[5.7] Trim model class name when passing in middleware

[ankurk91]

Hi,

When passing php class names in middleware, for example

// routes/web.php
Route::post('/', 'Job\DocumentController@store')->name('store')
            ->middleware('can:create, App\Models\JobDocument');
// Notice the whitespace after comma (,) in middleware()

Developer can accidentally add a whitespace before class name.
This whitespace will cause the linked policy not to be found and cause a 403 http response.

It took me hours to figure out why the policy class is not being loaded.

More insights here -
Laravel resolves for registered policy here

framework/src/Illuminate/Auth/Access/Gate.php

Line 514 in 2dd96e9

if (isset($this->policies[$class])) {

The registered policies array look like this

array:4 [▼
  "App\Models\Job" => "App\Policies\JobPolicy"
  "App\Models\Admin" => "App\Policies\AdminPolicy"
  "App\Models\UserDocument" => "App\Policies\UserDocumentPolicy"
  "App\Models\JobDocument" => "App\Policies\JobDocumentPolicy"
]

Having a space in model php class fails the isset($this->policies[$class]) condition.
The trim will ensure that isset call will not fail in this condition.
I don't see any side effects trimming the class name here.

Thanks.

[sisve]

I imagine that all comma-separated parameters sent to any middlewares should get this treatment. Does it make sense that only a specific parameter for a specific middleware supports comma+space?

If so, that would be done in Pipeline::parsePipeString(...) where we currently split on comma, but doesn't trim the resulting parts. Something as simple as a $parameters = array_map('trim', $parameters); may be enough.

framework/src/Illuminate/Pipeline/Pipeline.php

Lines 167 to 176 in 2dd96e9

	protected function parsePipeString($pipe)
	{
	list($name, $parameters) = array_pad(explode(':', $pipe, 2), 2, []);
	if (is_string($parameters)) {
	$parameters = explode(',', $parameters);
	}
	return [$name, $parameters];
	}

[ankurk91]

@sisve
I agree with you; as long as it is non breaking.