xss error on script tag - Printable Version

xss error on script tag - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: xss error on script tag (/showthread.php?tid=2348)

xss error on script tag - El Forum - 07-31-2007

[eluser]MaDe[/eluser]
I globally enabled xss filtering in my config

Code:
$config['global_xss_filtering'] = TRUE;

and submitted a form field with the following content:

Code:
alert('Test');

The following error occured:

Quote:Fatal error: Call to undefined function get_instance() in ***snip***\system\libraries\Input.php on line 855

I looked it up in the code and found the following lines, that produce the error:

Code:
$CI =& get_instance();

$charset = $CI->config->item('charset');

I was able to workaround by using

Code:
$CFG =& load_class('Config');

$this->charset = $CFG->item('charset');

As I don't know, why get_instance doesn't work (I found it in some other places, where it seems to work), I can't fix it in another way.

Is this a bug worth bug-tracking?

xss error on script tag - El Forum - 07-31-2007

[eluser]Derek Jones[/eluser]
Already is. Wink

And is resolved in the svn.

xss error on script tag - El Forum - 08-01-2007

[eluser]MaDe[/eluser]
Thanks for the info. Didn't find it in the bug tracker :-S

Any info on when the next version will be released?

xss error on script tag - El Forum - 08-01-2007

[eluser]Derek Jones[/eluser]
No, I'm sorry I do not have a date; you may checkout the new Input.php file from the svn. As for not finding it in the bug tracker, if you didn't use the drop-downs, it was only searching titles for an exact phrase match. I'll modify the form so that by default it searches for "all words" in titles, entries, and comments.