From 51a3c6eb44a5dbdf9d7a3cfac678f0d29b0d3eef Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Sun, 21 Jul 2019 13:24:47 +0200 Subject: [PATCH] ErrorHandler: Remove some form fields before serialization --- src/Middleware/ErrorHandler.php | 13 ++++++++++++- tests/Unit/Middleware/ErrorHandlerTest.php | 6 +++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/Middleware/ErrorHandler.php b/src/Middleware/ErrorHandler.php index c89edb1a..544f35d5 100644 --- a/src/Middleware/ErrorHandler.php +++ b/src/Middleware/ErrorHandler.php @@ -6,6 +6,7 @@ use Engelsystem\Http\Exceptions\HttpException; use Engelsystem\Http\Exceptions\ValidationException; use Engelsystem\Http\Request; use Engelsystem\Http\Response; +use Illuminate\Support\Arr; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\MiddlewareInterface; @@ -20,6 +21,16 @@ class ErrorHandler implements MiddlewareInterface /** @var string */ protected $viewPrefix = 'errors/'; + /** + * A list of inputs that are not saved from form input + * + * @var array + */ + protected $formIgnore = [ + 'password', + 'password_confirmation', + ]; + /** * @param TwigLoader $loader */ @@ -58,7 +69,7 @@ class ErrorHandler implements MiddlewareInterface ) ); - $session->set('form-data', $request->request->all()); + $session->set('form-data', Arr::except($request->request->all(), $this->formIgnore)); } } diff --git a/tests/Unit/Middleware/ErrorHandlerTest.php b/tests/Unit/Middleware/ErrorHandlerTest.php index ea9cb216..a9fdd71a 100644 --- a/tests/Unit/Middleware/ErrorHandlerTest.php +++ b/tests/Unit/Middleware/ErrorHandlerTest.php @@ -176,7 +176,11 @@ class ErrorHandlerTest extends TestCase $session = new Session(new MockArraySessionStorage()); $session->set('errors', ['validation' => ['foo' => ['validation.foo.required']]]); - $request = Request::create('/foo/bar', 'POST', ['foo' => 'bar']); + $request = Request::create( + '/foo/bar', + 'POST', + ['foo' => 'bar', 'password' => 'Test123', 'password_confirmation' => 'Test1234'] + ); $request->setSession($session); /** @var Application $app */