Skip to content

Commit e5382f8

Browse files
committed
fix: set only validated fields to Entity
All user input should be validated.
1 parent 9eaa72a commit e5382f8

File tree

1 file changed

+2
-6
lines changed

1 file changed

+2
-6
lines changed

src/Controllers/RegisterController.php

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -76,12 +76,8 @@ public function registerAction(): RedirectResponse
7676
}
7777

7878
// Save the user
79-
$allowedPostFields = array_merge(
80-
setting('Auth.validFields'),
81-
setting('Auth.personalFields'),
82-
['password']
83-
);
84-
$user = $this->getUserEntity();
79+
$allowedPostFields = array_keys($rules);
80+
$user = $this->getUserEntity();
8581
$user->fill($this->request->getPost($allowedPostFields));
8682

8783
// Workaround for email only registration/login

0 commit comments

Comments
 (0)