Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
本当にあった怖い脆弱性の話
Search
Roku
April 10, 2022
Programming
20
39k
本当にあった怖い脆弱性の話
PHPerkaigi 2022 Day2 Track B
Roku
April 10, 2022
Tweet
Share
More Decks by Roku
See All by Roku
Laravel のセキュリティはどうなってる?突撃ソースコードリーディング(PHPカンファレンス福岡2024)
ad5jp
1
900
作って理解するバックドア
ad5jp
0
1.5k
Other Decks in Programming
See All in Programming
短期間での新規プロダクト開発における「コスパの良い」Goのテスト戦略」 / kamakura.go
n3xem
2
160
なまけものオバケたち -PHP 8.4 に入った新機能の紹介-
tanakahisateru
1
120
MCP with Cloudflare Workers
yusukebe
2
220
Effective Signals in Angular 19+: Rules and Helpers @ngbe2024
manfredsteyer
PRO
0
130
これが俺の”自分戦略” プロセスを楽しんでいこう! - Developers CAREER Boost 2024
niftycorp
PRO
0
190
From Translations to Multi Dimension Entities
alexanderschranz
2
130
今年のアップデートで振り返るCDKセキュリティのシフトレフト/2024-cdk-security-shift-left
tomoki10
0
190
フロントエンドのディレクトリ構成どうしてる? Feature-Sliced Design 導入体験談
osakatechlab
8
4.1k
range over funcの使い道と非同期N+1リゾルバーの夢 / about a range over func
mackee
0
110
N.E.X.T LEVEL
pluu
2
300
useSyncExternalStoreを使いまくる
ssssota
6
1k
KubeCon + CloudNativeCon NA 2024 Overviewat Kubernetes Meetup Tokyo #68 / amsy810_k8sjp68
masayaaoyama
0
250
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
170
Building Your Own Lightsaber
phodgson
103
6.1k
Code Reviewing Like a Champion
maltzj
520
39k
How to Ace a Technical Interview
