Task 7 - update forbidden field

This commit is contained in:
PovilasKorop
2021-11-29 15:31:28 +02:00
parent ccb91e35fb
commit ce6827fab8
7 changed files with 109 additions and 0 deletions
+8
View File
@@ -80,3 +80,11 @@ Test method `test_form_request_validation()`.
---
## Task 7. Update Forbidden Field.
In `app/Http/Controllers/UserController.php` file, in `update` method, the code updates all the fields. But users.is_admin should not be updated, even if it's passed via the request. Change the line with `$request->all()` to avoid this security issue of updating the admin.
Test method `test_update_forbidden_field()`.
---