æ–°å’ Laravel åˆå¿ƒè€…ãŒæˆé•·ã—ã¦ã„ãä¸ã§ æ„Ÿã˜ãŸã‚³ãƒ¬ã‚¸ãƒ£ãƒŠã‚¤æ„Ÿ/PHPerKaigi 2022
PHPer Kaigi 2022 ã®ç™ºè¡¨è³‡æ–™ã§ã™ï¼Ž Laravel ã£ã¦ï¼Œä¾¿åˆ©ãªæ©Ÿèƒ½ãŒæ²¢å±±å®Ÿè£…ã•ã‚Œã¦ã„ã‚‹ã—,ディレクトリ構æˆã‚‚テンプレートãŒãã®ã¾ã¾ä½¿ãˆã¦åˆå¦è€…ã«å„ªã—ã„ã§ã™ã‚ˆã. ã‹ãã„ã†åƒ•ã‚‚,ã»ã¨ã‚“ã© Laravel ã®å®Ÿå‹™çµŒé¨“ãŒç„¡ã„ã¾ã¾æ–°å’ã§ç¤¾å†…プãƒãƒ€ã‚¯ãƒˆã‚’引ã継ã„ã é ƒã¯ã€Œä¾¿åˆ©ã 便利ã ã€ã¨L…
Laravel <= v8.4.2 debug mode: Remote code execution
Posted By Charles Fol laravel rce debug file write file read CVE-2021-3129 Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129)In late November of 2020, during a security audit for one of our clients, we came accross a website based on Laravel. While the site's security state was pretty good, we remarked that it was running in debug mode, thus displaying verbose error messages inclu
5å¹´é–“ Laravel を使ã£ã¦è¾¿ã‚Šç€ã„ãŸï¼Œå…¨ç„¶é ‘張らãªã„「ãªã‚“ã¡ã‚ƒã£ã¦ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒ¼ã‚テクãƒãƒ£ã€ã¨ã„ã†è½ã¨ã—ã©ã“ã‚
ã“ã®è¨˜äº‹ã¯ Laravel Advent Calendar 2020 - Qiita 最終日ã®è¨˜äº‹ã§ã™ã€‚ TL;DR DDD ã‚„ "真ã®" クリーンアーã‚テクãƒãƒ£ã¯ï¼Œ Web æ¥ç•Œã«ãŠã‘る大抵ã®ç¾å ´ã§ã¯ã‚ªãƒ¼ãƒãƒ¼ã‚¹ãƒšãƒƒã‚¯ã ã—,導入ã—ã¦ã‚‚全員ãŒã¤ã„ã¦ã“れるã¨ã¯é™ã‚‰ãªã„ app/UseCases ディレクトリã ã‘切ã£ã¦ï¼Œãƒ‰ãƒ¡ã‚¤ãƒ³ã”ã¨ã«å˜ä¸€è²¬å‹™ãªã‚¯ãƒ©ã‚¹ã‚’ç½®ãã¨ä½¿ã„ã‚„ã™ã„よ ActiveRecord 指å‘ã®ãƒ•ãƒ¬ãƒ¼ãƒ ワーク㧠Repository パターンを無ç†ã«å°Žå…¥ã™ã‚‹ã¨æ»ã¬ã®ã§ï¼Œ UseCase 㧠Eloquent Model ã®æ©Ÿèƒ½ã‚’使ã†ã“ã¨ã‚’æれる㪠ã¯ã˜ã‚ã« Zenn ã§ã¯åˆæŠ•ç¨¿ã§ã™ã€‚日本㮠Laravel コミュニティã§ã¯ã‚‚ã†ãŠé¦´æŸ“ã¿ã®ã‚ˆã†ã§å®Ÿã¯ã‚ã¾ã‚Šé¡”を出ã—ã¦ã„ãªã„(?) @mpyw ã¨ç”³ã—ã¾ã™ã€‚オンラインサãƒãƒ³ã®ç«ä»˜ã‘å½¹ã¨ãªã£ãŸ Synapse ãŒæœ€åˆã®ä»•äº‹ã§ã—ãŸãŒï¼Œå°±è·å¾Œã™ã会社ãŒ
ゼãƒãƒ™ãƒ¼ã‚¹ã‹ã‚‰ Laravel を用ã„ãŸâ€¨ API 実装オートメーション - Speaker Deck
Speaker Deck This deck requires a password Password
Laravel ã®è„†å¼±æ€§ CVE-2017-14775 ã®å¯¾å‡¦æ³• - Innovator Japan Engineers’ Blog
ã“ã‚“ã«ã¡ã¯ã€‚エンジニア㮠@localdisk ã§ã™ã€‚2017/09/27ã« CVE-2017-14775 ã¨ã„ㆠLaravel ã®è„†å¼±æ€§ãŒå ±å‘Šã•ã‚Œã¾ã—ãŸã€‚CVE-2017-14775 ã¯ã‚ªãƒ¼ãƒˆãƒã‚°ã‚¤ãƒ³å‡¦ç†ã«*1タイミング攻撃ã®è„†å¼±æ€§ãŒã‚ã‚‹ã¨ã„ã†ã‚‚ã®ã§ã™ã€‚ タイミング攻撃ã«ã¤ã„ã¦ã¨ãã®å¯¾ç–ã«ã¤ã„ã¦ã¯ä¸‹è¨˜ã‚¨ãƒ³ãƒˆãƒªã«è©³ã—ãã¾ã¨ã¾ã£ã¦ã„ã¾ã™ã€‚ PHP本体ã§ã‚¿ã‚¤ãƒŸãƒ³ã‚°æ”»æ’ƒã‚’防御ã§ãるよã†ã«ãªã‚Šã¾ã™ | yohgaki's blog ã“ã®è„†å¼±æ€§ã¯ 2017/09/21 ã«ãƒªãƒªãƒ¼ã‚¹ã•ã‚ŒãŸ 5.5.10 ã§ä¿®æ£ã•ã‚Œã¦ã„ã¾ã™ã€‚対象ã®ã‚¯ãƒ©ã‚¹ã¯ä¸‹è¨˜ã«ãªã‚Šã¾ã™ã€‚ Illuminate\Auth\DatabaseUserProvider Illuminate\Auth\EloquentUserProvider ä¿®æ£ã•ã‚ŒãŸ PR ã¯ä¸‹è¨˜ã«ãªã‚Šã¾ã™ã€‚ [5.5] [Security] Close remember_
PHPフレームワークã®é–‹ç™ºã«è²¢çŒ®ã—ã¦ã„る日本人ã¯ã©ã‚Œãらã„ã„ã‚‹ã®ã‹ï¼Ÿ — A Day in Serenity (Reloaded) — PHP, CodeIgniter, FuelPHP, Linux or something
