Inhalte aufrufen

Profilbild

Add a recaptcha if certain search terms are triggered


  • Bitte melden Sie sich an, um eine Antwort zu verfassen.
1 Antwort zu diesem Thema

#1 altmoola

altmoola

    Advanced Member

  • Members
  • 47 Beiträge

Geschrieben: 20 May 2020 - 17:44

I've noticed on our site a few instances where a script or bot has attempted to do some SQL injection attacks. What I'd like to do is have it so that when something or someone searches for a specific keyword like NULL or '); etc... it will force them to solve a hard captcha. Can you advise how I could potentially implement this?


  • GalenKa und stefanmueller gefällt das

#2 Marcel Schmidt

Marcel Schmidt

    SmartStore AG

  • Administrators
  • 103 Beiträge

Geschrieben: 02 June 2020 - 14:07

Hi,

 

sql injections are prevented by default.

If you like to check an users search input, you can have an action filter which gets called whenever an user enters and submits his search request.

You could have for example a SearchActionFilter inherited from an IActionFilter and have your context result cast back to SearchResultModel.

filterContext.Result > (Partial)ViewResult > result.Model > SearchResultModel

 

You then need to registar this new action filter within your dependency registrar. Something like this:

 
                builder.RegisterType<ProductSearchActionFilter>()            // Your custom class 
                    .AsActionFilterFor<SearchController>(x => x.Search(null))    // Controller and Method used for filter
                    .InstancePerRequest();

 

Take a look at AmazonPay Plugin filter and dependencyRegistrar for a use case.

 

Since, there is a difference between InstantSearch and normal Search, you will need to have 2 registrations. One for Search and one for InstantSearch action. Take a look at SearchController actions.

 

When done correctly, your filter gets called whenever those actions would execute.

 

Best regards


  • stefanmueller gefällt das