![]() |
Do I need escaping url on each method? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: Do I need escaping url on each method? (/showthread.php?tid=71788) |
Do I need escaping url on each method? - wishmaster - 09-24-2018 Hi, guys. I have class page with methods like this: index() (uses list() method inside) add() (uses form() method inside) edit() (uses form() method inside) delete() (uses form() method inside) list() form() I have field filter_name for filtering pages in index() method with this script Code: $('#button-filter').on('click', function() { Then links are created with filter_name section: Code: private function list() { So, my question. Is this safe in security point of view? Or I must do something like this Code: if (isset($this->uris[$u1])) { But this gets me problem when click on add button and then return to the original list page. Thanks. RE: Do I need escaping url on each method? - jreklund - 09-24-2018 $this->uris aren't a standard array. Please post how you populate it. RE: Do I need escaping url on each method? - wishmaster - 09-24-2018 I use extended controller scheme. Code: class MY_Controller extends CI_Controller { I use the next uri scheme: Code: http://mysite.com/admin/page/index/filter_name/foo/per_page/5/baz/bar RE: Do I need escaping url on each method? - jreklund - 09-24-2018 What kind of data are you passing thru the url and how do you use $data['filter_name'] afterwards? Codeigniter will only accept characters inside $config['permitted_uri_chars'] in the url, but as you convert everything in the url. It won't look for any illegal characters as there aren't any. |