Closed acobster closed 3 years ago
I would expect form fields with string values to be properly unescaped/stripped of slashes when calling $form->get().
$form->get()
For example, if $_POST looks like [ "username" => "Coby'" ], I'd expect $form->get('username') to be the string Coby'.
$_POST
[ "username" => "Coby'" ]
$form->get('username')
Coby'
Instead, it includes a slash, e.g. Coby\'. We should probably strip slashes by default for strings, but there may be unintended consequences of this.
Coby\'
For reference: https://sitecrafting.atlassian.net/browse/AWBPPE-185
Fix: https://bitbucket.org/sitecrafting/awb-rebound-and-recovery/commits/70a8ae94
Expected behavior
I would expect form fields with string values to be properly unescaped/stripped of slashes when calling
$form->get()
.For example, if
$_POST
looks like[ "username" => "Coby'" ]
, I'd expect$form->get('username')
to be the stringCoby'
.Actual behavior
Instead, it includes a slash, e.g.
Coby\'
. We should probably strip slashes by default for strings, but there may be unintended consequences of this.