+- UserSpice (https://userspice.com/forums)
+-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23)
+--- Forum: UserSpice 4.3 and Below (https://userspice.com/forums/forumdisplay.php?fid=26)
+--- Thread: Validate Class matches not working properly with htmlentities. (/showthread.php?tid=942)
Validate Class matches not working properly with htmlentities. - komodo - 02-09-2018
Hello!
I recently strumbled upon a problem concerning the Validate.php Class
A user wanted to use the character & in a password, but it wouldn't let the password validate.
Turns out the matching option converted one & to
Code:
& a m p ;$value got converted to
Code:
& a m p ;hence the missmatch.
![[Image: bildschirmfoto2018-02hpqb5.png]](https://abload.de/img/bildschirmfoto2018-02hpqb5.png)
What would be a quick fix for this?
I would guess:
sanitize($source[$rule_value]);
Validate Class matches not working properly with htmlentities. - faguss - 02-10-2018
Oops. Looks like I screwed up when I was modifying rule "matches". Here's update: https://pastebin.com/KmhvbPFh
Function
Code:
sanitizeCode:
$validation->check($data, $rules, false);Validate Class matches not working properly with htmlentities. - Brandin - 02-10-2018
@faguss - is there a change we should deploy? This is concerning if this will potentially mess up special characters in passwords. I know there was an issue with
Code:
<Brandin.
Validate Class matches not working properly with htmlentities. - komodo - 02-10-2018
@faguss
I have replaced my Validate.php with your update, however it still won't allow & in a password match.
I hesitate to turn off the sanitize option. Isn't it a security issue, even if the data won't get saved into the databse?
Validate Class matches not working properly with htmlentities. - faguss - 02-10-2018
I don't know.
Write your own sanitize function.