Filter out any potentially insecure fields before they go to the database.
public filterForm ( array $data ) : array | ||
$data | array | The array of data to filter. |
Résultat | array | Returns a copy of {@link $data} with fields removed. |
/** * Filter dangerous fields out of user-submitted data. * * @param array $data The data to filter. * @param bool $register Whether or not this is a registration. * @return array Returns a filtered version of {@link $data}. */ public function filterForm($data, $register = false) { if (!$register && !Gdn::session()->checkPermission('Garden.Users.Edit') && !c("Garden.Profile.EditUsernames")) { $this->removeFilterField('Name'); } if (!Gdn::session()->checkPermission('Garden.Moderation.Manage')) { $this->addFilterField(['Banned', 'Verified', 'Confirmed', 'RankID']); } $data = parent::filterForm($data); return $data; }