From 634017d95c7c64378004cdd0cf75e54c64601f97 Mon Sep 17 00:00:00 2001 From: 0xcrypto Date: Mon, 14 Jun 2021 23:13:22 +0530 Subject: [PATCH] security fix --- .../Validation/Rules/RequiredIf.php | 6 ++++- tests/Validation/ValidationRequiredIfTest.php | 26 +++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/src/Illuminate/Validation/Rules/RequiredIf.php b/src/Illuminate/Validation/Rules/RequiredIf.php index c4a1001d063a..58ffdee9d5ee 100644 --- a/src/Illuminate/Validation/Rules/RequiredIf.php +++ b/src/Illuminate/Validation/Rules/RequiredIf.php @@ -19,7 +19,11 @@ class RequiredIf */ public function __construct($condition) { - $this->condition = $condition; + if(!is_string($condition) && (is_bool($condition) || is_callable($condition))) { + $this->condition = $condition; + } else { + throw new InvalidArgumentException("Condition type must be 'callable' or 'bool'."); + } } /** diff --git a/tests/Validation/ValidationRequiredIfTest.php b/tests/Validation/ValidationRequiredIfTest.php index b27cc6d4d57f..48a7f23c12e8 100644 --- a/tests/Validation/ValidationRequiredIfTest.php +++ b/tests/Validation/ValidationRequiredIfTest.php @@ -29,4 +29,30 @@ public function testItClousureReturnsFormatsAStringVersionOfTheRule() $this->assertSame('', (string) $rule); } + + public function testItOnlyCallableAndBooleanAreAcceptableArgumentsOfTheRule() + { + $rule = new RequiredIf(false); + + $rule = new RequiredIf(true); + + $this->expectException(InvalidArgumentException::class); + + $rule = new RequiredIf('phpinfo'); + + $rule = new RequiredIf(12.3); + + $rule = new RequiredIf(new stdClass()); + } + + public function testItReturnedRuleIsNotSerializable() + { + $this->expectException(Exception::class); + + $rule = serialize(new RequiredIf(function () { + return true; + })); + + $rule = serialize(new RequiredIf()); + } }