Security Tip #77: Laravel 11's Prompt Validation Rules

We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there too!

Security Tip #77: Laravel 11's Prompt Validation Rules

The next Laravel 11 security feature we’re covering is a topic that’s sometimes ignored as part of security1, although this time with a bit of a twist: Prompt Validation.

As per the release notes:

Laravel Prompts is a PHP package for adding beautiful and user-friendly forms to your command-line applications, with browser-like features including placeholder text and validation.

Laravel Prompts supports input validation via closures:

However, this can become cumbersome when dealing with many inputs or complicated validation scenarios. Therefore, in Laravel 11, you may utilize the full power of Laravel's validator when validating prompt inputs:

We’ve talked about validation many times before, it’s one of the essential steps when handling user input, but what about on the command line? Do we need to validate inputs in our command line tools?

The surface-level answer would be “no, because they already have access”, but security isn’t just about preventing hackers with malicious intent from doing bad things. It’s also about protecting your data and your users from someone with access who accidently destroys or negatively modifies data.

One such way to prevent to prevent accidental data manipulation is to use validation on all sources of input, including in the command line, which is where this new feature for Laravel Prompts comes in!

This new feature allows you to easily define validation rules on your command line tools, which can be used to prevent unexpected inputs from being submitted and actioned in your scripts.

I can see this being particularly useful when you have specific business rules around data formats or permissions, where you can hook into a validator to easily check the rules are followed.

🤓 Learn to Think Like a Hacker with my hands-on practical security course: Practical Laravel Security! 🕵️

Worried about your app being hacked? Book in a Laravel Security Audit and Penetration Test! I can find the vulnerabilities before a hacker does, and help you fix them! 🕵️

1 I even almost skipped over it in the release notes!