Closed
Description
- Fortify Version: 1.7.5
- Laravel Version: 8.24.0
- PHP Version: 7.4.1
Description:
When providing a non-scalar input for the password field (e.g. an array), the Password rule will throw an exception for mb_* and preg_match functions:
- mb_strlen() expects parameter 1 to be string, array given (without additional requirements)
- mb_strtolower() expects parameter 1 to be string, array given (with
requireUppercase) - preg_match() expects parameter 2 to be string, array given (with
requireNumericandrequireSpecialCharacter)
Steps To Reproduce:
Exception:
Route::get('validate', function () {
$input = ['password' => ['foo' => 'bar']];
$validator = \Illuminate\Support\Facades\Validator::make($input, [
'password' => ['required', 'string', (new \Laravel\Fortify\Rules\Password())->requireSpecialCharacter()],
]);
$validator->passes();
return $validator->failed();
});Possible solutions:
Option 1: add bail before the Password rule
Option 2: check if the value is a string in the Password rule class (it's a direct copy of the string rule). I'd be happy to put this in a PR if you'd like to go this route.
public function passes($attribute, $value)
{
if(! is_string($value)) { // add this condition
return false;
}
if ($this->requireUppercase && Str::lower($value) === $value) {
return false;
}
if ($this->requireNumeric && ! preg_match('/[0-9]/', $value)) {
return false;
}
if ($this->requireSpecialCharacter && ! preg_match('/[\W_]/', $value)) {
return false;
}
return Str::length($value) >= $this->length;
}