spaze
commented
1 year ago Hi, thanks for the PR. This is unfortunately a bit more difficult to handle as some users may disallow params with arrays and this change would miss such params.
Closed mad-briller closed 1 year ago
spaze
commented
1 year ago Hi, thanks for the PR. This is unfortunately a bit more difficult to handle as some users may disallow params with arrays and this change would miss such params.
spaze
commented
1 year ago I believe the changes in 2.12.0 (#174 or even earlier #167) has also resolved this issue so there's no need to short-circuit array type in DisallowedCallParamValueExcept. Can you please check?
I'll then add the tests to make sure it's doing what it should and would prohibit arrays in config.
mad-briller
commented
1 year ago this has fixed it! thanks for getting it over the line and sorry i couldn't take it further, i had a few tries but couldn't make much progress and ran out of time
spaze
commented
1 year ago Thanks and no problem! :-) I'll publish a release soon.
When trying to disallow the usage of a particular configuration key in Laravel, this false positive was discovered.
the Laravel
config()helper can take a string or array as it's first argument, strings are used to read and arrays are used to update the configuration.when a
disallowParamswas set to disallow the use of a constant string as the first argument, calls that provided an array were falsey flagged as disallowed.this rectifies that issue, however i'm not convinced this is the best way to go about this due to unfamiliarity with this codebase, but it resolves the cases i had to hand, so feel free to let me know if there's a better way
thanks for your time