jacobian
276
23k
Reflections from 52 weeks, 52 projects
jeffersonlam
347
20k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
Raft: Consensus for Rubyists
vanstee
137
6.7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
Transcript
ຊ쎂썙썺썶ා썛੬ऑੑ쎅 3PLV !BEKQ
썴쎣쎆ɺલ쎅य़
ࢁా썬쎪 Ծ ʮ3PLV썬쎪ɺอकҾܧҊ݅쎛쎠쎏쎪ʁ ։ൃ썮썶ձࣾ쎅ରԠѱ썦썽쎡썶썛쎪쎛썺썽ɻ ূ݊ձࣾ쎅ސ٬쏨쎮쏤썗쏂쏁쏃쏐쏪쎁쎪쎛써쎀ʯ
쎆쎁쎪썷썢ݏ쎁༧ײ썣썮썶쎅썾ɾɾɾ 썿쎡썙썟썱ɺࣄલௐࠪ쎅쎖डୗ
썴쎣썣ɺ썪쎅ڪ쎤썮썛ޠ쎅࢝쎕쎡썷썺썶
;Γ͕ͳʹࣈͱ ͔ೖΔ͚Ͳɾɾɾ·͊ Өڹͳ͍͔ɻ ͓ɾɾɾʁ 썿쎙썙쎣ɺձһొʢޱ࠲։ઃʣ썢쎠ௐࠪ։࢝
͓͓͓ɾɾɾʁ
ΜΜΜΜʁ 쏧쏋ɾɾɾ 쏛쏍
None
썡쎦썢쎡썛썶썷써썶썷쎤썝썢
쎵쏋쎵쏋ɾɾɾ 쏍쏉썗썗쏽ʂ 썛쎛ɺ썴쎪쎁쎆썱쎆쎁썛ɻ
썴쎅࣌ɺ 쎅쎂ඈ쎊ࠐ쎪썾썤썶쎅쎆
None
શવ쎠쎁썛썡썯썬쎪쎅໔ڐূ
ݸਓใ쏟쏵쎴썗쏡쏽
쎦쎡썿ਅ໘쎂ɾɾɾ썪쎪쎁࣮썮썽쎕썲쎪썢ʁ
쎦쎡썿ਅ໘쎂ɾɾɾ썪쎪쎁࣮썮썽쎕썲쎪썢ʁ 썪쎪쎁ࡶ쎁࣮썮썽 쎟썛쎅쎆ɺੈքத쎅 ਓ쎂ݟ쎠쎣썽쎙 쎁썛쏟쎫쎮쏵 썷써썾썰ɻ
ྫ썟쎇ɺ ɾ쏰썗쏀썣쎿쎮쏒্썢쎠ੜ썮ɺ ɹ쏊쎰쏽쏷썗쏓썾썤쎢ݟੵॻ1%' ɾاۀ쏁쏃쏐쏪쎅ɺ1%'ੜ썮썶ٻॻ ɾ쏕쏯썗쏃쎿쎮쏒쎅ɺެ։લهࣄ쎅ఴ쏟쎫쎮쏵
ྫ썟쎇ɺ ɾ쏰썗쏀썣쎿쎮쏒্썢쎠ੜ썮ɺ ɹ쏊쎰쏽쏷썗쏓썾썤쎢ݟੵॻ1%' ɾاۀ쏁쏃쏐쏪쎅ɺ1%'ੜ썮썶ٻॻ ɾ쏕쏯썗쏃쎿쎮쏒쎅ɺެ։લهࣄ쎅ఴ쏟쎫쎮쏵 ˠશ෦ެ։쏑쎭쏶쎹쏒쏴쎂ஔ썛썽쎆쏊쏫ʂ
썪쎪쎁썪썿쎩ݴ썝ਓ썣썛쎕썰 ʮ63-쎆쏳쏽쏊쏪ʢ쏙쏍쏁쏯ʣ쎁쎪썷썢쎠ɺ ɹ63-쎠쎣쎁썛ݶ쎡ݟ쎣쎁썛썯쎚쎁썛썾썰썢ʯ
썪쎪쎁썪썿쎩ݴ썝ਓ썣썛쎕썰 ʮ63-쎆쏳쏽쏊쏪ʢ쏙쏍쏁쏯ʣ쎁쎪썷썢쎠ɺ ɹ63-쎠쎣쎁썛ݶ쎡ݟ쎣쎁썛썯쎚쎁썛썾썰썢ʯ ɹɹ63-쎩쎠쎁썤쎚ݟ쎣쎁썛 ɹɹ63-썬썟썺썽썛쎣쎇ੈքத썷쎣썾쎙ݟ쎣쎢 ✕
࣮ྫ1̋5*.&4ใ࿙썟썛ࣄ݅ ެ։લ쎅쏡쏶쏃쏴쏴썗쏃쎅ఴ쏟쎫쎮쏵ʢ1%'ʣ 썣ୈࡾऀ썢쎠쎬쎹쏅쏃Մೳ쎁ঢ়ଶ쎂쎁썺썽썡쎡ɺ ྲྀग़ɻ ˠҰาؒҧ썟쎇쎮쏽쎿쎮쏊썗औҾ쎂쎙ܨ썣쎡 ɹ썢쎄쎁썛ࣄҊɻ
썾쎙ඇެ։ྖҬ쎂ஔ썛썶쎠ɺ ݟ썲쎢쎐썤쏰썗쏀쎂쎙 ݟ썲쎠쎣쎁썛쎅썾쎆ʁ
썪썝썰쎢ɻ 쎕썱쏟쎫쎮쏵쎆 ඇެ։ྖҬ쎂ஔ썤ɺ 쏰썗쏀*%썿썿쎙쎂 %#쎂อଘ public function upload(Request $request) {
