Manaus Posted February 21, 2014 Posted February 21, 2014 Hello, I've seen from different forum posts that the password field is never sanitized. Isn't it subject to malicious code? Thanks!
horst Posted February 21, 2014 Posted February 21, 2014 (edited) http://processwire.com/talk/topic/3543-register-users-and-add-page-same-as-username/#entry34854 The password is actually one thing (and probably the only thing) that you really shouldn't sanitize, because you don't want to change the password they entered. What you should do instead is validate it, making sure that it's a string with some length and at least [n] characters (whatever your requirements are). By validate vs. sanitize, I mean don't sanitize (clean) what they entered, but give them an error and make them enter something new if it doesn't validate. Edited February 21, 2014 by horst 1
Soma Posted February 21, 2014 Posted February 21, 2014 It is validated and sanitized and throwing error.. But I think its not good if you create own registration and sanitize it before storing as you would end up with different password if you don't take care of showing a error to the user. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now