Hello, I noticed after implementing this as middleware for all incom

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Booleans are nullified about purify HOT 3 CLOSED

stevebauman commented on June 12, 2024

Booleans are nullified

from purify.

Comments (3)

stevebauman commented on June 12, 2024

Hi @stardothosting,

Can you post your middleware and also your test?

from purify.

stardothosting commented on June 12, 2024

@stevebauman,

I have this integrated into a Laravel 8.x web application , here is the middleware :

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Stevebauman\Purify\Facades\Purify;

class XssSanitization
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        $input = $request->all();
        array_walk_recursive($input, function(&$input) {
            $input  = Purify::clean($input);
        });
        $request->merge($input);
        return $next($request);
    }
}

And the test basically simulates a POST submission of form data and checks the database for expected results

public function test_post_submit()
    {
        $response = $this->actingAs($user)
            ->post('/controller/registration/save/first', [
                'offroad' => '0',
            ]);
       $this->assertEquals(422, $response->getStatusCode());
    }

If I change the middleware to basically bypass the Purify filter if null, boolean or integer, it bypasses the problem :

$input = (is_bool($input) || is_int($input) || is_null($input) ? $input : Purify::clean($input));

from purify.

Recommend Projects