From 9bfc1f2c09f6d06095116bae0b391dfb60102ede Mon Sep 17 00:00:00 2001 From: Piyush Agrawal Date: Thu, 28 Apr 2016 15:28:39 +0530 Subject: [PATCH] Validation on password change --- .../src/Forum/Controller/SavePasswordController.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/framework/core/src/Forum/Controller/SavePasswordController.php b/framework/core/src/Forum/Controller/SavePasswordController.php index 9ec31d4d2..fbd3dedbd 100644 --- a/framework/core/src/Forum/Controller/SavePasswordController.php +++ b/framework/core/src/Forum/Controller/SavePasswordController.php @@ -11,6 +11,7 @@ namespace Flarum\Forum\Controller; use Flarum\Core\PasswordToken; +use Flarum\Core\Validator\UserValidator; use Flarum\Forum\UrlGenerator; use Flarum\Http\Controller\ControllerInterface; use Flarum\Http\SessionAuthenticator; @@ -24,6 +25,11 @@ class SavePasswordController implements ControllerInterface */ protected $url; + /** + * @var UserValidator + */ + protected $validator; + /** * @var SessionAuthenticator */ @@ -33,10 +39,11 @@ class SavePasswordController implements ControllerInterface * @param UrlGenerator $url * @param SessionAuthenticator $authenticator */ - public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator) + public function __construct(UrlGenerator $url, SessionAuthenticator $authenticator, UserValidator $validator) { $this->url = $url; $this->authenticator = $authenticator; + $this->validator = $validator; } /** @@ -52,6 +59,8 @@ class SavePasswordController implements ControllerInterface $password = array_get($input, 'password'); $confirmation = array_get($input, 'password_confirmation'); + $this->validator->assertValid(compact('password')); + if (! $password || $password !== $confirmation) { return new RedirectResponse($this->url->toRoute('resetPassword', ['token' => $token->id])); }