CodeIgniter Forums
Form validation, valid_email - Printable Version

+- CodeIgniter Forums (
+-- Forum: Development (
+--- Forum: Issues (
+--- Thread: Form validation, valid_email (/thread-68258.html)

Form validation, valid_email - Hyperloop90 - 06-16-2017

I have problem with valid_email method in CI_Form_validation class. I have newest CI, 3.1.4

I use form validation class to validate user input (register page), I have valid_email rule added.
Let's make an example, user inputs email value "[email protected] having 1=1--" obviously it's not valid email, and the validation should fail.

However in this line
there is an if statement, which evaluates to TRUE, and modifies user input to "[email protected]"
and then validation passess without any problems.

I am missing something here? $_POST value remains unchanged, so after sucessfull validation when I take user email like 
PHP Code:

I receive old, incorrect value.


RE: Form validation, valid_email - Narf - 06-19-2017

3.1.5 was just released with this patch: