Sanitize user input on all API routes (references #996)

2025-08-18 19:37:12 +00:00 · 2020-10-14 22:49:29 +02:00
parent 7b8438bfa2
commit c11001467b
12 changed files with 98 additions and 28 deletions
--- a/controllers/LoginController.php
+++ b/controllers/LoginController.php
@@ -24,7 +24,7 @@ class LoginController extends BaseController

 	public function ProcessLogin(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$postParams = $request->getParsedBody();
+		$postParams = $this->GetParsedAndFilteredRequestBody($request);

 		if (isset($postParams['username']) && isset($postParams['password']))
 		{