Add hook to validate save HTTP method (#3100)

Dockerfile

@@ -37,6 +37,6 @@ FROM ospos AS ospos_dev
 RUN mkdir -p /app/bower_components && ln -s /app/bower_components /var/www/html/bower_components
 RUN yes | pecl install xdebug \
     && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
-    && echo "xdebug.remote_enable=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
+    && echo "xdebug.remote_enable=1" >> /usr/local/etc/php/conf.d/xdebug.ini \
     && echo "xdebug.remote_autostart=off" >> /usr/local/etc/php/conf.d/xdebug.ini
 

application/config/hooks.php

@@ -26,6 +26,14 @@ $hook['post_controller'] = array(
                                     'filepath' => 'hooks'
                                 );
 
+$hook['pre_controller'][] = array(
+    'class'    => '',
+    'function' => 'validate_save',
+    'filename' => 'save_hook.php',
+    'filepath' => 'hooks'
+);
+
+
 $hook['pre_system'] = function() {
     $config_path = APPPATH . (ENVIRONMENT == 'testing') ? 'tests/' : 'config/';
 	try {

application/controllers/Items.php

@@ -501,7 +501,7 @@ class Items extends Secure_Controller
 		}
 		$default_pack_name = $this->lang->line('items_default_pack_name');
 
-	//Save item data
+		//Save item data
 		$item_data = array(
 			'name' => $this->input->post('name'),
 			'description' => $this->input->post('description'),
@@ -1153,4 +1153,4 @@ class Items extends Secure_Controller
 		}
 	}
 }
-?>
+?>

application/hooks/save_hook.php

@@ -0,0 +1,16 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+
+function validate_save()
+{
+
+    $url = $_SERVER['REQUEST_URI'];
+
+    $is_save = preg_match('/save\/\d*?/', $url);
+
+    if($is_save && $_SERVER["REQUEST_METHOD"] != "POST" && empty($_POST))
+    {
+        echo "Method not allowed";
+        die;
+    }
+
+}