$30 off During Our Annual Pro Sale. View Details »

本当にあった怖い脆弱性の話

Roku
April 10, 2022

 本当にあった怖い脆弱性の話

PHPerkaigi 2022 Day2 Track B

Roku

April 10, 2022
Tweet

Other Decks in Programming

Transcript

  1. ຊ౰쎂썙썺썶ා썛੬ऑੑ쎅࿩ 3PLV !BEKQ

  2. 썴쎣쎆ɺ೥લ쎅य़

  3. ࢁా썬쎪 Ծ ʮ3PLV썬쎪ɺอकҾܧҊ݅쎛쎠쎏쎪ʁ ։ൃ썮썶ձࣾ쎅ରԠѱ썦썽੾쎡썶썛쎪쎛썺썽ɻ ূ݊ձࣾ쎅ސ٬쏨쎮쏤썗쏂쏁쏃쏐쏪쎁쎪쎛써쎀ʯ

  4. ๻쎆쎁쎪썷썢ݏ쎁༧ײ썣썮썶쎅썾ɾɾɾ 썿쎡썙썟썱ɺࣄલௐࠪ쎅쎖डୗ

  5. 썴쎣썣ɺ썪쎅ڪ쎤썮썛෺ޠ쎅࢝쎕쎡썷썺썶

  6. ;Γ͕ͳʹ׽ࣈͱ ͔ೖΔ͚Ͳɾɾɾ·͊ Өڹ͸ͳ͍͔ɻ ͓ɾɾɾʁ 썿쎙썙쎣ɺձһొ࿥ʢޱ࠲։ઃʣ썢쎠ௐࠪ։࢝

  7. ͓͓͓ɾɾɾʁ

  8. ΜΜΜΜʁ 쏧쏋ɾɾɾ 쏛쏍

  9. None
  10. 썡쎦썢쎡썛썶썷써썶썷쎤썝썢

  11. 쎵쏋쎵쏋ɾɾɾ 쏍쏉썗썗쏽ʂ 썛쎛ɺ썴쎪쎁쎆썱쎆쎁썛ɻ

  12. 썴쎅࣌ɺ ๻쎅໨쎂ඈ쎊ࠐ쎪썾썤썶쎅쎆

  13. None
  14. શવ஌쎠쎁썛썡썯썬쎪쎅໔ڐূ

  15. ݸਓ৘ใ쏟쏵쎴썗쏡쏽

  16. 쎦쎡썿ਅ໘໨쎂ɾɾɾ썪쎪쎁࣮૷썮썽쎕썲쎪썢ʁ

  17. 쎦쎡썿ਅ໘໨쎂ɾɾɾ썪쎪쎁࣮૷썮썽쎕썲쎪썢ʁ 썪쎪쎁ࡶ쎁࣮૷썮썽 쎟썛쎅쎆ɺੈքத쎅 ਓ쎂ݟ쎠쎣썽쎙 ໰୊쎁썛쏟쎫쎮쏵 썷써썾썰ɻ

  18. ྫ썟쎇ɺ ɾ쏰썗쏀썣쎿쎮쏒্썢쎠ੜ੒썮ɺ ɹ쏊쎰쏽쏷썗쏓썾썤쎢ݟੵॻ1%' ɾاۀ಺쏁쏃쏐쏪쎅ɺ1%'ੜ੒썮썶੥ٻॻ౳ ɾ쏕쏯썗쏃쎿쎮쏒쎅ɺެ։લهࣄ쎅ఴ෇쏟쎫쎮쏵

  19. ྫ썟쎇ɺ ɾ쏰썗쏀썣쎿쎮쏒্썢쎠ੜ੒썮ɺ ɹ쏊쎰쏽쏷썗쏓썾썤쎢ݟੵॻ1%' ɾاۀ಺쏁쏃쏐쏪쎅ɺ1%'ੜ੒썮썶੥ٻॻ౳ ɾ쏕쏯썗쏃쎿쎮쏒쎅ɺެ։લهࣄ쎅ఴ෇쏟쎫쎮쏵 ˠશ෦ެ։쏑쎭쏶쎹쏒쏴쎂ஔ썛썽쎆쏊쏫ʂ

