summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2019-07-21 13:24:47 +0200
committerIgor Scheller <igor.scheller@igorshp.de>2019-07-21 13:24:47 +0200
commit51a3c6eb44a5dbdf9d7a3cfac678f0d29b0d3eef (patch)
tree653be47a7866e4cd96bc55ab38cef8630659ade9
parentb03102e3c613bd057f117a145d94aec4c977006c (diff)
ErrorHandler: Remove some form fields before serialization
-rw-r--r--src/Middleware/ErrorHandler.php13
-rw-r--r--tests/Unit/Middleware/ErrorHandlerTest.php6
2 files changed, 17 insertions, 2 deletions
diff --git a/src/Middleware/ErrorHandler.php b/src/Middleware/ErrorHandler.php
index c89edb1a..544f35d5 100644
--- a/src/Middleware/ErrorHandler.php
+++ b/src/Middleware/ErrorHandler.php
@@ -6,6 +6,7 @@ use Engelsystem\Http\Exceptions\HttpException;
use Engelsystem\Http\Exceptions\ValidationException;
use Engelsystem\Http\Request;
use Engelsystem\Http\Response;
+use Illuminate\Support\Arr;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
@@ -21,6 +22,16 @@ class ErrorHandler implements MiddlewareInterface
protected $viewPrefix = 'errors/';
/**
+ * A list of inputs that are not saved from form input
+ *
+ * @var array
+ */
+ protected $formIgnore = [
+ 'password',
+ 'password_confirmation',
+ ];
+
+ /**
* @param TwigLoader $loader
*/
public function __construct(TwigLoader $loader)
@@ -58,7 +69,7 @@ class ErrorHandler implements MiddlewareInterface
)
);
- $session->set('form-data', $request->request->all());
+ $session->set('form-data', Arr::except($request->request->all(), $this->formIgnore));
}
}
diff --git a/tests/Unit/Middleware/ErrorHandlerTest.php b/tests/Unit/Middleware/ErrorHandlerTest.php
index ea9cb216..a9fdd71a 100644
--- a/tests/Unit/Middleware/ErrorHandlerTest.php
+++ b/tests/Unit/Middleware/ErrorHandlerTest.php
@@ -176,7 +176,11 @@ class ErrorHandlerTest extends TestCase
$session = new Session(new MockArraySessionStorage());
$session->set('errors', ['validation' => ['foo' => ['validation.foo.required']]]);
- $request = Request::create('/foo/bar', 'POST', ['foo' => 'bar']);
+ $request = Request::create(
+ '/foo/bar',
+ 'POST',
+ ['foo' => 'bar', 'password' => 'Test123', 'password_confirmation' => 'Test1234']
+ );
$request->setSession($session);
/** @var Application $app */