Commit e7b91ff8 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Security Bug 1697308: Sanitizing the registration form information"

parents c1a46ac0 d9fd5e8d
......@@ -2430,6 +2430,12 @@ function auth_register_submit(Pieform $form, $values) {
global $SESSION;
safe_require('auth', 'internal');
// We need to sanitize the $values to avoid hacking vectors
// There should not be any HTML/JS in the fields so we clean it with htmlpurifier
// Then remove even the safe html tags
foreach ($values as $key => $value) {
$values[$key] = strip_tags(clean_html($value));
}
$values['key'] = get_random_key();
$values['lang'] = $SESSION->get('lang');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment