+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19)
+--- Thread: Form validation, valid_email (/showthread.php?tid=68258)
Form validation, valid_email - Hyperloop90 - 06-16-2017
Hello,
I have problem with valid_email method in CI_Form_validation class. I have newest CI, 3.1.4
I use form validation class to validate user input (register page), I have valid_email rule added.
Let's make an example, user inputs email value "[email protected] having 1=1--" obviously it's not valid email, and the validation should fail.
However in this line https://github.com/bcit-ci/CodeIgniter/blob/3.1-stable/system/libraries/Form_validation.php#L1232
there is an if statement, which evaluates to TRUE, and modifies user input to "[email protected]"
and then validation passess without any problems.
I am missing something here? $_POST value remains unchanged, so after sucessfull validation when I take user email like
PHP Code:
$this->input->post('email')
I receive old, incorrect value.
Thanks!
RE: Form validation, valid_email - Narf - 06-19-2017
3.1.5 was just released with this patch: https://github.com/bcit-ci/CodeIgniter/commit/ed1a0453a9372e88058169f2028c9a2140318961