Commit 49b122ec authored by Robert Lyon's avatar Robert Lyon
Browse files

Security Bug 1697308: Sanitizing the registration form information



To avoid potential hacking vectors for the site

behatnotneeded

Change-Id: I53088c5e73017bc59f156483509e1bb7e8c1710a
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 0d507ed5
...@@ -2363,6 +2363,12 @@ function auth_register_submit(Pieform $form, $values) { ...@@ -2363,6 +2363,12 @@ function auth_register_submit(Pieform $form, $values) {
global $SESSION; global $SESSION;
safe_require('auth', 'internal'); safe_require('auth', 'internal');
// We need to sanitize the $values to avoid hacking vectors
// There should not be any HTML/JS in the fields so we clean it with htmlpurifier
// Then remove even the safe html tags
foreach ($values as $key => $value) {
$values[$key] = strip_tags(clean_html($value));
}
$values['key'] = get_random_key(); $values['key'] = get_random_key();
$values['lang'] = $SESSION->get('lang'); $values['lang'] = $SESSION->get('lang');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment