mardi 30 octobre 2018

laravel: avoid miscellaneous parameters in get method

For example I have this url:

http://127.0.0.1/public?valid=test1&invalid=test2

So I send 2 parameters to a related function in its controller:

       $input = $request->all();
       $validator = Validator::make($input, [
         'valid' => 'nullable|string',
       ]);

       if ($validator->fails())
       {
         return back()->withInput()->withErrors($validator);
       }

I expect this url works:

http://127.0.0.1/public?valid=test1

But for this: http://127.0.0.1/public?invalid=test2

I do not want this url works because I do not define invalid parameter in Validator (The route accepted that URL):

Dose laravel support to refuse miscellaneous parameters?

The laravel website has that bug too

https://laravel.com/?asd=asd

My solution:

$input = $request->all();
$valid = ['valid'];
foreach($input as $key => $val)
{
   if(!in_array($key,$valid)) abort(404);
}



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire