Commit d9fd5e8d authored by Robert Lyon's avatar Robert Lyon
Browse files

Security Bug 1697308: Sanitizing the registration form information 



To avoid potential hacking vectors for the site

behatnotneeded

Change-Id: I53088c5e73017bc59f156483509e1bb7e8c1710a
Signed-off-by: default avatarRobert Lyon <robertl@catalyst.net.nz>
parent ec2aa2cb

htdocs/auth/lib.php

+6 −0
Original line number Diff line number Diff line
@@ -2430,6 +2430,12 @@ function auth_register_submit(Pieform $form, $values) { 
    global $SESSION;



    safe_require('auth', 'internal');

    // We need to sanitize the $values to avoid hacking vectors

    // There should not be any HTML/JS in the fields so we clean it with htmlpurifier

    // Then remove even the safe html tags

    foreach ($values as $key => $value) {

        $values[$key] = strip_tags(clean_html($value));

    }

    $values['key'] = get_random_key();

    $values['lang'] = $SESSION->get('lang');