Strict validated requests (throw exceptions when accessing unvalidated request input)

[garygreen]

It would be super awesome if you could opt-in to strongly validated requests:

request()->mustValidate(); // opt-in for single request.

class Request implements MustValidate { // for classes

}

\Illuminate\Http\Request::mustValidate(); // for all request classes, bootstrap in one of providers

When accessing properties on the request, it will only ever give you data that has been validated. All other cases will throw an exception.

request('id') // UnvalidatedRequestException
request()->get('id') // UnvalidatedRequestException
request()->all() // only returns validated properties
request()->only() // only returns given properties if they were validated, any properties not validated throw UnvalidatedRequestException

Validate the request:

request()->validate(['id' => 'integer']); // id property will now be gettable on request.

To manually mark properties as validated:

request()->markValidated('id');
request()->markValidated(['username', 'or.dot.format']);

Main motivation behind this is to encourage strong security. There are cases in our application where although we always validate user input, sometimes things get added and slip through unvalidated. This would easily help prevent those situations and add strong security awareness to applications.

[themsaid]

We're working on something for Laravel 9. Thanks :)