  20. 썪쎪쎁썪썿쎩ݴ썝ਓ썣썛쎕썰 ʮ63-쎆쏳쏽쏊쏪ʢ쏙쏍쏁쏯஋ʣ쎁쎪썷썢쎠ɺ ɹ63-஌쎠쎣쎁썛ݶ쎡ݟ쎣쎁썛썯쎚쎁썛썾썰썢ʯ

  21. 썪쎪쎁썪썿쎩ݴ썝ਓ썣썛쎕썰 ʮ63-쎆쏳쏽쏊쏪ʢ쏙쏍쏁쏯஋ʣ쎁쎪썷썢쎠ɺ ɹ63-஌쎠쎣쎁썛ݶ쎡ݟ쎣쎁썛썯쎚쎁썛썾썰썢ʯ ɹɹ63-쎩஌쎠쎁썤쎚ݟ쎣쎁썛 ɹɹ63-썬썟஌썺썽썛쎣쎇ੈքத썷쎣썾쎙ݟ쎣쎢 ✕

  22. ࣮ྫ1̋5*.&4৘ใ࿙썟썛ࣄ݅ ެ։લ쎅쏡쏶쏃쏴쏴썗쏃쎅ఴ෇쏟쎫쎮쏵ʢ1%'౳ʣ 썣ୈࡾऀ썢쎠쎬쎹쏅쏃Մೳ쎁ঢ়ଶ쎂쎁썺썽썡쎡ɺ ྲྀग़ɻ ˠҰาؒҧ썟쎇쎮쏽쎿쎮쏊썗औҾ౳쎂쎙ܨ썣쎡 ɹ썢쎄쎁썛ࣄҊɻ

  23. 썾쎙ඇެ։ྖҬ쎂ஔ썛썶쎠ɺ ݟ썲쎢쎐썤쏰썗쏀쎂쎙 ݟ썲쎠쎣쎁썛쎅썾쎆ʁ

  24. 썪썝썰쎢ɻ 쎕썱쏟쎫쎮쏵쎆 ඇެ։ྖҬ쎂ஔ썤ɺ 쏰썗쏀*%౳썿썿쎙쎂 %#쎂อଘ public function upload(Request $request) {

    //ϦΫΤετऔಘ $uploaded_file = $request->file('upload'); //…தུ… //privateσΟεΫʹอଘ $save_path = $uploaded_file->store('userfiles'); //DBʹอଘ $private_file = new PrivateFile(); $private_file->user_id = Auth::id(); $private_file->file_path = $save_path; $private_file->mime_type = $uploaded_file ->getMimeType(); $private_file->save(); //ϓϨϏϡʔ༻ʹURLΛฦ٫ return response()->json([ 'url' => route('private-file', [ $private_file->file_id, $uploaded_file->extension() ]), ]); }
  25. 썪썝썰쎢ɻ 쏟쎫쎮쏵༻쎅 쏵썗쏐쎭쏽쎺쎩 ༻ҙ Route::get( ‘/private-files/{private_file}.{ext}', [PrivateFileController::class, ‘view'] )->name('private-file');

  26. 썪썝썰쎢ɻ 쎽쏽쏒쏷썗쏳 썢쎠쏟쎫쎮쏵쎩 ฦ٫ public function view(PrivateFile $private_file, string $ext)

