security fix

src/Illuminate/Validation/Rules/RequiredIf.php

@@ -19,7 +19,11 @@ class RequiredIf
      */
     public function __construct($condition)
     {
-        $this->condition = $condition;
+        if(!is_string($condition) && (is_bool($condition) || is_callable($condition))) {
+            $this->condition = $condition;
+        } else {
+            throw new InvalidArgumentException("Condition type must be 'callable' or 'bool'.");
+        }
     }
 
     /**

tests/Validation/ValidationRequiredIfTest.php

@@ -29,4 +29,30 @@ public function testItClousureReturnsFormatsAStringVersionOfTheRule()
 
         $this->assertSame('', (string) $rule);
     }
+
+    public function testItOnlyCallableAndBooleanAreAcceptableArgumentsOfTheRule()
+    {
+        $rule = new RequiredIf(false);
+
+        $rule = new RequiredIf(true);
+
+        $this->expectException(InvalidArgumentException::class);
+
+        $rule = new RequiredIf('phpinfo');
+
+        $rule = new RequiredIf(12.3);
+
+        $rule = new RequiredIf(new stdClass());
+    }
+
+    public function testItReturnedRuleIsNotSerializable()
+    {
+        $this->expectException(Exception::class);
+
+        $rule = serialize(new RequiredIf(function () {
+            return true;
+        }));
+
+        $rule = serialize(new RequiredIf());
+    }
 }