07-09-2017, 07:28 PM
Hey Brandin, I think I have the answer (I've been unable to post for several days, sorry for a late reply!). The password that is sent to the validation script in login.php has been sanitized by Input::get(), which in turn calls Input:
anitize and calls htmlentities. The < has been converted to < in the password string.
This is the offending line in login.php:
To get around this with minimal code changes, you could modify the Input class call to this:
and later in the function when sanitizing the get/post arrays or single items, run an if ($bypassSanitize === true) before the sanitizing code. Then, in login.php you'd simply change the line to this:
anitize and calls htmlentities. The < has been converted to < in the password string.This is the offending line in login.php:
Code:
$login = $user->loginEmail(Input::get('username'), trim(Input::get('password')), $remember);To get around this with minimal code changes, you could modify the Input class call to this:
Code:
public static function get($item, $bypassSanitize = false) {and later in the function when sanitizing the get/post arrays or single items, run an if ($bypassSanitize === true) before the sanitizing code. Then, in login.php you'd simply change the line to this:
Code:
$login = $user->loginEmail(Input::get('username'), trim(Input::get('password', true)), $remember);