Run $lines through array_filter() to remove empty strings that can cause unhandled exceptions

jamieb-tillo commented 2 years ago

In some cases, the response body pulled from the HaveIBeenPwned API can end with a blank space after the final new line characters. When pulled into the $lines array, this creates an index that consists of just a blank string.

When attempting to call list() on the result of calling explode(':', $line), an Exception is thrown.

This Exception is not caught in this package, or within Laravel NIST which uses it. The stack trace of this Exception exposes the User's password to any logs that record it.

Passing the $lines array through an array_filter() removes any blank indexes and prevents this error.

marensas commented 2 years ago

Currently my users cannot register or edit profile if exposed password is entered - this PR is much needed. Thanks!

coveralls commented 2 years ago

Pull Request Test Coverage Report for Build 176

1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
No unchanged relevant lines lost coverage.
Overall coverage decreased (-0.0%) to 86.735%

Totals
Change from base Build 173:	-0.0%
Covered Lines:	85
Relevant Lines:	98

DivineOmega / password_exposed

Run $lines through array_filter() to remove empty strings that can cause unhandled exceptions #36

Pull Request Test Coverage Report for Build 176

💛 - Coveralls