上記ã®5フレームワークã®å¹³å‡ã¯3.8%ã§ã—ãŸã€‚日本人ã®äººå£ã¯ä¸–ç•Œã®2%ã«æº€ãŸãªã„ã§ã™ã®ã§ã€ãã‚Œã¨æ¯”較ã™ã‚‹ã¨å¤šã„ã§ã™ã€‚ã—ã‹ã—ã€ä¸–ç•Œã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆäººå£ã¯2016å¹´ã§34å„„9åƒä¸‡äººã‚‰ã—ã„ã®ã§ã€ãã‚Œã ã¨äººå£æ¯”ã§ãã‚“ãªã«å¤šãã¯ãªã„ã§ã™ã。 詳細 CakePHP https://github.com/cakephp/cakephp/graphs/contributors chinpei215 waterada nojimage suzuki 8 commits(100ä½ã®Contributorã®ã‚³ãƒŸãƒƒãƒˆæ•°ï¼‰ CodeIgniter https://github.com/bcit-ci/CodeIgniter/graphs/contributors kenjis katsew TakayukiSakai 5 commits FuelPHP https://github.com/fuel/core/gr
HTMLã‹ã‚‰æ¸¡ã•ã‚ŒãŸé…列リクエストをå„PHPフレームワーク標準ã§ãƒãƒªãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³å‡¦ç†ã™ã‚‹ - Qiita
ã¯ã˜ã‚ã« HTMLã§inputã®name属性をname="hoge[]"ã®ã‚ˆã†ã«æŒ‡å®šã—ã¦ã‚„ã‚‹ã¨PHPãªã©ã®ã‚µãƒ¼ãƒã‚µã‚¤ãƒ‰ã«é…列ã¨ã—ã¦Submitã§ãã‚‹ã“ã¨ãŒçŸ¥ã‚‰ã‚Œã¦ã„ã‚‹ãŒï¼ŒPHPフレームワークを使ã£ã¦ã„ã‚‹ã¨ãã®ãƒ‡ãƒ¼ã‚¿ã‚’ã•ã‚‰ã«ãƒãƒªãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³ã«ã‹ã‘ã‚‹ã“ã¨ãŒã»ã¨ã‚“ã©ã‹ã¨æ€ã†ï¼Ž ドã‚ュメントã§ã‚‚ãªã‹ãªã‹ãã®æ‰‹æ³•ã«ã¤ã„ã¦è§£èª¬ã•ã‚Œã¦ã„ãªã„ã“ã¨ãŒå¤šã,é ã‚’æ‚©ã¾ã›ã¦ã„る人もã„ã‚‹ã®ã§ã¯ï¼Ÿ 一応ã»ã¨ã‚“ã©ã®ãƒ¡ã‚¸ãƒ£ãƒ¼ãªæœ€æ–°PHPフレームワークã«ãŠã„ã¦ä¸Šè¨˜ã®ãƒãƒªãƒ‡ãƒ¼ã‚·ãƒ§ãƒ³å‡¦ç†ã¯æ¨™æº–ã®ç¯„囲内ã§å¯èƒ½ãªã®ã§ï¼Œãã®æ–¹æ³•ã«ã¤ã„ã¦ã®ã¾ã¨ã‚. PHPフレームワークリスト ã“ã®è¨˜äº‹ã§å–り上ã’ã¦ã„ã‚‹PHPフレームワークリスト.一応日本ã§ãã‚Œãªã‚Šã«ä½¿ã‚ã‚Œã¦ã„ã‚‹ã‚‚ã®ã‚’éšæ™‚è¿½åŠ äºˆå®šï¼ŽCakePHPã¯çŸ¥ã‚‰ã‚“.ãã®ä»–ã¯ã‚³ãƒ¡ãƒ³ãƒˆãªã©ã§è¦æœ›ãŒã‚ã‚Œã°è¿½åŠ ã™ã‚‹ã¤ã‚‚り. FuelPHP 1.7.* Laravel 5.1.* CodeIgniter 3.
