From b71a90a3c537b862c55e28d5921dffa35de262d8 Mon Sep 17 00:00:00 2001
From: spencerrlongg <spencer@spencerlong.com>
Date: Mon, 18 Nov 2024 12:44:24 -0600
Subject: [PATCH 1/3] this should be all it takes to fix this, i think

---
 app/Http/Controllers/Auth/ForgotPasswordController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
index a7322e7e5..8e6ff46fd 100644
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -57,7 +57,7 @@ class ForgotPasswordController extends Controller
          * payloads through.
          */
         $request->validate([
-            'username' => ['required', 'max:255'],
+            'username' => ['required', 'max:255', 'string'],
         ]);
 
         /**

From b45cf6124fa4a865d2b5f501629f10f1efad82db Mon Sep 17 00:00:00 2001
From: spencerrlongg <spencer@spencerlong.com>
Date: Wed, 18 Dec 2024 13:57:18 -0600
Subject: [PATCH 2/3] add note

---
 app/Http/Controllers/Auth/ForgotPasswordController.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
index 8e6ff46fd..c64df2807 100644
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -50,11 +50,12 @@ class ForgotPasswordController extends Controller
      */
     public function sendResetLinkEmail(Request $request)
     {
-
+        dump($request);
         /**
          * Let's set a max character count here to prevent potential
          * buffer overflow issues with attackers sending very large
-         * payloads through.
+         * payloads through. The addition of the string rule prevents attackers
+         * sending arrays through and causing 500s
          */
         $request->validate([
             'username' => ['required', 'max:255', 'string'],

From 5042c2b30a7e0a0ed1c45bf7aec74c05a954d333 Mon Sep 17 00:00:00 2001
From: spencerrlongg <spencer@spencerlong.com>
Date: Wed, 18 Dec 2024 13:58:18 -0600
Subject: [PATCH 3/3] oops, rm dump

---
 app/Http/Controllers/Auth/ForgotPasswordController.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
index c64df2807..f385c054c 100644
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -50,7 +50,6 @@ class ForgotPasswordController extends Controller
      */
     public function sendResetLinkEmail(Request $request)
     {
-        dump($request);
         /**
          * Let's set a max character count here to prevent potential
          * buffer overflow issues with attackers sending very large