    { //ϢʔβIDνΣοΫ if ($private_file->user_id !== Auth::id()) { abort(404); } //ଘࡏνΣοΫ if (!Storage::exists($private_file->file_path)) { abort(404); } //Ϩεϙϯε $headers = ['Content-Type' => $private_file->mime_type]; $content = Storage::get($private_file->file_path); return response($content, 200, $headers); }
  27. 썪썝썰쎢ɻ 쏵썗쏐쎭쏽쎺썬쎣 썶63-쎩࢖༻썮썽 ը૾쎩දࣔɻ <img src="{{ route('private-file', [$private_file, $private_file->ext]) }}"

    alt=""> ˠ쎬쏍쏡쏷썗쏓썮썶ຊਓҎ֎썣௚쎬쎹쏅쏃썮썽쎙 ɹ썿쎁쎢ɻ
  28. 썶쎕쎂쏷쎺쎮쏽ೝূࠔ೉쎁ཁ݅쎙썙쎡쎕썰ɻ ྫ썟쎇֎෦쎏쎅쏟쎫쎮쏵ڞ༗౳ɻ ˠ썴쎣썾쎙쏵썗쏐쎭쏽쎺쎆௨썮썶্썾ɺ ɾਪఆࠔ೉쎁63-쎂썰쎢 ɾදࣔՄೳ쎁ظؒ쎩੍ݶ ɾදࣔՄೳ쎁ճ਺쎩੍ݶ ɾ쎬쎹쏅쏃쎅ཤྺ쎩࢒썰

  29. 썸쎁쎖쎂쎖쎪쎁େ޷썤8PSE1SFTT ౤ߘ썣Լॻ썤썾쎙ඇެ։썾쎙ɺ ఴ෇쏟쎫쎮쏵쎆ެ։쏑쎭쏶쎹쏒쏴쎂ஔ썢쎣쎕썰ɻ 썮썢쎙جຊ쎬쏍쏡쏷썗쏓썮썶쎕쎕쎅쏟쎫쎮쏵໊썾ɻ ˠެ։લهࣄ쎂ݟ쎠쎣썽쎆썛써쎁썛쏟쎫쎮쏵썣 ɹఴ෇썬쎣쎢Մೳੑ썣썙쎢쎁쎠ɺཁ쎵쏃쏉쏨쎮쏄ɻ

  30. ๻ʮࢁా썬썗쎪ɺௐࠪ։࢝෼썾ɺ ɹɹ썸쎞썺썿쎛쎇썛쎛썻ݟ썻써쎕썮썶ʯ ࢁా썬쎪 Ծ  ʮ쎛쎐썗͆͆͆͆ ɹɾɾɾ썪쎅݅쎆ޱ֎ແ༻썾썡ئ썛썮쎕썰ɻ ɹ໌쎢쎖쎂ग़썶쎠ࢮਓ썣ग़쎕썰ɻʯ

