no need for htmlspecialchars_decode(email) in handleFormSubmission

steamysips · Apr 19, 2024 · f9045be · f9045be
1 parent 536795b
commit f9045be
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/src/controllers/Login.php b/src/controllers/Login.php
@@ -46,9 +46,7 @@ private function validateUser(string $email, string $password): bool
 
     private function handleFormSubmission(): void
     {
-        // get un-sanitized version of email which may contain special characters
-        // Ref: https://blog.mutantmail.com/can-email-addresses-have-special-characters/
-        $entered_email = htmlspecialchars_decode(trim($_POST['email'] ?? ""));
+        $entered_email = trim($_POST['email'] ?? "");
 
         // leave password unchanged as leading/trailing spaces can be part of password
         // Ref: https://stackoverflow.com/a/7240898/17627866