发表新帖
发表新帖

Codeigniter - Disable XSS filtering on a post basis

后端 未结
关注
7 1841
予麋鹿
予麋鹿 2020-12-03 03:25

I\'m trying to set up a CMS on the back of a site but whenever post data has a in it the post data gets scrapped.

I\'ve got $config

7条回答
  • 北荒
    北荒 (楼主)
    2020-12-03 03:49

    working with CI 2.2 I think that the solution from treeface will leave input->get(), input->cookie() etc not being xss_cleaned. (we use get in oauth requests etc). The global config change stops them being escaped by the constructor and the core class still defaults xss_clean to FALSE on these methods...

    I have basically implemented the same solution across more methods.

    class MY_Input extends CI_Input {

    /* fixes to allow xss_clean to be disabled on a per field basis
    * [ e.g. tinymce html content with style / class / event attributes ]
    * initial ref : http://stackoverflow.com/questions/3788476/codeigniter-disable-xss-filtering-on-a-post-basis
    * this is based on CI 2.2
    * the above (stackoverflow) solution only updates the post method - which means all the rest ( get, get_post, cookie, server, request_headers, get_request_header)
    * NB : we need GET to allow oauth type activities !
    *
    *   1 - change the global config to xss_clean = false [ otherwise the constructor will 'xss_clean' everything before we have a chance to say no ! ]
    *   2 - make all of methods that take the xss_clean parameter use TRUE as default value
    *   3 - we can now pass the second parameter in as FALSE if we do not want to xss_clean
    */

    function get($index = '', $xss_clean = TRUE)
    {
        return parent::get($index, $xss_clean);
    }

    function post($index = '', $xss_clean = TRUE)
    {
        return parent::post($index, $xss_clean);
    }

    function get_post($index = '', $xss_clean = TRUE)
    {
        return parent::get($index, $xss_clean);
    }

    function cookie($index = '', $xss_clean = TRUE)
    {
        return parent::cookie($index, $xss_clean);
    }

    function server($index = '', $xss_clean = TRUE)
    {
        return parent::server($index, $xss_clean);
    }

    function request_headers($xss_clean = TRUE)
    {
        return parent::request_headers($xss_clean);
    }

    function get_request_header($index, $xss_clean = TRUE)
    {
        return parent::get_request_header($index, $xss_clean);
    }

}

    hope this is of some help to someone

    0 讨论(0)
 看不清?
提交回复
热议问题