  31. 썡٬༷썢쎠Ұචऔ썺썽쎙쎠썺썽ɺ ௐࠪଓߦɻ

  32. None
  33. ͸ɾɾɾʁ

  34. ·͔͔ͬͪ͜͞Β ύεϫʔυϦηοτͰ͖ͨΓ͸ ͠ͳ͍ΑͶɾɾɾ

  35. Μɾɾɾʁ

  36. None
  37. 썡쎦썢쎡썛썶썷써썶썷쎤썝썢

  38. 쏛쏃쏹썗쏓ฏจอଘ

  39. ൑໌썮썶ӡ༻쏟쏷썗 ޱ࠲։ઃ ϑΥʔϜ ొ࿥಺༰ ֬ೝը໘ ొ࿥ ৹ࠪ 쏛쏃쏹썗쏓௨஌ *%࠾൪ 쏛쏃쏹썗쏓ੜ੒

  40. ɹɹӡ༻쏟쏷썗্ɺฏจอଘ썲썭쎢쎩ಘ쎁썛 ฉ썤๞썤썶ݴ썛༁

  41. ɹɹӡ༻쏟쏷썗্ɺฏจอଘ썲썭쎢쎩ಘ쎁썛 ɹɹۀ຿ཁ݅쎩ຬ썶썮썻썻ɺฏจอଘෆཁ쎁 ɹɹӡ༻쏟쏷썗쎩ఏҊ썰쎢쎅썣4&쎅࢓ࣄ썾썰ɻ ✕ ฉ썤๞썤썶ݴ썛༁

  42. 썶썿썟쎇ɺ ৹ࠪ׬ྃ࣌쎂༗ޮظݶ෇썤쎅쏒썗쎹쏽쎩ੜ੒썮ɺ 쏒썗쎹쏽෇쎅ॳظઃఆ63-쎩쏫썗쏵썾ࣗಈૹ෇ɻ ˠظݶ಺쎂ਖ਼썮썛쏒썗쎹쏽෇쎅63-썢쎠쎬쎹쏅쏃 ɹ썮썶৔߹쎅쎖쏛쏃쏹썗쏓ઃఆը໘쎩։썦ɻ ˠ쏰썗쏀ࣗ਎썣쏛쏃쏹썗쏓쎩ઃఆɻ

  43. 쎀썝썮썽쎙༣ૹ썮쎁써쎣쎇썛써쎁썛쎁쎠ɺ ॳظ쏛쏃쏹썗쏓쎆༗ޮظݶ෇쎅Ծ쏛쏃쏹썗쏓썿 썰쎢ʢ썪쎣썷써쎆ฏจอ࣋ʣɻ ˠॳճ쏷쎺쎮쏽࣌쎂ɺ쏛쏃쏹썗쏓มߋ쎩ڧ੍썰쎢ɻ ʢ썪쎅썿썤ฏจ쎅Ծ쏛쏃쏹썗쏓쎙%#썢쎠࡟আʣ

  44. 쎁썳쏛쏃쏹썗쏓ฏจอଘ썣썷쎘쎁쎅썢ʁ

  45. ʮѱҙ쎅؅ཧऀʯ 쎁썳쏛쏃쏹썗쏓ฏจอଘ썣썷쎘쎁쎅썢ʁ

  46. ɾӡӦձࣾ쎩ୀ৬썮썶ݩࣾһ ɾ։ൃձࣾ쎅ݩ֎஫쏫쏽쏚썗 ɾFUD શһ쎩৴༻썾썤쎕썰썢ʁ

  47. ࣮ྫদ̋ূ݊ސ٬ޱ࠲ෆਖ਼ग़ۚࣄ݅ 쏁쏃쏐쏪։ൃ쎩डୗ썮썶4*FS쎅ࣾһ썣ɺ ސ٬쎅쏛쏃쏹썗쏓쎩ෆਖ਼쎂ೖख썮ɺ ࣗ਎쎅ޱ࠲౳쎂ૹۚɻඃ֐ֹ쎆ԯԁ༨쎡ɻ

  48. ɾ쏛쏃쏹썗쏓ฏจอଘ ɾ؅ཧऀ썣쏛쏃쏹썗쏓쎩ݟ쎣쎢 ɾ؅ཧऀ썣쏛쏃쏹썗쏓쎩มߋ썾썤쎢 جຊత쎂શ෦쏊쏫썾썰ɻ

  49. 썿썛썝쎦써썾ɺ ؅ཧը໘썾쏛쏃쏹썗쏓쎩 ֬ೝ썮썽쏷쎺쎮쏽ɻ ௐࠪଓߦ

  50. 쏷쎺쎮쏽

  51. 쎁쎪썷썢ؾ쎂쎁쎢쏫쏕쏯썗쎩ຊೳ썣࡯஌

  52. 썴썺썿൶쎩։썦ɾɾɾ

  53. 썪썝썛썝࢓༷썷썿ཧղ ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁ׬ྃ ࢒ߴߋ৽ "1*

    쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ࿥ ೖۚࡁ 쎂ߋ৽
  54. 썪썝썛썝࢓༷썷썿ཧղ ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁ׬ྃ ࢒ߴߋ৽ "1*

    쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ࿥ ೖۚࡁ 쎂ߋ৽ ܾࡁ͕׬શ֎෦ͳΒ ܾࡁ৘ใอ࣋PS௨աͱ͔ͷ ৺഑͸ͳ͍͚Ͳɺ ҰԠ͚ͩ͜͜ݟͱ͔͘ɻ
  55. 쏇썗쏃쏋쎱쏍쎹 public function webhook(Request $request) { //ϦΫΤετऔಘ $deposit_id = $request->input('rid');

    $tran_id = $request->input('tid'); $tran_date = $request->input('tdt'); //֘౰ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); }
  56. 썡쎦썢쎡썛썶썷써썶썷쎤썝썢

  57. public function webhook(Request $request) { //ϦΫΤετऔಘ $deposit_id = $request->input('rid'); $tran_id

    = $request->input('tid'); $tran_date = $request->input('tdt'); //֘౰ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); } 쎙썝Ұ౓
  58. 쏤쎮쏷썗쏓쎂ਖ਼썮썛 lSJEz썬썟썙쎣쎇ɺ ແ৚݅쎂ೖۚࡁ썿 썮썽ॲཧ썬쎣쎢ɻ public function webhook(Request $request) { //ϦΫΤετऔಘ

    $deposit_id = $request->input('rid'); $tran_id = $request->input('tid'); $tran_date = $request->input('tdt'); //֘౰ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); } 쎙썝Ұ౓
  59. 썻쎕쎡썪썝썰쎢썿 ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁ׬ྃ ࢒ߴߋ৽ "1*

    쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ࿥ ೖۚࡁ 쎂ߋ৽ ܾࡁ썲썱쎂཭୤ DVSM91045ESJEIUUQT[BSV[BSVFYBNQMFDPNXFCIPPL
  60. ِ૷ೖۚ썮์୊

  61. 쏁쏃쏐쏪֎෦썢쎠ॴఆ쎅쏴쎹쎲쏃쏒쎩डऔ쎡ɺ 썴쎅಺༰쎂Ԡ썯썽ɺ쏑썗쏉쎅࡞੒쎛ߋ৽౳쎅 ֤छॲཧ쎩ߦ썝썪썿ɻ ʹී௨썾쎆ઈର쎂쎛쎠쎁썛௒ةݥ쎁ॲཧ쎩 ɹྫ֎త쎂쎛썺썽썛쎢ɻ ɹɾɾɾ썿썛썝썪썿쎩쎕썱ೝࣝ썮쎕썮쎞썝ɻ 8FCIPPL썿쎆

  62. ɾ௨ৗ8FCIPPL쎩ఏڙ썮썽썛쎢쎿썗쏝쏃쎂쎆 ɹ쏰썗쏀썫썿쎂ݻ༗쎅ʮൿີ伴ʯ썣༻ҙ썬쎣썽썡쎡ɺ ɹ썴쎣쎩༻썛썽쏴쎹쎲쏃쏒쏦쏑쎭౳쎩쏙쏍쏁쏯썮썶ʮॺ໊ʯ쎩 ɹ쏴쎹쎲쏃쏒쏢쏍쏊౳썾ૹ썺썽썤쎕썰ɻ ɹ썪쎅஋썣ਖ਼썮썛썪썿쎩֬ೝ썮ɺਖ਼썮썛࣌쎅쎖ॲཧ쎩࣮ߦ썰쎢쎟썝 ɹ࣮૷썰쎢ɻ ɾ쏴쎹쎲쏃쏒ݩ쎅*1쎬쏓쏶쏃썣ެ։썬쎣썽썛쎢쎁쎠ɺ ɹ*1쎬쏓쏶쏃쎅쏋쎱쏍쎹쎙ߦ썝ɻ 쎀썝썰쎢쎅ʁ

  63. 썪썪썣࠷େ쎅ةػ؅ཧ쏧쎮쏽쏒썺쎔썛쎅썾 ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁ׬ྃ ࢒ߴߋ৽ "1*

    쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ࿥ ೖۚࡁ 쎂ߋ৽
  64. 쎁쎪썸쎚쎠쎿썗쏝쏃썾HSFQ ͓΍ʁ ਵ෼γϯϓϧ͚ͩͲɺ ͜Ε࢖ͬͯΔͷʁ public function transaction(Request $request) { $amount

    = $request->input('amount'); $user_id = Auth::id(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($user_id, $amount); return ['success' => true]; }
  65. 쎽쏽쏒쏷썗쏳໊썾HSFQ Route::post('/api/transaction', [ApiController::class, 'transaction']); ࢖ΘΕͱΔ΍Μ͚ɾɾɾ

  66. ໰୊쎅63*썾(3&1 $('#transaction').submit(function () { $.ajax( '/api/transaction', 'POST', $(this).serialize() ); })

    ͓͍͓͍͓͍͓͍
  67. JEUSBOTBDUJPO썾HSFQ ͳΜ΍ ίϝϯτΞ΢τ͞ΕͱΔ΍ͳ͍͔͍ ͋ʔͼͬ͘Γͨ͠ɻ ͬͯɾɾɾ {{-- <form id=“transaction”> <div class="form-row">

    <div class="form-group col-md-6"> <label>ೖֹۚۚ</label> <input type="number" name="amount"> </div> </div> <button class="btn btn-primary">ೖۚ</button> </form> --}}
  68. 썡쎦썢쎡썛썶썷써썶썷쎤썝썢

  69. BQJUSBOTBDUJPO쎆ੜ썤썽쎕썰ɻ 쏰썗쏀쏨쎮쏤썗쏂쎂쏷쎺쎮쏽썮썽썶쎠ୟ써쎕썰ɻ public function transaction(Request $request) { $amount = $request->input('amount');

    $user_id = Auth::id(); //ӡ༻γεςϜͷ࢒ߴՃࢉ (API) DataLinkService::add($user_id, $amount); return ['success' => true]; } Route::post('/api/transaction', [ApiController::class, 'transaction']);
  70. 썮썢쎙썪쎅63*ɺ+4쏟쎫쎮쏵썾େެ։썬쎣썽쎕썰ɻ $('#transaction').submit(function () { $.ajax( '/api/transaction', 'POST', $(this).serialize() ); })

  71. 썻쎕쎡썶썺썶썪쎣썷써썾ɺ BQJUSBOTBDUJPO ϚΠϖʔδ಺ ͷͲ͔͜ GPSN %FW5PPM౳썾)5.-Ճ޻ 1045

  72. ِ૷ೖۚ썮์୊1BSU

  73. ɾɾɾ썰쎢썪썿쎆Կ쎙썙쎡쎕썲쎪ɻ 쏐쏃쏒༻쏡쏷쎺쏳쏪쎆ফ썮쎕썮쎞썝ɻ ڧ썛썽ݴ썝쎁쎠ɺສҰ๨쎣ڈ쎠쎣썶࣌쎅썶쎘ɺ 쏐쏃쏒쏡쏷쎺쏳쏪쎆ɺ ࠷ॳ썢쎠-PDBM&OW썾썮썢ಈ썢쎁썛쎟썝쎂 ৚݅෇써썮썽썡썦썿ྑ썛썾썰ɻ ղઆ

  74. 썴썝썛썟쎇944쎆େৎ෉썢

  75. 쎕썘େৎ෉썺쎔썛 <div class="form-row align-items-end"> <div class="form-group col-md-6"> <label>ి࿩൪߸</label> <div>{{ $input->phone_1

    }}</div> </div> <div class="form-group col-md-6"> <label>ܞଳి࿩൪߸</label> <div>{{ $input->phone_2 }}</div> </div> </div> <div class="form-row align-items-end"> <div class="form-group col-md-12"> <label>උߟ</label> <div>{!! nl2br(e($input->note)) !!}</div> </div> </div>
  76. 썴썝썛썟쎇$43'쎆େৎ෉썢

