I've noticed on our site a few instances where a script or bot has attempted to do some SQL injection attacks. What I'd like to do is have it so that when something or someone searches for a specific keyword like NULL or '); etc... it will force them to solve a hard captcha. Can you advise how I could potentially implement this?
Add a recaptcha if certain search terms are triggered
Eröffnet von
altmoola
, May 20 2020 05:44
1 Antwort zu diesem Thema
#1
altmoola
-
- Members
-
- 66 Beiträge
Advanced Member
Geschrieben: 20 May 2020 - 17:44
- GalenKa und stefanmueller gefällt das
#2
Marcel Schmidt
-
- Administrators
-
- 149 Beiträge
SmartStore AG
Geschrieben: 02 June 2020 - 14:07
Hi,
sql injections are prevented by default.
If you like to check an users search input, you can have an action filter which gets called whenever an user enters and submits his search request.
You could have for example a SearchActionFilter inherited from an IActionFilter and have your context result cast back to SearchResultModel.
filterContext.Result > (Partial)ViewResult > result.Model > SearchResultModel
You then need to registar this new action filter within your dependency registrar. Something like this:
builder.RegisterType<ProductSearchActionFilter>() // Your custom class
.AsActionFilterFor<SearchController>(x => x.Search(null)) // Controller and Method used for filter
.InstancePerRequest();
Take a look at AmazonPay Plugin filter and dependencyRegistrar for a use case.
Since, there is a difference between InstantSearch and normal Search, you will need to have 2 registrations. One for Search and one for InstantSearch action. Take a look at SearchController actions.
When done correctly, your filter gets called whenever those actions would execute.
Best regards
- stefanmueller gefällt das