I'm doing a school project in which I make a PHP/Symfony app. There is a form with a field which requires the user to enter an URL for an image hosted elsewhere. The problem is that when submitting the form, my hosting solution's firewall detects a 'Remote File Injection Attack'.
I tried to 'sanitize' the entry with a Twig filter (url_encode) however this does not seem to worl out (I'm quite the beginner as you may have realized by now)
I tried putting the filter after the 'row' :
{{ form_row(formformation.miniature)|url_encode() }}
... which encodes the entire field :
Then i tried putting it inside the row :
{{ form_row(formformation.miniature|url_encode()) }}
... which gives an error as the parameter needs to be a string, not an object.
The field in question is a simple text type field (I tried UrlType, without success)
Extract from the form :
->add('miniature', TextType::class, [
'label' =>'Miniature (URL, taille 120x90 pixels)',
'required'=>false
])
Extract from the entity :
* @Assert\Length(max=46,maxMessage = "L'url de la miniature ne peut pas excéder {{ limit }} caractères")
* @ORM\Column(type="string", length=46, nullable=true)
*/
private $miniature;
I tried other filters including 'raw', enabling/disabling autoescape, nothing seems to work. I'm probably doing something very stupid :) Any ideas would be very much appreciated! Many thanks, Carl