Sultan
/
invoiceninja
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixes for double encoding

This commit is contained in:
David Bomba 2025-09-04 11:41:06 +10:00
parent 4d63b1336a
commit f0af52c017
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/Http/Controllers/Auth/ResetPasswordController.php
View File

@ -84,6 +84,24 @@ class ResetPasswordController extends Controller
*/ */
public function reset(Request $request) public function reset(Request $request)
{ {
// Safely decode URL-encoded token and email before validation
if ($request->has('token')) {
$token = $request->input('token');
// Only decode if it contains URL encoding characters
if (strpos($token, '%') !== false) {
$request->merge(['token' => urldecode($token)]);
}
}
if ($request->has('email')) {
$email = $request->input('email');
// Only decode if it contains URL encoding characters
if (strpos($email, '%') !== false) {
$request->merge(['email' => urldecode($email)]);
}
}
$request->validate($this->rules(), $this->validationErrorMessages()); $request->validate($this->rules(), $this->validationErrorMessages());
// Here we will attempt to reset the user's password. If it is successful we // Here we will attempt to reset the user's password. If it is successful we