update CONTRIBUTING.md

simonLeary42 · simonLeary42 · commit c0ae6971654d · 2025-04-24T15:06:45.000-04:00
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -10,6 +10,11 @@ When submitting pull requests, the pull request should be made to the version yo
 
 This code base is currently using PHP version 7.4. All files are required to be linted with PSR-12 standard. This repository will automatically check PRs for linting compliance.
 
+Whenever frontend JS limits the possible values of a user input, PHP must do the same!
+There's nothing stopping a user from making custom HTTP POST requests.
+This can be done in `webroot/panel/*.php` while parsing headers, or preferrably in `resources/lib/*.php`.
+For example, both frontend JS and in the `UnityUser` class make sure that a login shell contains only ASCII characters.
+
 ## Development Environment
 
 ### Setting up your Environment
@@ -51,4 +56,4 @@ The following users are available for testing:
 
 ### Changes to Dev Environment
 
-Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.
+Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.
