For example I have this url:
http://127.0.0.1/public?valid=test1&invalid=test2
So I send 2 parameters to a related function in its controller:
$input = $request->all();
$validator = Validator::make($input, [
'valid' => 'nullable|string',
]);
if ($validator->fails())
{
return back()->withInput()->withErrors($validator);
}
I expect this url works:
http://127.0.0.1/public?valid=test1
But for this: http://127.0.0.1/public?invalid=test2
I do not want this url works because I do not define invalid
parameter in Validator (The route accepted that URL):
Dose laravel support to refuse miscellaneous parameters?
The laravel website has that bug too
https://laravel.com/?asd=asd
My solution:
$input = $request->all();
$valid = ['valid'];
foreach($input as $key => $val)
{
if(!in_array($key,$valid)) abort(404);
}
from Newest questions tagged laravel-5 - Stack Overflow https://ift.tt/2PtV5Jv
via IFTTT
Aucun commentaire:
Enregistrer un commentaire