[1.x] Fix password rule #211

driesvints · 2021-01-28T09:16:02Z

This fixes a bug when a non-string value is password as input for a password. For example, as an array through an API request from a third party.

#209

bonroyage · 2021-01-28T11:20:31Z

src/Rules/Password.php

@@ -51,6 +51,8 @@ class Password implements Rule
     */
    public function passes($attribute, $value)
    {
+        $value = is_array($value) ? '' : (string) $value;


Would it make more sense to flip this to an is_scalar($value) ? (string) $value : '' to also capture any possible scenario where the input is an object, although that wouldn't really happen with validating requests but could happen if someone were to run the Validator manually.

The current approach would also convert any class that has __toString implemented, not sure if you intended it like that?

Good suggestion, done 👍

Fix password rule

a3cce94

driesvints mentioned this pull request Jan 28, 2021

Exception if password input is not a string #209

Closed

bonroyage reviewed Jan 28, 2021

View reviewed changes

Adjust logic

38989ba

taylorotwell merged commit e309222 into 1.x Jan 28, 2021

taylorotwell deleted the fix-password-rule branch January 28, 2021 14:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[1.x] Fix password rule #211

[1.x] Fix password rule #211

driesvints commented Jan 28, 2021

bonroyage Jan 28, 2021

driesvints Jan 28, 2021 •

edited

[1.x] Fix password rule #211

[1.x] Fix password rule #211

Conversation

driesvints commented Jan 28, 2021

bonroyage Jan 28, 2021

Choose a reason for hiding this comment

driesvints Jan 28, 2021 • edited

Choose a reason for hiding this comment

driesvints Jan 28, 2021 •

edited