CI 1.7svn less-than (<) is passing through set_value on Form_validation - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: CI 1.7svn less-than (<) is passing through set_value on Form_validation (/showthread.php?tid=12187) |
CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-09-2008 [eluser]beemr[/eluser] Somewhere inbetween updates of the 1.7svn, the set_value function went from escaping less than (<) to letting it pass through intact. This is messing up validation for loadXML(). Anyone else noticed this? Thanks. CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-10-2008 [eluser]beemr[/eluser] Still not exactly sure what was changed between SVN's, but I needed a down-and-dirty fix so: In set_value() in Form_validation, have the function return a regex: Code: return preg_replace("/</", "&lt;", $this->_field_data[$field]['postdata']); Apparently, CI 1.7svn needs to double escape the "less-than" CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-17-2008 [eluser]beemr[/eluser] I have unilaterally decided to open a bug report on this without preconditions. Bug 5562 CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-18-2008 [eluser]beemr[/eluser] It has been fixed in SVN. CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-20-2008 [eluser]beemr[/eluser] Whoops, spoke too soon. loadXML() will still choke on less-thans. The new SVN Form_helper adds a form_prep() call to set_value(), so now the new down-and-dirty fix will be in form_prep() right before it returns $str: Code: $str = reg_replace("/</","&lt;",$str); CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-20-2008 [eluser]beemr[/eluser] If you don't want to extend Form_helper(), then you can simply prep your output before you load it into loadXML(). Code: $str = preg_replace_callback('/(value=)([\'"])+([^\\2])\\2/', create_function('$matches','return $matches[1].$matches[2].htmlspecialchars($matches[3]).$matches[2];'), $this->output->get_output()); |