-
-
Save drakakisgeo/3bba2a2600b4c554f836 to your computer and use it in GitHub Desktop.
| // Step 1. Create this class in the middleware folder. | |
| <?php namespace App\Http\Middleware; | |
| use Closure; | |
| class BeforeAutoTrimmer { | |
| /** | |
| * Handle an incoming request. | |
| * | |
| * @param \Illuminate\Http\Request $request | |
| * @param \Closure $next | |
| * @return mixed | |
| */ | |
| public function handle($request, Closure $next) | |
| { | |
| $request->merge(array_map('trim', $request->all())); | |
| return $next($request); | |
| } | |
| } | |
| // Step 2. Register this middleware in the application's global HTTP middleware stack (app/Http/Kernel.php) | |
| protected $middleware = [ | |
| 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode', | |
| 'Illuminate\Cookie\Middleware\EncryptCookies', | |
| 'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse', | |
| 'Illuminate\Session\Middleware\StartSession', | |
| 'Illuminate\View\Middleware\ShareErrorsFromSession', | |
| 'App\Http\Middleware\VerifyCsrfToken', | |
| 'App\Http\Middleware\BeforeAutoTrimmer' | |
| ]; |
Very nice @trevorgehman !
Nice thanks for that!
Without the need of an helper function:
$trim_if_string = function ($var) { return is_string($var) ? trim($var) : $var; };
$request->merge(array_map($trim_if_string, $request->all()));
This method will effectively ignore array inputs and not trim them.
It'd be better to use array_walk_recursive.
$input = $request->all();
// use a closure here because array_walk_recursive passes
// two params to the callback, the item + the key. If you were to just
// call trim directly, you could end up inadvertently trimming things off
// your array values, and pulling your hair out to figure out why.
array_walk_recursive($input, function(&$in) {
$in = trim($in);
});
$request->merge($input);
One issue I'm having with this: If the input data is passed as JSON in the POST body, this middleware doesn't catch it.
It looks like this is a known issue, but not likely to change: laravel/framework#10725
Open to new ideas on the best way to trim input for requests.
Very helpful, @drakakisgeo and @jimrubenstein.
The combination of middleware and array_walk_recursive works perfectly.
Would doing a combination of @jimrubenstein and @trevorgehman work?
array_walk_recursive(), but then instead of calling, use trim_if_string()?
Essentially, the only data we want to trim are strings anyways, correct?
I'm using this to trim, and also change empty strings "" to null.
<?php namespace App\Http\Middleware;
use Closure;
class ConvertEmptyRequestValuesToNull
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$input = $request->all();
if ($input) {
array_walk_recursive($input, function (&$item) {
$item = trim($item);
$item = ($item == "") ? null : $item;
});
$request->merge($input);
}
return $next($request);
}
}
That function is awesome but it trims with password field also is a problem.
Because many person use white space for their password. So we have to filter it for password.
I think my function is update solution.
<?php
namespace App\Http\Middleware;
use Closure;
class BeforeAutoTrimmer
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$input = $request->all();
if ($input) {
array_walk_recursive($input, function (&$item, $key) {
// RULES 1 FOR STRING AND PASSWORD
if (is_string($item) && !str_contains($key, 'password')) {
$item = trim($item);
}
// RULES 2 FOR NULL VALUE
$item = ($item == "") ? null : $item;
});
$request->merge($input);
}
return $next($request);
}
}
Super helpful! Thank you.
Here is how I use it in a static helper class outside Laravel.
// set trimmed & nulled request
static function setRequest () {
self::$request = Request::capture();
self::$request->merge(array_map(function ($value) {
if (is_string($value)) {
if (empty($value)) {
return null;
}
else {
return trim($value);
}
}
else {
return $value;
}
}, self::$request->all()));
}
For form submissions I use an extension of Laravel's request class that I put together here .
You can skip some fields by adding them to the untrimmable array, use dot indexing for nested keys
For Lavavel >= 5.4, please check the middlewares TrimStrings and ConvertEmptyStringsToNull.
You wish not to use strings for referencing class names. Better use \App\Some\Foo::class instead of "\App\Some\Foo" because typing-mistakes can be quickly found with first way but are hidden away with 2nd method as it is only a string where PHP cannot check if the class reference is still valid.
Example: \Apps\Some\Foo::class <-- see the small s in it? It will be quickly found by PHP.
@shojibflamon you properly want to compare type-safe, means $item === "", else maybe (int) 0 will be converted to NULL which is not intended (e.g. you have a database column is_enabled which has tinyint(1) unsigned not null default 1 then you surely want 0 be set!
This causes an issue for certain form fields such as
<input name="emails[]">since they are treated as arrays. I solved it by changing line 18 to:$request->merge(array_map('trim_if_string', $request->all()));And creating the helper function:
function trim_if_string($var) { return is_string($var) ? trim($var) : $var; }