hardening

Author: jeremykenedy

app/Http/Controllers/Auth/RegisterController.php

@@ -67,9 +67,9 @@ protected function validator(array $data)
         return Validator::make(
             $data,
             [
-                'name'                  => 'required|max:255|unique:users',
-                'first_name'            => '',
-                'last_name'             => '',
+                'name'                  => 'required|max:255|unique:users|alpha_dash',
+                'first_name'            => 'alpha_dash',
+                'last_name'             => 'alpha_dash',
                 'email'                 => 'required|email|max:255|unique:users',
                 'password'              => 'required|min:6|max:30|confirmed',
                 'password_confirmation' => 'required|same:password',
@@ -112,9 +112,9 @@ protected function create(array $data)
         }
 
         $user = User::create([
-            'name'              => $data['name'],
-            'first_name'        => $data['first_name'],
-            'last_name'         => $data['last_name'],
+            'name'              => strip_tags($data['name']),
+            'first_name'        => strip_tags($data['first_name']),
+            'last_name'         => strip_tags($data['last_name']),
             'email'             => $data['email'],
             'password'          => Hash::make($data['password']),
             'token'             => str_random(64),

app/Http/Controllers/UsersManagementController.php

@@ -66,9 +66,9 @@ public function store(Request $request)
         $validator = Validator::make(
             $request->all(),
             [
-                'name'                  => 'required|max:255|unique:users',
-                'first_name'            => '',
-                'last_name'             => '',
+                'name'                  => 'required|max:255|unique:users|alpha_dash',
+                'first_name'            => 'alpha_dash',
+                'last_name'             => 'alpha_dash',
                 'email'                 => 'required|email|max:255|unique:users',
                 'password'              => 'required|min:6|max:20|confirmed',
                 'password_confirmation' => 'required|same:password',
@@ -164,14 +164,18 @@ public function update(Request $request, User $user)
 
         if ($emailCheck) {
             $validator = Validator::make($request->all(), [
-                'name'     => 'required|max:255|unique:users',
-                'email'    => 'email|max:255|unique:users',
-                'password' => 'present|confirmed|min:6',
+                'name'          => 'required|max:255|unique:users|alpha_dash',
+                'email'         => 'email|max:255|unique:users',
+                'first_name'    => 'alpha_dash',
+                'last_name'     => 'alpha_dash',
+                'password'      => 'present|confirmed|min:6',
             ]);
         } else {
             $validator = Validator::make($request->all(), [
-                'name'     => 'required|max:255|unique:users,name,'.$user->id,
-                'password' => 'nullable|confirmed|min:6',
+                'name'          => 'required|max:255|alpha_dash|unique:users,name,'.$user->id,
+                'first_name'    => 'alpha_dash',
+                'last_name'     => 'alpha_dash',
+                'password'      => 'nullable|confirmed|min:6',
             ]);
         }