Everything we know about Laravel 5.1 – Updated - Laravel News
{ if (! this.initialized) { search.start(); this.initialized = true; } if (value) { setTimeout(() => { this.$el.querySelector('input').focus(); }, 100); } }); }, }" x-dialog x-model="searchModalIsOpen" x-cloak class="fixed inset-0 z-10" @keydown.slash.meta.window="searchModalIsOpen = !searchModalIsOpen" @keydown.k.meta.window="searchModalIsOpen = !searchModalIsOpen" @keydown.escape.window="searchM
Full Disclosure: Laravel - PHP Object Injection - 4.1, 4.2, 5.0, master
Laravel - PHP Object Injection - 4.1, 4.2, 5.0, master From: Scott Arciszewski <scott () paragonie com> Date: Sun, 19 Apr 2015 14:12:23 -0400 Hi FD Readers, If you're using cookie-based session storage with any version of the Laravel Framework since 4.1 (inclusive), and you turned encryption off (I can't imagine why anyone would do that, but I've seen some weird setups), you are vulnerable to PHP
Laravel 4ã®CSRF脆弱性ã¯ä½•ãŒå•é¡Œã ã£ãŸã®ã‹ï¼Ÿ — A Day in Serenity (Reloaded) — PHP, CodeIgniter, FuelPHP, Linux or something
PHPã§ã®ã‚ã‚‹æ„味「典型的ãªè„†å¼±æ€§ã€ã ã£ãŸã®ã§è¨˜äº‹ã‚’書ãã“ã¨ã«ã—ã¾ã—ãŸã€‚ Laravel 4ã®CSRF脆弱性ã¨ã¯ï¼Ÿ Laravel 4.2.10以å‰ã«CSRFä¿è·ãŒç„¡åŠ¹ã«ãªã‚‹è„†å¼±æ€§ãŒå ±å‘Šã•ã‚Œã¾ã—ãŸã€‚ ã“ã®è„†å¼±æ€§ã¯ã€Laravel標準ã®CSRFä¿è·ï¼ˆcsrfフィルタ)を簡å˜ã«ç„¡åŠ¹åŒ–ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ã‚‚ã®ã§ã™ã€‚ æ—¢å˜ã‚µã‚¤ãƒˆã§ã¯ã€ä»Šã™ãã€ä»¥ä¸‹ã®ä¿®æ£ãƒ‘ッãƒã‚’摘è¦ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚Laravelã®ã‚¢ãƒƒãƒ—デートã§ã¯ä¿®æ£ã•ã‚Œã¾ã›ã‚“。 From ba0cf2a1c9280e99d39aad5d4d686d554941eea1 Mon Sep 17 00:00:00 2001 From: Taylor Otwell <taylorotwell@gmail.com> Date: Sun, 9 Nov 2014 16:29:56 -0600 Subject: [PATCH] Check type of toke
CSRF Vulnerability In Laravel 4 | Laravel Development Blog
On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications. To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following: Route::filter('csrf', function() { if (Session::token() !== Input::get('_token')) { throw new Illuminate\Session\To
Aculios Software Inc — Don't Use Redirect::back() in Laravel 4
We help clients bring digital products and services to market. http://aculios.com/ There is a handy method in the Redirect class that conveniently returns the user back to the previous page they came from. This method is named back() and is called like so: return Redirect::back() Avoid this handy method as it will bring you pain and suffering. It will also cause your teammates to burst out in fits
