Home/ Questions/Q 8441263
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T08:31:27+00:00

How would you secure a slug in Symfony2.1? A malicious user could append ;rm

  • 0

How would you secure a slug in Symfony2.1?

A malicious user could append ";rm -rf *" to the id value and delete the entire Website. In symfony2.1, is there a simple way to secure the slugs?

I have tried to secure an id this way. 

/**
 * The idea is to check that the slug cart_id is an id and not
 *
 * @Route("/{cart_id}/show", name="show_cart")
 * @Template()
 */
public function showCartAction($cart_id)
{

    if (!preg_match("/^[0-9]{2}$/", $cart_id))
    {
       throw new \Exception("the id is not correct");
    }

    $cart = $this->getCartManager()
        ->getCart($cart_id);

    return array(
        'cart'=> cart
    );
}

Do you find this necessary? Would you do it this way ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can ensure that cart_id will always accept integer by adding requirements in @Route annotation. e.g

    /**
 * @Route("/{cart_id}/show", name="show_cart", requirements={"cart_id" = ("\d+")})
 * @Template()
 */

    But still there is almost zero chance that the attacker will execute malicious query via sql-injection as Doctrine2 uses PDO prepared statement with parametarized query. For more information about prepared statement with parametarized query see here and here.

    • 0