  77. protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class,

    \Illuminate\View\Middleware\ShareErrorsFromSession::class, //\App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \App\Http\Middleware\RedirectIfHasProblem::class, ],
  78. $43'쏘썗쎶썗쏓

  79. $43'౳쎂썻썛썽쎆ɺ썪썸쎠쎅هࣄ썾 ࠷େݶט쎖ࡅ썛썽આ໌썮썽썡쎡쎕썰쎅썾ɺ 썫Ұಡ썦썷썬썛ɻ IUUQT[FOOEFWBEBSUJDMFTFFDFFEDC

  80. -BSBWFM썾쎆ɺಛఆ63-쎅쎖$43'쏋쎱쏍쎹쎩֎썲쎕썰ɻ ຊ݅ݩ쏗쏉쏁쏃쏐쏪썾࢖༻썬쎣썽썛썶쏟쏶썗쏪쏹썗쎹쎂쎆 썴썝썛썝ؾ쎅ར썛썶ػߏ썣쎁썦ɺ શମ썾0/0''썮썢썾썤쎁썢썺썶쎅썾ɺ 8FCIPPL쎅౎߹썾0''쎂썮썶쎙쎅썿ࢥ쎦쎣쎕썰ɻ쎬쏥썣ɻ 썶썷ɺԾ쎂ಛఆ63-쎅쎖쎆썱썲쎢썿썮썽쎙ɺ ຊ౰쎂$43'쏋쎱쏍쎹쎩֎썰Ҏ֎쎅ํ๏썣쎁썛썢ɺ ֎썮썽쎙҆શੑ썣֬อ썾썤쎢쎅썢쎀썝썢쎆ɺ 쎟썦ۛຯ썮쎕썮쎞썝ɻ ஫ɿ

  81. ࣮ྫ쏫̋쏍쏡쏃쎹쏶쏂쏍쏒쎵썗쏓৘ใྲྀग़ࣄ݅ 쎹쏶쏂쏍쏒쎵썗쏓ܾࡁ쏡쏳쏍쏒쏟쎳썗쏪쎩 ఏڙ썰쎢ಉࣾ쎅쏁쏃쏐쏪썣ɺ 쎿썗쏚쎏쎅ෆਖ਼쏷쎺쎮쏽ɺ42-쎮쏽쏂쎱쎹쏁쏱쏽ɺ 쏚쏍쎹쏓쎬౳༷ʑ쎁߈ܸ쎩ड써ɺ 쎹쏶쏂쏍쏒쎵썗쏓৘ใ౳࠷େສ݅썣ྲྀग़썮썶 Մೳੑɻ

  82. ࢁా썬쎪 Ծ  ʮ쎁쎪썢쎹쏳쎮쎬쏽쏒ۚ༥ி썢쎠ౖ쎠쎣썶쎠썮썦ɺ ɹ৭ʑվमґཔདྷ썴썝썾썰ʯ ๻ ʮɾɾɾݏ썾썰ʯ

  83. ແ஌쎆࠷େ쎅ࡑ ূ݊ձࣾ썿썛썝쏅쏽쏁쏐쎭쏠쎁ۀք쎂썬썟ɺ 썪쎪쎁ྼѱ쎁쏁쏃쏐쏪썣쎕썢쎡௨썺썽썛쎕썰ɻ 쏅쎷쏯쏴쏐쎭쎂썻썛썽ແ஌썰썥쎢։ൃձࣾɻ ਺ʑ쎅੬ऑੑ쎂ؾ썼썤쎙썮쎁썛ൃ஫ऀɻ ஌쎠쎁썢썺썶썾쎆ࡁ쎕쎁썛쎅썣ɺ 쏁쏃쏐쏪ʢ쎬쏡쏴쎻썗쏁쏱쏽ʣ썾썰ɻ

  84. ࠷ޙʹࣗݾ঺հ גࣜձࣾ"%୅දऔక໾ େࡕࡏॅ 1)1FSྺ೥͘Β͍ !BEKQ