Welcome Guest, Not a member yet? Register   Sign In
CI 1.7svn less-than (<) is passing through set_value on Form_validation

Somewhere inbetween updates of the 1.7svn, the set_value function went from escaping less than (<) to letting it pass through intact.

This is messing up validation for loadXML().

Anyone else noticed this?


Still not exactly sure what was changed between SVN's, but I needed a down-and-dirty fix so:

In set_value() in Form_validation, have the function return a regex:
return preg_replace("/</", "&amp;lt;", $this->_field_data[$field]['postdata']);

Apparently, CI 1.7svn needs to double escape the "less-than"

I have unilaterally decided to open a bug report on this without preconditions.

Bug 5562

It has been fixed in SVN.

Whoops, spoke too soon. loadXML() will still choke on less-thans. The new SVN Form_helper adds a form_prep() call to set_value(), so now the new down-and-dirty fix will be in form_prep() right before it returns $str:
$str = reg_replace("/&lt;/","&amp;lt;",$str);
the regex search string should be: "/"+ampersand+"lt;/"

If you don't want to extend Form_helper(), then you can simply prep your output before you load it into loadXML().
$str = preg_replace_callback('/(value=)([\'"])+([^\\2])\\2/', create_function('$matches','return $matches[1].$matches[2].htmlspecialchars($matches[3]).$matches[2];'), $this->output->get_output());

Theme © iAndrew 2016 - Forum software by © MyBB