CodeIgniter Forums
CI 1.7svn less-than (<) is passing through set_value on Form_validation - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: CI 1.7svn less-than (<) is passing through set_value on Form_validation (/showthread.php?tid=12187)



CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-09-2008

[eluser]beemr[/eluser]
Somewhere inbetween updates of the 1.7svn, the set_value function went from escaping less than (<) to letting it pass through intact.

This is messing up validation for loadXML().

Anyone else noticed this?

Thanks.


CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-10-2008

[eluser]beemr[/eluser]
Still not exactly sure what was changed between SVN's, but I needed a down-and-dirty fix so:

In set_value() in Form_validation, have the function return a regex:
Code:
return preg_replace("/</", "&amp;lt;", $this->_field_data[$field]['postdata']);

Apparently, CI 1.7svn needs to double escape the "less-than"


CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-17-2008

[eluser]beemr[/eluser]
I have unilaterally decided to open a bug report on this without preconditions.

Bug 5562


CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-18-2008

[eluser]beemr[/eluser]
It has been fixed in SVN.


CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-20-2008

[eluser]beemr[/eluser]
Whoops, spoke too soon. loadXML() will still choke on less-thans. The new SVN Form_helper adds a form_prep() call to set_value(), so now the new down-and-dirty fix will be in form_prep() right before it returns $str:
Code:
$str = reg_replace("/&lt;/","&amp;lt;",$str);
the regex search string should be: "/"+ampersand+"lt;/"


CI 1.7svn less-than (<) is passing through set_value on Form_validation - El Forum - 10-20-2008

[eluser]beemr[/eluser]
If you don't want to extend Form_helper(), then you can simply prep your output before you load it into loadXML().
Code:
$str = preg_replace_callback('/(value=)([\'"])+([^\\2])\\2/', create_function('$matches','return $matches[1].$matches[2].htmlspecialchars($matches[3]).$matches[2];'), $this->output->get_output());
        $xml->loadXML($str);