//ϦΫΤετऔಘ $uploaded_file = $request->file('upload'); //…தུ… //privateσΟεΫʹอଘ $save_path = $uploaded_file->store('userfiles'); //DBʹอଘ $private_file = new PrivateFile(); $private_file->user_id = Auth::id(); $private_file->file_path = $save_path; $private_file->mime_type = $uploaded_file ->getMimeType(); $private_file->save(); //ϓϨϏϡʔ༻ʹURLΛฦ٫ return response()->json([ 'url' => route('private-file', [ $private_file->file_id, $uploaded_file->extension() ]), ]); }
썪썝썰쎢ɻ 쏟쎫쎮쏵༻쎅 쏵썗쏐쎭쏽쎺쎩 ༻ҙ Route::get( ‘/private-files/{private_file}.{ext}', [PrivateFileController::class, ‘view'] )->name('private-file');
썪썝썰쎢ɻ 쎽쏽쏒쏷썗쏳 썢쎠쏟쎫쎮쏵쎩 ฦ٫ public function view(PrivateFile $private_file, string $ext)
{ //ϢʔβIDνΣοΫ if ($private_file->user_id !== Auth::id()) { abort(404); } //ଘࡏνΣοΫ if (!Storage::exists($private_file->file_path)) { abort(404); } //Ϩεϙϯε $headers = ['Content-Type' => $private_file->mime_type]; $content = Storage::get($private_file->file_path); return response($content, 200, $headers); }
썪썝썰쎢ɻ 쏵썗쏐쎭쏽쎺썬쎣 썶63-쎩༻썮썽 ը૾쎩දࣔɻ <img src="{{ route('private-file', [$private_file, $private_file->ext]) }}"
alt=""> ˠ쎬쏍쏡쏷썗쏓썮썶ຊਓҎ֎썣쎬쎹쏅쏃썮썽쎙 ɹ썿쎁쎢ɻ
썶쎕쎂쏷쎺쎮쏽ೝূࠔ쎁ཁ݅쎙썙쎡쎕썰ɻ ྫ썟쎇֎෦쎏쎅쏟쎫쎮쏵ڞ༗ɻ ˠ썴쎣썾쎙쏵썗쏐쎭쏽쎺쎆௨썮썶্썾ɺ ɾਪఆࠔ쎁63-쎂썰쎢 ɾදࣔՄೳ쎁ظؒ쎩੍ݶ ɾදࣔՄೳ쎁ճ쎩੍ݶ ɾ쎬쎹쏅쏃쎅ཤྺ쎩썰
썸쎁쎖쎂쎖쎪쎁େ썤8PSE1SFTT ߘ썣Լॻ썤썾쎙ඇެ։썾쎙ɺ ఴ쏟쎫쎮쏵쎆ެ։쏑쎭쏶쎹쏒쏴쎂ஔ썢쎣쎕썰ɻ 썮썢쎙جຊ쎬쏍쏡쏷썗쏓썮썶쎕쎕쎅쏟쎫쎮쏵໊썾ɻ ˠެ։લهࣄ쎂ݟ쎠쎣썽쎆썛써쎁썛쏟쎫쎮쏵썣 ɹఴ썬쎣쎢Մೳੑ썣썙쎢쎁쎠ɺཁ쎵쏃쏉쏨쎮쏄ɻ
ʮࢁా썬썗쎪ɺௐࠪ։࢝썾ɺ ɹɹ썸쎞썺썿쎛쎇썛쎛썻ݟ썻써쎕썮썶ʯ ࢁా썬쎪 Ծ ʮ쎛쎐썗͆͆͆͆ ɹɾɾɾ썪쎅݅쎆ޱ֎ແ༻썾썡ئ썛썮쎕썰ɻ ɹ໌쎢쎖쎂ग़썶쎠ࢮਓ썣ग़쎕썰ɻʯ
썡٬༷썢쎠Ұචऔ썺썽쎙쎠썺썽ɺ ௐࠪଓߦɻ
None
ɾɾɾʁ
·͔͔ͬͪ͜͞Β ύεϫʔυϦηοτͰ͖ͨΓ ͠ͳ͍ΑͶɾɾɾ
Μɾɾɾʁ
None
썡쎦썢쎡썛썶썷써썶썷쎤썝썢
쏛쏃쏹썗쏓ฏจอଘ
໌썮썶ӡ༻쏟쏷썗 ޱ࠲։ઃ ϑΥʔϜ ొ༰ ֬ೝը໘ ొ ৹ࠪ 쏛쏃쏹썗쏓௨ *%࠾൪ 쏛쏃쏹썗쏓ੜ
ɹɹӡ༻쏟쏷썗্ɺฏจอଘ썲썭쎢쎩ಘ쎁썛 ฉ썤썤썶ݴ썛༁
ɹɹӡ༻쏟쏷썗্ɺฏจอଘ썲썭쎢쎩ಘ쎁썛 ɹɹۀཁ݅쎩ຬ썶썮썻썻ɺฏจอଘෆཁ쎁 ɹɹӡ༻쏟쏷썗쎩ఏҊ썰쎢쎅썣4&쎅ࣄ썾썰ɻ ✕ ฉ썤썤썶ݴ썛༁
썶썿썟쎇ɺ ৹ࠪྃ࣌쎂༗ޮظݶ썤쎅쏒썗쎹쏽쎩ੜ썮ɺ 쏒썗쎹쏽쎅ॳظઃఆ63-쎩쏫썗쏵썾ࣗಈૹɻ ˠظݶ쎂ਖ਼썮썛쏒썗쎹쏽쎅63-썢쎠쎬쎹쏅쏃 ɹ썮썶߹쎅쎖쏛쏃쏹썗쏓ઃఆը໘쎩։썦ɻ ˠ쏰썗쏀ࣗ썣쏛쏃쏹썗쏓쎩ઃఆɻ
쎀썝썮썽쎙༣ૹ썮쎁써쎣쎇썛써쎁썛쎁쎠ɺ ॳظ쏛쏃쏹썗쏓쎆༗ޮظݶ쎅Ծ쏛쏃쏹썗쏓썿 썰쎢ʢ썪쎣썷써쎆ฏจอ࣋ʣɻ ˠॳճ쏷쎺쎮쏽࣌쎂ɺ쏛쏃쏹썗쏓มߋ쎩ڧ੍썰쎢ɻ ʢ썪쎅썿썤ฏจ쎅Ծ쏛쏃쏹썗쏓쎙%#썢쎠আʣ
쎁썳쏛쏃쏹썗쏓ฏจอଘ썣썷쎘쎁쎅썢ʁ
ʮѱҙ쎅ཧऀʯ 쎁썳쏛쏃쏹썗쏓ฏจอଘ썣썷쎘쎁쎅썢ʁ
ɾӡӦձࣾ쎩ୀ৬썮썶ݩࣾһ ɾ։ൃձࣾ쎅ݩ֎쏫쏽쏚썗 ɾFUD શһ쎩৴༻썾썤쎕썰썢ʁ
࣮ྫদ̋ূ݊ސ٬ޱ࠲ෆਖ਼ग़ۚࣄ݅ 쏁쏃쏐쏪։ൃ쎩डୗ썮썶4*FS쎅ࣾһ썣ɺ ސ٬쎅쏛쏃쏹썗쏓쎩ෆਖ਼쎂ೖख썮ɺ ࣗ쎅ޱ࠲쎂ૹۚɻඃֹ쎆ԯԁ༨쎡ɻ
ɾ쏛쏃쏹썗쏓ฏจอଘ ɾཧऀ썣쏛쏃쏹썗쏓쎩ݟ쎣쎢 ɾཧऀ썣쏛쏃쏹썗쏓쎩มߋ썾썤쎢 جຊత쎂શ෦쏊쏫썾썰ɻ
썿썛썝쎦써썾ɺ ཧը໘썾쏛쏃쏹썗쏓쎩 ֬ೝ썮썽쏷쎺쎮쏽ɻ ௐࠪଓߦ
쏷쎺쎮쏽
쎁쎪썷썢ؾ쎂쎁쎢쏫쏕쏯썗쎩ຊೳ썣
썴썺썿൶쎩։썦ɾɾɾ
썪썝썛썝༷썷썿ཧղ ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁྃ ߴߋ৽ "1*
쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ ೖۚࡁ 쎂ߋ৽
썪썝썛썝༷썷썿ཧղ ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁྃ ߴߋ৽ "1*
쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ ೖۚࡁ 쎂ߋ৽ ܾࡁ͕શ֎෦ͳΒ ܾࡁใอ࣋PS௨աͱ͔ͷ ৺ͳ͍͚Ͳɺ ҰԠ͚ͩ͜͜ݟͱ͔͘ɻ
쏇썗쏃쏋쎱쏍쎹 public function webhook(Request $request) { //ϦΫΤετऔಘ $deposit_id = $request->input('rid');
$tran_id = $request->input('tid'); $tran_date = $request->input('tdt'); //֘ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); }