Yii2.0-beta v.s. Laravel4.1 ベンãƒãƒžãƒ¼ã‚¯ - ãªã‚“ãŸã‚‰ãƒŽãƒ¼ãƒˆç¬¬ä¸‰æœŸãƒ™ãƒ¼ã‚¿
PHP5.5.13ã®ãƒ“ルトインサーãƒãƒ¼ã§ã€Yii2.0-betaã®DBアクセスをå«ã‚ãŸå®Ÿè£…をベンãƒãƒžãƒ¼ã‚¯ãƒ†ã‚¹ãƒˆã—ã¦ã¿ã¾ã—ãŸã€‚ã‚ã€ãƒ™ãƒ³ãƒãƒžãƒ¼ã‚¯ã¯æ„味ãŒç„¡ã„ã¨ã‹ã„ã†ã®ã¯ãƒŠã‚·ã§ã™ã€‚ HelloWorldベンãƒã ã¨ã€ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã¨ãƒ“ューã®ã‚ªãƒ¼ãƒãƒ¼ãƒ˜ãƒƒãƒ‰ã‚’比較ã™ã‚‹ã—ã‹ã§ãã¾ã›ã‚“。簡å˜ã«ãƒãƒ¼ãƒˆã§ãã¦ã—ã¾ã„ã¾ã™ã€‚データベース接続ãªã©ã®ãƒ©ã‚¤ãƒ–ラリをプリãƒãƒ¼ãƒ‰ã—ã¦ã„ã‚‹æ–¹ãŒä¸åˆ©ã«ãªã£ã¦ã—ã¾ã„ã¾ã™ã€‚Yii1ã¯å…¬å¼ç™ºè¡¨ã®HelloWorldベンãƒãŒãšã°æŠœã‘ã¦é€Ÿã‹ã£ãŸ(æ›°ãã€ã»ã¨ã‚“ã©ã®ã‚³ãƒ¼ãƒ‰ã¯å¿…è¦ã«ãªã‚‹ã¾ã§ãƒãƒ¼ãƒ‰ã•ã‚Œãªã„ã“ã¨ã‚’表ã—ã¦ã„るらã—ã„)ã®ã§ã™ãŒã€ãã†ã„ã†éƒ¨åˆ†ã ã‘を際立ãŸã›ã¦ã€ã ã‹ã‚‰å…¨ä½“ãŒé€Ÿã„/é…ã„ã¨è€ƒãˆã‚‹ã®ã¯ãŠã‹ã—ã„ã§ã™ã€‚ ãã“ã§ã€postã¨commentテーブルをæŒã¤åŒã˜ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã«æŽ¥ç¶šã—ã¦ã€postデータを1件ã¨ãã‚Œã«ä»˜éšã™ã‚‹ã‚³ãƒ¡ãƒ³ãƒˆã‚’ã™ã¹ã¦å–å¾—ã™ã‚‹(実際ã«ã¯ãƒ‡ãƒ¼ã‚¿ãŒ1件ã ã‘ã‚ã‚‹)処ç†ã‚’å«ã¿ã¾ã—ãŸã€‚
Symfonyã¨Laravelã§ã¯æžœãŸã—ã¦ã©ã¡ã‚‰ãŒè»½é‡é«˜é€Ÿãªã®ã‹ï¼Ÿ — A Day in Serenity (Reloaded) — PHP, CodeIgniter, FuelPHP, Linux or something
Symfony 2.5.0ã¨Laravel 4.2.1をベンãƒãƒžãƒ¼ã‚¯ã—ã¦ã¿ã¾ã—ãŸã€‚ ベンãƒãƒžãƒ¼ã‚¯ç’°å¢ƒ XAMPP 1.8.3-4 for Linux (32bit) PHP 5.5.11 Zend OPcache v7.0.4-dev Apache 2.4.9 ベンãƒãƒžãƒ¼ã‚¯æ–¹æ³• ã„ã‚ゆる「Hello Worldã€ãƒ™ãƒ³ãƒãƒžãƒ¼ã‚¯ã§ã™ã€‚フレームワークã®æœ€å°ã®ã‚ªãƒ¼ãƒãƒ¼ãƒ˜ãƒƒãƒ‰ã‚’計測ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã«ãªã‚Šã¾ã™ã€‚詳細ã¯ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ï¼ˆå¾Œè¿°ï¼‰ã‚’ã”覧ãã ã•ã„。 以下ã®ã‚ˆã†ãªã‚³ãƒžãƒ³ãƒ‰ã§è¨ˆæ¸¬ã—ã¾ã—ãŸã€‚ $ siege -b -c 10 -t 3S http://localhost/symf/hello?name=BEAR ベンãƒãƒžãƒ¼ã‚¯çµæžœ Symfony Laravel
ãŠçŸ¥ã‚‰ã›
障害
ランã‚ング
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
https://www.reddit.com/r/PHP/comments/131t2k1/laravel_considered_harmful/
作ã£ã¦ç†è§£ã™ã‚‹ãƒãƒƒã‚¯ãƒ‰ã‚¢
CentOS8ã§PHPã€Laravelã®é–‹ç™ºç’°å¢ƒã‚’構築ã™ã‚‹ | ã¿ã‘ã½ã‚“ブãƒã‚° -自称ä¸ç´šè€…ã®ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãƒ–ãƒã‚°-
https://laracasts.com/discuss/channels/general-discussion/laravel-roadmap-and-lts-long-term-support-is-there-any
https://laracasts.com/discuss/channels/general-discussion/removing-controller-boilerplate-maintaining-srp
http://www.pedrogilcandeias.com/blog/2013/08/13/symfony-vs-laravel-vs-codeigniter-vs-plainphp/
{{#tags}}- {{label}}
{{/tags}}