Sanitizing preg_match via Request in Laravel 5 not working as it should

2.5k views Asked by At

I have a feature where I sanitize a YouTube link before it gets saved to the database. I have the preg_match working fine, but I can't pass the sanitized version (just the YouTube ID) back to the Controller, it reverts back the unsanitised original link.

VideoRequest:

public function rules()
{
    $this->sanitize();

    return [
        'page_id' => 'required|integer',
        'visibility' => 'required',
        'item_type' => 'required',
        'title' => 'required|string',
        'embed' => 'required',
        'content' => '',
        'image' => 'string',
        'order' => 'required|integer'
    ];
}

public function sanitize()
{
    $input = $this->all();

    if (preg_match('%(?:youtube(?:-nocookie)?\.com/(?:[^/]+/.+/|(?:v|e(?:mbed)?)/|.*[?&]v=)|youtu\.be/)([^"&?/ ]{11})%i', $input['embed'], $match)) {
        $input['embed'] = $match[1];
    } else {
        return "Please try another YouTube URL or link";
    }

    $this->replace($input);
}

VideoController:

public function store(VideoRequest $request)
{
    $video = array_intersect_key(Input::all(), $request->rules());
    VideoItem::create($video);
    flash()->success('New video created');
    return redirect()->back();
}

When I dd($input) at the bottom of sanitize() function it will return all inputs with the embed code correctly, just as an ID. When it passes to rules(); embed is now the original link?

2

There are 2 answers

2
BobSquared On BEST ANSWER

Maybe use a custom validation rule and then a mutator to extract the YouTube id just before the model save. http://laravel.com/docs/5.0/validation#custom-validation-rules

http://laravel.com/docs/5.0/eloquent#accessors-and-mutators

Routes

Route::post('post', 'PostController@store');

 /**
  * Extract Youtube id from url
  * @todo: move to helpers file
  */
function sanitiseHelper ($value) {

    if (preg_match('%(?:youtube(?:-nocookie)?\.com/(?:[^/]+/.+/|(?:v|e(?:mbed)?)/|.*[?&]v=)|youtu\.be/)([^"&?/ ]{11})%i', $value, $match)) {
        return $match[1];
    }

    return false;
}

Controller

namespace App\Http\Controllers;

use App\Post;
use Validator;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;

class PostController extends Controller
{
    /**
     * Store a newly created resource in storage.
     *
     * @return Response
     */
    public function store(Request $request)
    {
        Validator::extend('sanitise', function($attribute, $value, $parameters)
        {
            return sanitiseHelper($value);
        });

        $validator = Validator::make($request->all(), [
            'YoutubeUrl' => 'sanitise'
        ], ['sanitise' => 'Please try another YouTube URL or link']);

        if ($validator->fails()) {
            return $validator->errors()->all();
        }

        // Save
        Post::create($request->all());
    }
}

Model

namespace App;

use Illuminate\Database\Eloquent\Model;

class Post extends Model
{
    public function setYouTubeUrlAttribute($value)
    {
        $this->attributes['YouTubeUrl'] = sanitiseHelper($value);
    }
}
1
TheDevRay On

I use

/^(?:http(?:s)?:\/\/)?(?:www\.)?(?:youtu\.be\/|youtube\.com\/(?:(?:watch)?\?(?:.*&)?v(?:i)?=|(?:embed|v|vi|user)\/))([^\?&\"'>]+)/

to get the ID.