fix: set only validated fields to Entity

All user input should be validated.

Author: kenjis

src/Controllers/RegisterController.php

@@ -76,12 +76,8 @@ public function registerAction(): RedirectResponse
         }
 
         // Save the user
-        $allowedPostFields = array_merge(
-            setting('Auth.validFields'),
-            setting('Auth.personalFields'),
-            ['password']
-        );
-        $user = $this->getUserEntity();
+        $allowedPostFields = array_keys($rules);
+        $user              = $this->getUserEntity();
         $user->fill($this->request->getPost($allowedPostFields));
 
         // Workaround for email only registration/login