kdflint
commented
10 years ago enrollForm - done.
See enrollmentProcessor.php for coding pattern.
Open kdflint opened 10 years ago
kdflint
commented
10 years ago enrollForm - done.
See enrollmentProcessor.php for coding pattern.
The following fields require stronger input checks/filters:
searchForm: scope, type messageForm: names, message loginForm: uid, password enrollForm: invitation testMessageLink: testMessage
In addition to to tightening these constraints, centralize the cleansing/validation logic to the top of every processor and use a unified naming scheme for cleansed $_POST and $_GET input. For instance, use an associative array named $clean. This will make it easier to scan the code and ensure no leaks.