Commit d5919da0 authored by Robert Lyon's avatar Robert Lyon
Browse files

Security Bug 1697308: Sanitizing the registration form information

To avoid potential hacking vectors for the site


Change-Id: I53088c5e73017bc59f156483509e1bb7e8c1710a
Signed-off-by: Robert Lyon's avatarRobert Lyon <>
parent a8e37c5a
......@@ -2398,6 +2398,12 @@ function auth_register_submit(Pieform $form, $values) {
global $SESSION;
safe_require('auth', 'internal');
// We need to sanitize the $values to avoid hacking vectors
// There should not be any HTML/JS in the fields so we clean it with htmlpurifier
// Then remove even the safe html tags
foreach ($values as $key => $value) {
$values[$key] = strip_tags(clean_html($value));
$values['key'] = get_random_key();
$values['lang'] = $SESSION->get('lang');
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment