XSS Filter Stripping "1" Off of the Ends - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: XSS Filter Stripping "1" Off of the Ends (/showthread.php?tid=12191) |
XSS Filter Stripping "1" Off of the Ends - El Forum - 10-09-2008 [eluser]Glowball[/eluser] I'm not sure I understand this behavior. I'm using XSS filtering on a field that contains an account number entered by a user. I have no prior knowledge about this number -- it could even contain letters. I'm doing this before entering $account into the database: $account = trim($this->input->post('account'), TRUE); This works fine unless I try to enter something starting or ending with a "1". For example: 5678 gets 5678 (that's normal) 123456 gets 23456 861 gets 86 45111 gets 45 1112 gets 2 1111 gets an empty field It's stripping out all "1" characters at the beginning and ending of the string. Is this a bug? Is there something I'm missing? Thanks! XSS Filter Stripping "1" Off of the Ends - El Forum - 10-09-2008 [eluser]elvix[/eluser] it's not the XSS filtering, it's your trim function. The second argument of trim() is the character(s) you want to remove from the beginning/end of the string. in your case, you asked it to remove TRUE, which it is interpreting as 1. remove the true from your trim function and the problem should go away (fingers crossed). XSS Filter Stripping "1" Off of the Ends - El Forum - 10-09-2008 [eluser]Glowball[/eluser] Oh for crying out loud -- good eye! I put the "TRUE" in the wrong place and didn't even notice. I've been trying to figure out what is wrong with this for about an hour now. It's always nice when a typo actually works instead of throwing an error. I'm embarrassed but grateful -- thanks for your help! |