썡쎦썢쎡썛썶썷써썶썷쎤썝썢
public function webhook(Request $request) { //ϦΫΤετऔಘ $deposit_id = $request->input('rid'); $tran_id
= $request->input('tid'); $tran_date = $request->input('tdt'); //֘ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); } 쎙썝Ұ
쏤쎮쏷썗쏓쎂ਖ਼썮썛 lSJEz썬썟썙쎣쎇ɺ ແ݅쎂ೖۚࡁ썿 썮썽ॲཧ썬쎣쎢ɻ public function webhook(Request $request) { //ϦΫΤετऔಘ
$deposit_id = $request->input('rid'); $tran_id = $request->input('tid'); $tran_date = $request->input('tdt'); //֘ͷೖۚ༧ఆΛऔಘ $deposit = Deposit::find($deposit_id); if (!$deposit_id) { abort(400); } //σʔλΛߋ৽ $deposit->status = Status::SUCCESS; $deposit->tran_id = $tran_id; $deposit->tran_date = $tran_date; $deposit->save(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($deposit->user_id, $deposit->amount); //ਖ਼ৗϨεϙϯε die("0"); } 쎙썝Ұ
썻쎕쎡썪썝썰쎢썿 ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁྃ ߴߋ৽ "1*
쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ ೖۚࡁ 쎂ߋ৽ ܾࡁ썲썱쎂 DVSM91045ESJEIUUQT[BSV[BSVFYBNQMFDPNXFCIPPL
ِೖۚ썮์
쏁쏃쏐쏪֎෦썢쎠ॴఆ쎅쏴쎹쎲쏃쏒쎩डऔ쎡ɺ 썴쎅༰쎂Ԡ썯썽ɺ쏑썗쏉쎅࡞쎛ߋ৽쎅 ֤छॲཧ쎩ߦ썝썪썿ɻ ʹී௨썾쎆ઈର쎂쎛쎠쎁썛ةݥ쎁ॲཧ쎩 ɹྫ֎త쎂쎛썺썽썛쎢ɻ ɹɾɾɾ썿썛썝썪썿쎩쎕썱ೝࣝ썮쎕썮쎞썝ɻ 8FCIPPL썿쎆
ɾ௨ৗ8FCIPPL쎩ఏڙ썮썽썛쎢쎿썗쏝쏃쎂쎆 ɹ쏰썗쏀썫썿쎂ݻ༗쎅ʮൿີ伴ʯ썣༻ҙ썬쎣썽썡쎡ɺ ɹ썴쎣쎩༻썛썽쏴쎹쎲쏃쏒쏦쏑쎭쎩쏙쏍쏁쏯썮썶ʮॺ໊ʯ쎩 ɹ쏴쎹쎲쏃쏒쏢쏍쏊썾ૹ썺썽썤쎕썰ɻ ɹ썪쎅썣ਖ਼썮썛썪썿쎩֬ೝ썮ɺਖ਼썮썛࣌쎅쎖ॲཧ쎩࣮ߦ썰쎢쎟썝 ɹ࣮썰쎢ɻ ɾ쏴쎹쎲쏃쏒ݩ쎅*1쎬쏓쏶쏃썣ެ։썬쎣썽썛쎢쎁쎠ɺ ɹ*1쎬쏓쏶쏃쎅쏋쎱쏍쎹쎙ߦ썝ɻ 쎀썝썰쎢쎅ʁ
썪썪썣࠷େ쎅ةػཧ쏧쎮쏽쏒썺쎔썛쎅썾 ೖۚೖྗ ೖۚ֬ೝ ܾࡁը໘ 8FCIPPL Τϯυ ϙΠϯτ ܾࡁྃ ߴߋ৽ "1*
