Merge pull request #15987 from spencerrlongg/bug/sc-27192
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Docker images (Alpine) / docker (push) Waiting to run
Docker images / docker (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Waiting to run

Add `string` to Password Reset Username Rules
This commit is contained in:
snipe 2024-12-18 20:09:14 +00:00 committed by GitHub
commit 0dce3b8b8c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -50,14 +50,14 @@ class ForgotPasswordController extends Controller
*/ */
public function sendResetLinkEmail(Request $request) public function sendResetLinkEmail(Request $request)
{ {
/** /**
* Let's set a max character count here to prevent potential * Let's set a max character count here to prevent potential
* buffer overflow issues with attackers sending very large * buffer overflow issues with attackers sending very large
* payloads through. * payloads through. The addition of the string rule prevents attackers
* sending arrays through and causing 500s
*/ */
$request->validate([ $request->validate([
'username' => ['required', 'max:255'], 'username' => ['required', 'max:255', 'string'],
]); ]);
/** /**