@@ -41,7 +41,7 @@ trait ValidatesDatabaseParameters
4141 * only contains allowed characters before being used in SQL statements
4242 * (or paths in the case of SQLiteDatabaseManager).
4343 *
44- * By default, only the characters in allowedParameterCharacters() are allowed.
44+ * By default, only the characters in $ allowedParameterCharacters are allowed.
4545 *
4646 * @throws InvalidArgumentException
4747 */
@@ -56,10 +56,13 @@ protected function validateParameter(mixed $parameter, string|null $allowedChara
5656 }
5757
5858 if (! is_string ($ parameter )) {
59- // E.g. if a parameter is retrieved from the config, it isn't necessarily a string
6059 throw new InvalidArgumentException ('Parameter has to be a string. ' );
6160 }
6261
62+ if ($ parameter === '' ) {
63+ throw new InvalidArgumentException ('Parameter cannot be an empty string. ' );
64+ }
65+
6366 $ allowedCharacters ??= static ::$ allowedParameterCharacters ;
6467
6568 foreach (str_split ($ parameter ) as $ character ) {
@@ -70,7 +73,7 @@ protected function validateParameter(mixed $parameter, string|null $allowedChara
7073 }
7174
7275 /**
73- * Ensure password only contains allowed characters (allowedPasswordCharacters() )
76+ * Ensure password only contains allowed characters ($ allowedPasswordCharacters)
7477 * before being used in SQL statements.
7578 *
7679 * Used in permission controlled managers as a shorthand for calling validateParameter()
@@ -81,7 +84,11 @@ protected function validateParameter(mixed $parameter, string|null $allowedChara
8184 protected function validatePassword (string |null $ password ): void
8285 {
8386 if (is_null ($ password )) {
84- throw new InvalidArgumentException ('Parameter cannot be null. ' );
87+ throw new InvalidArgumentException ('Password cannot be null. ' );
88+ }
89+
90+ if ($ password === '' ) {
91+ throw new InvalidArgumentException ('Password cannot be an empty string. ' );
8592 }
8693
8794 $ this ->validateParameter ($ password , allowedCharacters: static ::$ allowedPasswordCharacters );
0 commit comments