diff --git a/app/Http/Requests/SetupDatabaseRequest.php b/app/Http/Requests/SetupDatabaseRequest.php index bd6f8dff..647ecf17 100644 --- a/app/Http/Requests/SetupDatabaseRequest.php +++ b/app/Http/Requests/SetupDatabaseRequest.php @@ -18,6 +18,7 @@ public function rules(): array ], 'db_host' => [ 'required_unless:connection,sqlite', + 'not_regex:/[\r\n]/', ], 'db_port' => [ 'required_unless:connection,sqlite', @@ -25,12 +26,15 @@ public function rules(): array ], 'db_name' => [ 'required_unless:connection,sqlite', + 'not_regex:/[\r\n]/', ], 'db_user' => [ 'required_unless:connection,sqlite', + 'not_regex:/[\r\n]/', ], 'db_password' => [ 'nullable', + 'not_regex:/[\r\n]/', ], ]; } diff --git a/tests/Controller/SetupDatabaseControllerTest.php b/tests/Controller/SetupDatabaseControllerTest.php new file mode 100644 index 00000000..ffbcc90d --- /dev/null +++ b/tests/Controller/SetupDatabaseControllerTest.php @@ -0,0 +1,32 @@ + false, + ]); + + $response = $this->from('/setup/database')->post('/setup/database', [ + 'connection' => 'mysql', + 'db_host' => '127.0.0.1', + 'db_port' => 3306, + 'db_name' => 'linkace', + 'db_user' => 'linkace', + 'db_password' => "secret\nMAIL_MAILER=sendmail", + ]); + + $response + ->assertRedirect('/setup/database') + ->assertSessionHasErrors('db_password'); + } +}