Problem with escape_str - Printable Version

Problem with escape_str - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Problem with escape_str (/showthread.php?tid=2079)

Problem with escape_str - El Forum - 07-15-2007

[eluser]Giacomo[/eluser]
In the new CI version I noticed a modify to "escape_str" in mysql driver. The problem right now that this modify is not compatible to back, cause the strings are escaped twice (the first time from "magic_quotes_gpc" directive and second time from "escape_str" function).

I thought about this modify for "post", "get" and "cookie" function of "Input" library:

Code:
function post($index = '', $xss_clean = FALSE)

    {

        if ( ! isset($_POST[$index]))

        {

            return FALSE;

        }

        if ($xss_clean === TRUE)

        {

            if (is_array($_POST[$index]))

            {

                foreach($_POST[$index] as $key => $val)

                {                    

                    $_POST[$index][$key] = $this->xss_clean($val);

                }

            }

            else

            {

                return $this->xss_clean($_POST[$index]);

            }

        }

        //MODIFY

        if (get_magic_quotes_gpc())

            return stripslashes($_POST[$index]);

        else

            return $_POST[$index];

    }

What do you think?

Problem with escape_str - El Forum - 07-15-2007

[eluser]Glen Swinfield[/eluser]
Check the change log - http://ellislab.com/codeigniter/user-guide/changelog.html now, if magic quotes is on all data is stripslashed. In effect resetting the effect of magic_quotes anyway.

This is something I used to do with a pre_system hook - just return all post, get and cookie vars with stripslashes - though apparently it's not neccessary now.

Problem with escape_str - El Forum - 07-15-2007

[eluser]Giacomo[/eluser]
[quote author="Codepat" date="1184519042"]Check the change log - http://ellislab.com/codeigniter/user-guide/changelog.html now, if magic quotes is on all data is stripslashed. In effect resetting the effect of magic_quotes anyway.

This is something I used to do with a pre_system hook - just return all post, get and cookie vars with stripslashes - though apparently it's not neccessary now.[/quote]
Thanks, evidently I didn't update well my CI system...=)