쎁썛썢ɺ ֎썮썽쎙҆શੑ썣֬อ썾썤쎢쎅썢쎀썝썢쎆ɺ 쎟썦ۛຯ썮쎕썮쎞썝ɻ ɿ
࣮ྫ쏫̋쏍쏡쏃쎹쏶쏂쏍쏒쎵썗쏓ใྲྀग़ࣄ݅ 쎹쏶쏂쏍쏒쎵썗쏓ܾࡁ쏡쏳쏍쏒쏟쎳썗쏪쎩 ఏڙ썰쎢ಉࣾ쎅쏁쏃쏐쏪썣ɺ 쎿썗쏚쎏쎅ෆਖ਼쏷쎺쎮쏽ɺ42-쎮쏽쏂쎱쎹쏁쏱쏽ɺ 쏚쏍쎹쏓쎬༷ʑ쎁߈ܸ쎩ड써ɺ 쎹쏶쏂쏍쏒쎵썗쏓ใ࠷େສ݅썣ྲྀग़썮썶 Մೳੑɻ
ࢁా썬쎪 Ծ ʮ쎁쎪썢쎹쏳쎮쎬쏽쏒ۚ༥ி썢쎠ౖ쎠쎣썶쎠썮썦ɺ ɹ৭ʑվमґཔདྷ썴썝썾썰ʯ ʮɾɾɾݏ썾썰ʯ
ແ쎆࠷େ쎅ࡑ ূ݊ձࣾ썿썛썝쏅쏽쏁쏐쎭쏠쎁ۀք쎂썬썟ɺ 썪쎪쎁ྼѱ쎁쏁쏃쏐쏪썣쎕썢쎡௨썺썽썛쎕썰ɻ 쏅쎷쏯쏴쏐쎭쎂썻썛썽ແ썰썥쎢։ൃձࣾɻ ʑ쎅੬ऑੑ쎂ؾ썼썤쎙썮쎁썛ൃऀɻ 쎠쎁썢썺썶썾쎆ࡁ쎕쎁썛쎅썣ɺ 쏁쏃쏐쏪ʢ쎬쏡쏴쎻썗쏁쏱쏽ʣ썾썰ɻ
࠷ޙʹࣗݾհ גࣜձࣾ"%දऔక େࡕࡏॅ 1)1FSྺ͘Β͍ !BEKQ