mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 05:04:07 -08:00
Merge pull request #15987 from spencerrlongg/bug/sc-27192
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Docker images (Alpine) / docker (push) Waiting to run
Docker images / docker (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Waiting to run
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Docker images (Alpine) / docker (push) Waiting to run
Docker images / docker (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Waiting to run
Add `string` to Password Reset Username Rules
This commit is contained in:
commit
0dce3b8b8c
|
@ -50,14 +50,14 @@ class ForgotPasswordController extends Controller
|
|||
*/
|
||||
public function sendResetLinkEmail(Request $request)
|
||||
{
|
||||
|
||||
/**
|
||||
* Let's set a max character count here to prevent potential
|
||||
* buffer overflow issues with attackers sending very large
|
||||
* payloads through.
|
||||
* payloads through. The addition of the string rule prevents attackers
|
||||
* sending arrays through and causing 500s
|
||||
*/
|
||||
$request->validate([
|
||||
'username' => ['required', 'max:255'],
|
||||
'username' => ['required', 'max:255', 'string'],
|
||||
]);
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue