How do I stop CodeIgniter adding semicolons ; to data sent via POST that contains ampersand &?
For example it is converting "a=1&b=2&c=3" into "a=1&b;=2&c;=3". From looking on the forums it seems to be XSS filtering, which I don t want to disable site-wide only for 1 controller, so I tried the code below but it s still doing it:
$this->config->set_item( global_xss_filtering ,false);
I m not using XSS filtering, since it still have bug in it. For example, you will not be able to post a form that have youtube embed code in it when XSS filtering is on. I only use the filter per field that I want it to sanitized.
If your form is working with XSS filtering turned off, then turned it off. If you need to sanitize it against XSS attack, maybe consider another library, such as HTML purifier.
The problem is at the Security class
The following line is adding a semicolon if missing.
$str = preg_replace( #(&#?[0-9a-z]{2,})([x00-x20])*;?#i , "\1;\2", $str);
The solution is to extend CI, creating your own My_Security class. Stick it in the core folder with the _validate_entities function.
Comment the line above.
To turn off cross-site scripting filtering refer to the codeigniter this user guide page
Alternatively, if you want to leave fix the code by hacking core check out this solution
I have looked into trying to use the pagination class within codigniter but for my problem I need to paginate over an array of data and not a database table. In my code I create a custom array and ...
I am going to be builiding a site like ebay - with all the features of ebay. Please note my payment method is limited to paypal. What would be the best PHP framework to use to build this quickly, ...
Quick question about general MVC design principle in PHP, using CodeIgniter or Kohana (I m actually using Kohana). I m new to MVC and don t want to get this wrong... so I m wondering if i have ...
What is the best way to check session from a view in CodeIgniter, it shows no way in their user guide, otherwise I will have to make two views on everything, which is kinda weird...still a newbie to ...
I am using CodeIgniter 1.7.2 with XAMPP 1.7.2 on a Windows computer. I am trying to make use of SimplePie. I followed all the instructions I could find: a copy of simplepie.inc is in my applications/...
How do I stop CodeIgniter adding semicolons ; to data sent via POST that contains ampersand &? For example it is converting "a=1&b=2&c=3" into "a=1&b;=2&c;=3". From looking on the forums ...
I m working on an app in CodeIgniter, and I want to have admin pages for several of the objects in the application, and I m wondering what would be the better way to put these into an MVC structure. ...
I m using the form validation library and have something like this in the view <p> <label for="NAME">Name <span class="required">*</span></label> <?...