fix: only validate data from POST request body

miguel-rn · web-flow · commit a96ccdf503d8 · 2023-04-10T02:55:33.000Z
With the current data validation check, an empty POST request with valid GET parameters will cause the validation to pass but credentials which are later fetched from POST request body will be null.
diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
@@ -47,7 +47,7 @@ public function loginAction(): RedirectResponse
         // like the password, can only be validated properly here.
         $rules = $this->getValidationRules();
 
-        if (! $this->validate($rules)) {
+        if (! $this->validateData($this->request->getPost(), $rules)) {
             return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
         }
 

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ public function loginAction(): RedirectResponse`
`47`	`47`	`// like the password, can only be validated properly here.`
`48`	`48`	`$rules = $this->getValidationRules();`
`49`	`49`
`50`		`- if (! $this->validate($rules)) {`
	`50`	`+ if (! $this->validateData($this->request->getPost(), $rules)) {`
`51`	`51`	`return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());`
`52`	`52`	`}`
`53`	`53`