Validate Class matches not working properly with htmlentities.

[komodo]

Hello!

I recently strumbled upon a problem concerning the Validate.php Class
A user wanted to use the character & in a password, but it wouldn't let the password validate.
Turns out the matching option converted one & to

Code:

& a m p ;

while the other remained a normal &

$value got converted to

Code:

& a m p ;

$source[$rule_value] remained &
hence the missmatch.



What would be a quick fix for this?
I would guess:
sanitize($source[$rule_value]);

[faguss]

Oops. Looks like I screwed up when I was modifying rule "matches". Here's update: https://pastebin.com/KmhvbPFh

Function

Code:

sanitize

is doing the conversion. You can disable it by doing

Code:

$validation->check($data, $rules, false);

[Brandin]

@faguss - is there a change we should deploy? This is concerning if this will potentially mess up special characters in passwords. I know there was an issue with

Code:

<

at one point...thoughts?

Brandin.

[komodo]

@faguss

I have replaced my Validate.php with your update, however it still won't allow & in a password match.
I hesitate to turn off the sanitize option. Isn't it a security issue, even if the data won't get saved into the databse?

[faguss]

I don't know.

Write your own sanitize function.