lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions

Merge pull request #15987 from spencerrlongg/bug/sc-27192

Browse source 
Add `string` to Password Reset Username Rules
This commit is contained in:
snipe 2024-12-18 20:09:14 +00:00 committed by GitHub
commit 0dce3b8b8c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/Auth/ForgotPasswordController.php
View file

@ -50,14 +50,14 @@ class ForgotPasswordController extends Controller
*/ */
public function sendResetLinkEmail(Request $request) public function sendResetLinkEmail(Request $request)
{ {
/** /**
* Let's set a max character count here to prevent potential * Let's set a max character count here to prevent potential
* buffer overflow issues with attackers sending very large * buffer overflow issues with attackers sending very large
* payloads through. * payloads through. The addition of the string rule prevents attackers
* sending arrays through and causing 500s
*/ */
$request->validate([ $request->validate([
'username' => ['required', 'max:255'], 'username' => ['required', 'max:255', 'string'],
]); ]);
/** /**