fixes for double encoding

2025-09-04 11:41:06 +10:00 · 2025-09-04 11:41:06 +10:00 · f0af52c017
parent 4d63b1336a
commit f0af52c017
1 changed files with 18 additions and 0 deletions
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@ -84,6 +84,24 @@ class ResetPasswordController extends Controller
     */
    public function reset(Request $request)
    {
+         // Safely decode URL-encoded token and email before validation
+         if ($request->has('token')) {
+            $token = $request->input('token');
+            // Only decode if it contains URL encoding characters
+            if (strpos($token, '%') !== false) {
+                $request->merge(['token' => urldecode($token)]);
+            }
+        }
+        
+        if ($request->has('email')) {
+            $email = $request->input('email');
+            // Only decode if it contains URL encoding characters
+            if (strpos($email, '%') !== false) {
+                $request->merge(['email' => urldecode($email)]);
+            }
+
+        }
+        
        $request->validate($this->rules(), $this->validationErrorMessages());

        // Here we will attempt to reset the user's password. If it is successful we