Begin implementation of new request validation, closes #470

.gitignore

@@ -22,3 +22,4 @@ Dockerfile
 docker-compose.yml
 # for image related files
 misc
+.phpstorm.meta.php

.styleci.yml

@@ -4,3 +4,4 @@ disabled:
   - concat_without_spaces
 enabled:
   - concat_with_spaces
+  - no_unused_imports

app/Http/Controllers/Admin/OptionController.php

@@ -35,6 +35,7 @@ use Pterodactyl\Http\Controllers\Controller;
 use Pterodactyl\Repositories\OptionRepository;
 use Pterodactyl\Repositories\VariableRepository;
 use Pterodactyl\Exceptions\DisplayValidationException;
+use Pterodactyl\Http\Requests\Admin\Service\StoreOptionVariable;
 
 class OptionController extends Controller
 {
@@ -198,28 +199,23 @@ class OptionController extends Controller
     /**
      * Handles POST when editing a configration for a service option.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \Pterodactyl\Http\Requests\Admin\Service\StoreOptionVariable  $request
-     * @param  int                       $option
+     * @param  int                                                           $option
-     * @param  int                       $variable
+     * @param  int                                                           $variable
      * @return \Illuminate\Http\RedirectResponse
      */
-    public function editVariable(Request $request, $option, $variable)
+    public function editVariable(StoreOptionVariable $request, $option, $variable)
     {
         $repo = new VariableRepository;
 
         try {
             if ($request->input('action') !== 'delete') {
-                $variable = $repo->update($variable, $request->intersect([
+                $variable = $repo->update($variable, $request->normalize());
-                    'name', 'description', 'env_variable',
-                    'default_value', 'options', 'rules',
-                ]));
                 Alert::success("The service variable '{$variable->name}' has been updated.")->flash();
             } else {
                 $repo->delete($variable);
                 Alert::success('That service variable has been deleted.')->flash();
             }
-        } catch (DisplayValidationException $ex) {
-            return redirect()->route('admin.services.option.variables', $option)->withErrors(json_decode($ex->getMessage()));
         } catch (DisplayException $ex) {
             Alert::danger($ex->getMessage())->flash();
         } catch (\Exception $ex) {

app/Http/Requests/Admin/Service/StoreOptionVariable.php

@@ -0,0 +1,75 @@
+<?php
+/*
+ * Pterodactyl - Panel
+ * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+namespace Pterodactyl\Http\Requests\Admin\Service;
+
+use Pterodactyl\Models\User;
+use Illuminate\Foundation\Http\FormRequest;
+
+class StoreOptionVariable extends FormRequest
+{
+    /**
+     * Determine if user is allowed to access this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        if (! $this->user() instanceof User) {
+            return false;
+        }
+
+        return $this->user()->isRootAdmin();
+    }
+
+    /**
+     * Set the rules to be used for data passed to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'name' => 'required|string|min:1|max:255',
+            'description' => 'nullable|string',
+            'env_variable' => 'required|regex:/^[\w]{1,255}$/',
+            'rules' => 'bail|required|string',
+            'default_value' => explode('|', $this->input('rules')),
+            'options' => 'sometimes|required|array',
+        ];
+    }
+
+    /**
+     * Return only the fields that we are interested in from the request.
+     * This will include empty fields as a null value.
+     *
+     * @return array
+     */
+    public function normalize()
+    {
+        return $this->only(
+            array_keys($this->rules())
+        );
+    }
+}

resources/lang/en/base.php

@@ -57,15 +57,15 @@ return [
                     ],
                     'view' => [
                         'title' => 'View Server',
-                        'desc'=> 'Allows viewing of specific server user can access.',
+                        'desc' => 'Allows viewing of specific server user can access.',
                     ],
                     'power' => [
                         'title' => 'Toggle Power',
-                        'desc'=> 'Allow toggling of power status for a server.',
+                        'desc' => 'Allow toggling of power status for a server.',
                     ],
                     'command' => [
                         'title' => 'Send Command',
-                        'desc'=> 'Allow sending of a command to a running server.',
+                        'desc' => 'Allow sending of a command to a running server.',
                     ],
                 ],
             ],