쏴쏊쎮쏶쎹쏒 ຊ쏁쏃쏐쏪 ֎෦ܾࡁ쎿쎮쏒 ผ쏁쏃쏐쏪 8FCIPPL 쎽썗쏵 ೖۚ༧ఆ 쏑썗쏉ొ ೖۚࡁ 쎂ߋ৽
쎁쎪썸쎚쎠쎿썗쏝쏃썾HSFQ ͓ʁ ਵγϯϓϧ͚ͩͲɺ ͜ΕͬͯΔͷʁ public function transaction(Request $request) { $amount
= $request->input('amount'); $user_id = Auth::id(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($user_id, $amount); return ['success' => true]; }
쎽쏽쏒쏷썗쏳໊썾HSFQ Route::post('/api/transaction', [ApiController::class, 'transaction']); ΘΕͱΔΜ͚ɾɾɾ
쎅63*썾(3&1 $('#transaction').submit(function () { $.ajax( '/api/transaction', 'POST', $(this).serialize() ); })
͓͍͓͍͓͍͓͍
JEUSBOTBDUJPO썾HSFQ ͳΜ ίϝϯτΞτ͞ΕͱΔͳ͍͔͍ ͋ʔͼͬ͘Γͨ͠ɻ ͬͯɾɾɾ {{-- <form id=“transaction”> <div class="form-row">
<div class="form-group col-md-6"> <label>ೖֹۚۚ</label> <input type="number" name="amount"> </div> </div> <button class="btn btn-primary">ೖۚ</button> </form> --}}
썡쎦썢쎡썛썶썷써썶썷쎤썝썢
BQJUSBOTBDUJPO쎆ੜ썤썽쎕썰ɻ 쏰썗쏀쏨쎮쏤썗쏂쎂쏷쎺쎮쏽썮썽썶쎠ୟ써쎕썰ɻ public function transaction(Request $request) { $amount = $request->input('amount');
$user_id = Auth::id(); //ӡ༻γεςϜͷߴՃࢉ (API) DataLinkService::add($user_id, $amount); return ['success' => true]; } Route::post('/api/transaction', [ApiController::class, 'transaction']);
썮썢쎙썪쎅63*ɺ+4쏟쎫쎮쏵썾େެ։썬쎣썽쎕썰ɻ $('#transaction').submit(function () { $.ajax( '/api/transaction', 'POST', $(this).serialize() ); })
썻쎕쎡썶썺썶썪쎣썷써썾ɺ BQJUSBOTBDUJPO ϚΠϖʔδ ͷͲ͔͜ GPSN %FW5PPM썾)5.-Ճ 1045
ِೖۚ썮์1BSU
