CodeIgniter Forums
validation class esaping bug - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: validation class esaping bug (/thread-1740.html)



validation class esaping bug - El Forum - 06-23-2007

[eluser]johnman[/eluser]
line 663 in validation.php
Code:
return str_replace(array("'", '"', '<', '>'), array("'", "&quot;", '&lt;', '&gt;'), stripslashes($str));

There shouldn't be a stripslashes there right?


validation class esaping bug - El Forum - 09-27-2008

[eluser]onejaguar[/eluser]
Yes why is strip slashes there? If magic quotes is off (as it should be) then stripslashes can create undesireable results.

E.g. if I am writing a message board where user can type code examples, if someone types \" or \' or \\ it shouldn't come back as " or ' or \ if there is an error in the form. This is especially problematic in CI 1.7.0 where strip slashes is applied to $_POST so you don't have access to the original unmodified values that were submitted unless you save them before doing a $this->form_validation->run().