Merge pull request #15987 from spencerrlongg/bug/sc-27192
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Docker images (Alpine) / docker (push) Waiting to run
Docker images / docker (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Waiting to run

Add `string` to Password Reset Username Rules
This commit is contained in:
snipe 2024-12-18 20:09:14 +00:00 committed by GitHub
commit 0dce3b8b8c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -50,14 +50,14 @@ class ForgotPasswordController extends Controller
*/
public function sendResetLinkEmail(Request $request)
{
/**
* Let's set a max character count here to prevent potential
* buffer overflow issues with attackers sending very large
* payloads through.
* payloads through. The addition of the string rule prevents attackers
* sending arrays through and causing 500s
*/
$request->validate([
'username' => ['required', 'max:255'],
'username' => ['required', 'max:255', 'string'],
]);
/**