Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development Issues [Important] Bypass email validation
[Important] Bypass email validation
  • Offline peter
    Junior Member
  • **
  • Posts: 16
    Threads: 5
    Joined: Mar 2015
    Reputation: 0
#1
11-25-2018, 02:43 AM

Hello,

If i simply use this code to check an email in CI :

PHP Code:
$this->form_validation->set_rules('email''email''trim|required|valid_email'); 

I just to need to send a form with this input :

Code:
"><svg/onload=confirm(1)>"@x.y

and I can bypass email validation....

The solution is to fix valid_email from Form_validation.php and add :

PHP Code:
$email filter_var($emailFILTER_SANITIZE_EMAIL); 

You should fix it in CI 3.2 !
Reply


Messages In This Thread
[Important] Bypass email validation - by peter - 11-25-2018, 02:43 AM



Theme © iAndrew 2016 - Forum software by © MyBB