CodeIgniter Forums
XSS Filter Stripping "1" Off of the Ends - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: XSS Filter Stripping "1" Off of the Ends (/showthread.php?tid=12191)



XSS Filter Stripping "1" Off of the Ends - El Forum - 10-09-2008

[eluser]Glowball[/eluser]
I'm not sure I understand this behavior. I'm using XSS filtering on a field that contains an account number entered by a user. I have no prior knowledge about this number -- it could even contain letters. I'm doing this before entering $account into the database:

$account = trim($this->input->post('account'), TRUE);

This works fine unless I try to enter something starting or ending with a "1". For example:

5678 gets 5678 (that's normal)
123456 gets 23456
861 gets 86
45111 gets 45
1112 gets 2
1111 gets an empty field

It's stripping out all "1" characters at the beginning and ending of the string. Is this a bug? Is there something I'm missing? Thanks!


XSS Filter Stripping "1" Off of the Ends - El Forum - 10-09-2008

[eluser]elvix[/eluser]
it's not the XSS filtering, it's your trim function. The second argument of trim() is the character(s) you want to remove from the beginning/end of the string.

in your case, you asked it to remove TRUE, which it is interpreting as 1.

remove the true from your trim function and the problem should go away (fingers crossed). Smile


XSS Filter Stripping "1" Off of the Ends - El Forum - 10-09-2008

[eluser]Glowball[/eluser]
Oh for crying out loud -- good eye! I put the "TRUE" in the wrong place and didn't even notice. I've been trying to figure out what is wrong with this for about an hour now. It's always nice when a typo actually works instead of throwing an error.

I'm embarrassed but grateful -- thanks for your help!