From f9045be801c0c890ace529d267d43a6b4f3009ec Mon Sep 17 00:00:00 2001 From: creme332 <65414576+creme332@users.noreply.github.com> Date: Fri, 19 Apr 2024 16:42:41 +0400 Subject: [PATCH] no need for htmlspecialchars_decode(email) in handleFormSubmission --- src/controllers/Login.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/controllers/Login.php b/src/controllers/Login.php index 3a37886..8bd7a8a 100644 --- a/src/controllers/Login.php +++ b/src/controllers/Login.php @@ -46,9 +46,7 @@ private function validateUser(string $email, string $password): bool private function handleFormSubmission(): void { - // get un-sanitized version of email which may contain special characters - // Ref: https://blog.mutantmail.com/can-email-addresses-have-special-characters/ - $entered_email = htmlspecialchars_decode(trim($_POST['email'] ?? "")); + $entered_email = trim($_POST['email'] ?? ""); // leave password unchanged as leading/trailing spaces can be part of password // Ref: https://stackoverflow.com/a/7240898/17627866