From 8ce3ce838797d44cbe535b0e520da29a5a0c5c06 Mon Sep 17 00:00:00 2001
From: Gregorio Chiko Putra <gregorio@lepisi.ac.id>
Date: Mon, 11 Sep 2017 11:56:10 +0700
Subject: [PATCH] Implemented method data filter to registration and login

---
 App/Controllers/Home.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/App/Controllers/Home.php b/App/Controllers/Home.php
index c6e76ce..357fe35 100644
--- a/App/Controllers/Home.php
+++ b/App/Controllers/Home.php
@@ -38,6 +38,12 @@ class Home
 
         // Login
         if ($args) {
+            // Avoid XSS
+            $args['exclude'] = [
+                'password'
+            ];
+            $args = XSS::avoid($args);
+            
             $username = $args['username'];
             $password = $args['password'];
 
@@ -122,8 +128,13 @@ class Home
         $args['salt'] = $salt;
         $args['password'] = $password;
 
-        $args['full_name'] = htmlspecialchars($args['full_name']);
-        $args['username'] = htmlspecialchars($args['username']);
+        // Avoid XSS attack
+        // Exclude password and salt
+        $args['exclude'] = [
+            'salt',
+            'password'
+        ];
+        $args = XSS::avoid($args);
 
         $data = $this->model->showAll();
         foreach ($data as $users) {