Menu
I have MyRequest.php class extending App\Http\Requests\Request. I want to trim() every input before validation because an e-mail with a space after it does not pass validation.
However sanitize() was removed from src/Illuminate/Foundation/Http/FormRequest.php
529
Laravel Sanitization Sanitization of input includes the techniques to identify and remove the possible input entries of strings that can be harmful to your application.
Sanitizing data means removing any illegal character from the data. Sanitizing user input is one of the most common tasks in a web application. To make this task easier PHP provides native filter extension that you can use to sanitize the data such as e-mail addresses, URLs, IP addresses, etc.
An application receives queries and requests from untrusted sources that might expose the system to malicious attacks. Input sanitization ensures that the entered data conforms to subsystem and security requirements, eliminating unnecessary characters that can pose potential harm.
input() is a method of the Laravel Request class that is extending Symfony Request class, and it supports dot notation to access nested data (like $name = $request->input('products.0.name') ).
Create an abstract SanitizedRequest class that extends the usual Request class.
YourRequest class should extend your SanitizedRequest abstract class.
Your SanitizedRequest class overrides Request::all() as like so...
namespace App\Http\Requests\Forms;
use App\Http\Requests\Request;
abstract class SanitizedRequest extends Request{
private $clean = false;
public function all(){
return $this->sanitize(parent::all());
}
protected function sanitize(Array $inputs){
if($this->clean){ return $inputs; }
foreach($inputs as $i => $item){
$inputs[$i] = trim($item);
}
$this->replace($inputs);
$this->clean = true;
return $inputs;
}
}
Then a normal CustomRequest, but extend SanitizedRequest instead of laravel's Request class
class ContactRequest extends SanitizedRequest{
public function authorize(){ return true; }
public function rules(){ return []; }
}
I just came across for the same problem.
I'd like to show you another way of doing it without extends but with traits. ( I will take the Example Classes from Tarek Adam ).
PHP Traits are like functions which will be injected into the used class. The one main difference is that a Trait doesn't need any dependency like a extends do. This means you can use a trait for more then just one class e.x. for Controllers, Requests and whatever you like.
Laravel provides some traits in the BaseController, we can do the same.
Create a trait as file in \App\Traits\SanitizedRequest.php. You can create it anywhere it doesn't matter really. You have to provide the correct namespace for sure.
namespace App\Trait;
trait SanitizedRequest{
private $clean = false;
public function all(){
return $this->sanitize(parent::all());
}
protected function sanitize(Array $inputs){
if($this->clean){ return $inputs; }
foreach($inputs as $i => $item){
$inputs[$i] = trim($item);
}
$this->replace($inputs);
$this->clean = true;
return $inputs;
}
}
In your Request you can use the trait with use SanitizedRequest keyword.
namespace App\Http\Requests\Forms;
use App\Http\Requests\Request;
use App\Trait\SanitizedRequest; // Import the Trait
class ContactRequest extends Request {
use SanitizedRequest; // This line adds all the Trait functions to your current class
public function authorize(){ return true; }
public function rules(){ return []; }
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
