Codeigniter global_xss_filtering

前端未结

关注

 5  1759

一个人的身影 2020-12-03 18:53

In my codeigniter config I have $config[\'global_xss_filtering\'] = TRUE;. In my admin section I have a ckeditor which generates the frontend content.

5条回答

伪装坚强ぢ (楼主)

2020-12-03 19:26

In CodeIgniter 2.0 the best thing to do is to override the xss_clean on the core CI library, using MY_Security.php put this on application/core folder then using /application/config.php

$config['xss_exclude_uris'] = array('controller/method');

here's the MY_Security.php https://gist.github.com/slick2/39f54a5310e29c5a8387:

_fetch_uri_string();
        $uri->_explode_segments();

        $controllers_list = $config->item('xss_exclude_uris');

        // we need controller class and method only
        if (!empty($controllers_list))
        {
            $segments = array(0 => NULL, 1 => NULL);
            $segments = $uri->segment_array();
            if (!empty($segments))
            {
                if (!empty($segments[1]))
                {
                    $action = $segments[0] . '/' . $segments[1];
                }
                else
                {
                    $action = $segments[0];
                }
                if (in_array($action, $controllers_list))
                {
                    $bypass = TRUE;
                }
            }

            // we unset the variable
            unset($config);
            unset($uri);
        }



        if ($bypass)
        {
            return $str;
        }
        else
        {
            return parent::xss_clean($str, $is_image);
        }
    }

}

0 讨论(0)

查看其它5个回答