CodeIgniter Forums
Form validation, valid_email - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forum-6.html)
+--- Forum: Issues (https://forum.codeigniter.com/forum-19.html)
+--- Thread: Form validation, valid_email (/thread-68258.html)



Form validation, valid_email - Hyperloop90 - 06-16-2017

Hello,
I have problem with valid_email method in CI_Form_validation class. I have newest CI, 3.1.4

I use form validation class to validate user input (register page), I have valid_email rule added.
Let's make an example, user inputs email value "[email protected] having 1=1--" obviously it's not valid email, and the validation should fail.

However in this line https://github.com/bcit-ci/CodeIgniter/blob/3.1-stable/system/libraries/Form_validation.php#L1232
there is an if statement, which evaluates to TRUE, and modifies user input to "[email protected]"
and then validation passess without any problems.

I am missing something here? $_POST value remains unchanged, so after sucessfull validation when I take user email like 
PHP Code:
$this->input->post('email'

I receive old, incorrect value.

Thanks!


RE: Form validation, valid_email - Narf - 06-19-2017

3.1.5 was just released with this patch: https://github.com/bcit-ci/CodeIgniter/commit/ed1a0453a9372e88058169f2028c9a2140318961