Commit c332f7a9 authored by Timothée Floure's avatar Timothée Floure

Quickly sanitanize inputs of registration form

parent 04168253
Pipeline #1738 failed with stages
in 37 minutes and 54 seconds
......@@ -17,25 +17,26 @@ WriteMakefile(
: ()),
PL_FILES => {},
PREREQ_PM => {
'Dancer' => 1.3132,
'Dancer::Session::Cookie' => 0,
'Dancer::Plugin::FlashMessage' => 0,
'DBI' => 0,
'DBD::SQLite' => 0,
'Email::Simple' => 0,
'Email::Sender' => 0,
'Email::Valid' => 0,
'JSON' => 0,
'Mail::Sender' => 0,
'Net::LDAP' => 0,
'Plack::Test' => 0,
'Template' => 0,
'Test::More' => 0,
'URI' => 0,
'YAML' => 0,
'List::Pairwise' => 0,
'Package::Alias' => 0,
'REST::Client' => 0,
'Dancer' => 1.3132,
'Dancer::Session::Cookie' => 0,
'Dancer::Plugin::FlashMessage' => 0,
'Dancer::Plugin::EscapeHTML' => 0,
'DBI' => 0,
'DBD::SQLite' => 0,
'Email::Simple' => 0,
'Email::Sender' => 0,
'Email::Valid' => 0,
'JSON' => 0,
'Mail::Sender' => 0,
'Net::LDAP' => 0,
'Plack::Test' => 0,
'Template' => 0,
'Test::More' => 0,
'URI' => 0,
'YAML' => 0,
'List::Pairwise' => 0,
'Package::Alias' => 0,
'REST::Client' => 0,
},
dist => { COMPRESS => 'gzip -9f', SUFFIX => 'gz', },
clean => { FILES => 'Unipoly-MemberManagement-*' },
......
package MemberManagement::Web::Member;
use Dancer::Plugin::EscapeHTML;
use warnings;
use strict;
......@@ -56,20 +57,20 @@ post '/register' => sub {
}
my $req = RegistrationRequest->create(
params->{username},
params->{first_name},
params->{last_name},
params->{common_name},
params->{mobile},
params->{mail},
params->{affiliation},
$selected_mailing_lists,
params->{how_unipoly},
params->{note},
escape_html params->{username},
escape_html params->{first_name},
escape_html params->{last_name},
escape_html params->{common_name},
escape_html params->{mobile},
escape_html params->{mail},
escape_html params->{affiliation},
escape_html $selected_mailing_lists,
escape_html params->{how_unipoly},
escape_html params->{note},
);
if (defined $req) {
flash message => "Registration request for " . params->{username} . " saved.";
flash message => "Registration request for " . escape_html(params->{username}) . " saved.";
my $mail_sent = eval {
Mailer::send_registration_confirmation(
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment