laravel: avoid miscellaneous parameters in get method

Question

For example I have this url:

http://127.0.0.1/public?valid=test1&invalid=test2

So I send 2 parameters to a related function in its controller:

       $input = $request->all();
       $validator = Validator::make($input, [
         'valid' => 'nullable|string',
       ]);

       if ($validator->fails())
       {
         return back()->withInput()->withErrors($validator);
       }

I expect this url works:

http://127.0.0.1/public?valid=test1

But for this: http://127.0.0.1/public?invalid=test2

I do not want this url works because I do not define invalid parameter in Validator (The route accepted that URL):

Dose laravel support to refuse miscellaneous parameters?

The laravel website has that bug too

https://laravel.com/?asd=asd

My solution:

$input = $request->all();
$valid = ['valid'];
foreach($input as $key => $val)
{
   if(!in_array($key,$valid)) abort(404);
}

To throw the 404 if any non-valid parameters are passed, you could do: `if ($request->except('valid')) abort(404);`. — fubar, Oct 31 '18 at 02:45

score 0 · Answer 1 · answered Oct 31 '18 at 02:41

0

You can use $request->only() to get just the parameters you want:

https://laravel.com/docs/5.7/requests#retrieving-input

$data = $request->only(['valid_1', 'valid_2']);

answered Oct 31 '18 at 02:41

newUserName02

1,598
12
17

I tried this method before. yes it remove other parameters, but not return for example 404 page for incorrect URL. So seo problem remains. – Areza Oct 31 '18 at 11:19

laravel: avoid miscellaneous parameters in get method

1 Answers1