ɾɾɾ썰쎢썪썿쎆Կ쎙썙쎡쎕썲쎪ɻ 쏐쏃쏒༻쏡쏷쎺쏳쏪쎆ফ썮쎕썮쎞썝ɻ ڧ썛썽ݴ썝쎁쎠ɺສҰ쎣ڈ쎠쎣썶࣌쎅썶쎘ɺ 쏐쏃쏒쏡쏷쎺쏳쏪쎆ɺ ࠷ॳ썢쎠-PDBM&OW썾썮썢ಈ썢쎁썛쎟썝쎂 ݅써썮썽썡썦썿ྑ썛썾썰ɻ ղઆ
썴썝썛썟쎇944쎆େৎ썢
쎕썘େৎ썺쎔썛 <div class="form-row align-items-end"> <div class="form-group col-md-6"> <label>ి൪߸</label> <div>{{ $input->phone_1
}}</div> </div> <div class="form-group col-md-6"> <label>ܞଳి൪߸</label> <div>{{ $input->phone_2 }}</div> </div> </div> <div class="form-row align-items-end"> <div class="form-group col-md-12"> <label>උߟ</label> <div>{!! nl2br(e($input->note)) !!}</div> </div> </div>
썴썝썛썟쎇$43'쎆େৎ썢
protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class, //\App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, \App\Http\Middleware\RedirectIfHasProblem::class, ],
$43'쏘썗쎶썗쏓
$43'쎂썻썛썽쎆ɺ썪썸쎠쎅هࣄ썾 ࠷େݶט쎖ࡅ썛썽આ໌썮썽썡쎡쎕썰쎅썾ɺ 썫Ұಡ썦썷썬썛ɻ IUUQT[FOOEFWBEBSUJDMFTFFDFFEDC
-BSBWFM썾쎆ɺಛఆ63-쎅쎖$43'쏋쎱쏍쎹쎩֎썲쎕썰ɻ ຊ݅ݩ쏗쏉쏁쏃쏐쏪썾༻썬쎣썽썛썶쏟쏶썗쏪쏹썗쎹쎂쎆 썴썝썛썝ؾ쎅ར썛썶ػߏ썣쎁썦ɺ શମ썾0/0''썮썢썾썤쎁썢썺썶쎅썾ɺ 8FCIPPL쎅߹썾0''쎂썮썶쎙쎅썿ࢥ쎦쎣쎕썰ɻ쎬쏥썣ɻ 썶썷ɺԾ쎂ಛఆ63-쎅쎖쎆썱썲쎢썿썮썽쎙ɺ ຊ쎂$43'쏋쎱쏍쎹쎩֎썰Ҏ֎쎅ํ๏썣쎁썛썢ɺ ֎썮썽쎙҆શੑ썣֬อ썾썤쎢쎅썢쎀썝썢쎆ɺ 쎟썦ۛຯ썮쎕썮쎞썝ɻ ɿ
࣮ྫ쏫̋쏍쏡쏃쎹쏶쏂쏍쏒쎵썗쏓ใྲྀग़ࣄ݅ 쎹쏶쏂쏍쏒쎵썗쏓ܾࡁ쏡쏳쏍쏒쏟쎳썗쏪쎩 ఏڙ썰쎢ಉࣾ쎅쏁쏃쏐쏪썣ɺ 쎿썗쏚쎏쎅ෆਖ਼쏷쎺쎮쏽ɺ42-쎮쏽쏂쎱쎹쏁쏱쏽ɺ 쏚쏍쎹쏓쎬༷ʑ쎁߈ܸ쎩ड써ɺ 쎹쏶쏂쏍쏒쎵썗쏓ใ࠷େສ݅썣ྲྀग़썮썶 Մೳੑɻ
ࢁా썬쎪 Ծ ʮ쎁쎪썢쎹쏳쎮쎬쏽쏒ۚ༥ி썢쎠ౖ쎠쎣썶쎠썮썦ɺ ɹ৭ʑվमґཔདྷ썴썝썾썰ʯ ʮɾɾɾݏ썾썰ʯ
ແ쎆࠷େ쎅ࡑ ূ݊ձࣾ썿썛썝쏅쏽쏁쏐쎭쏠쎁ۀք쎂썬썟ɺ 썪쎪쎁ྼѱ쎁쏁쏃쏐쏪썣쎕썢쎡௨썺썽썛쎕썰ɻ 쏅쎷쏯쏴쏐쎭쎂썻썛썽ແ썰썥쎢։ൃձࣾɻ ʑ쎅੬ऑੑ쎂ؾ썼썤쎙썮쎁썛ൃऀɻ 쎠쎁썢썺썶썾쎆ࡁ쎕쎁썛쎅썣ɺ 쏁쏃쏐쏪ʢ쎬쏡쏴쎻썗쏁쏱쏽ʣ썾썰ɻ
࠷ޙʹࣗݾհ גࣜձࣾ"%දऔక େࡕࡏॅ 1)1FSྺ͘Β͍ !BEKQ