Manaus Posted February 21, 2014 Share Posted February 21, 2014 Hello, I've seen from different forum posts that the password field is never sanitized. Isn't it subject to malicious code? Thanks! Link to comment Share on other sites More sharing options...
horst Posted February 21, 2014 Share Posted February 21, 2014 (edited) http://processwire.com/talk/topic/3543-register-users-and-add-page-same-as-username/#entry34854 The password is actually one thing (and probably the only thing) that you really shouldn't sanitize, because you don't want to change the password they entered. What you should do instead is validate it, making sure that it's a string with some length and at least [n] characters (whatever your requirements are). By validate vs. sanitize, I mean don't sanitize (clean) what they entered, but give them an error and make them enter something new if it doesn't validate. Edited February 21, 2014 by horst 1 Link to comment Share on other sites More sharing options...
Soma Posted February 21, 2014 Share Posted February 21, 2014 It is validated and sanitized and throwing error.. But I think its not good if you create own registration and sanitize it before storing as you would end up with different password if you don't take care of showing a error to the user. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now