The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Validate Class matches not working properly with htmlentities.
#1
Hello!

I recently strumbled upon a problem concerning the Validate.php Class
A user wanted to use the character & in a password, but it wouldn't let the password validate.
Turns out the matching option converted one & to
Code:
& a m p ;
while the other remained a normal &

$value got converted to
Code:
& a m p ;
$source[$rule_value] remained &
hence the missmatch.

[Image: bildschirmfoto2018-02hpqb5.png]

What would be a quick fix for this?
I would guess:
sanitize($source[$rule_value]);
  Reply
#2
Oops. Looks like I screwed up when I was modifying rule "matches". Here's update: https://pastebin.com/KmhvbPFh

Function
Code:
sanitize
is doing the conversion. You can disable it by doing
Code:
$validation->check($data, $rules, false);
  Reply
#3
@faguss - is there a change we should deploy? This is concerning if this will potentially mess up special characters in passwords. I know there was an issue with
Code:
<
at one point...thoughts?

Brandin.
  Reply
#4
@faguss

I have replaced my Validate.php with your update, however it still won't allow & in a password match.
I hesitate to turn off the sanitize option. Isn't it a security issue, even if the data won't get saved into the databse?
  Reply
#5
I don't know.

Write your own sanitize function.
  Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)