Do I need escaping url on each method? |
Hi, guys.
I have class page with methods like this: index() (uses list() method inside) add() (uses form() method inside) edit() (uses form() method inside) delete() (uses form() method inside) list() form() I have field filter_name for filtering pages in index() method with this script Code: $('#button-filter').on('click', function() { Then links are created with filter_name section: Code: private function list() { So, my question. Is this safe in security point of view? Or I must do something like this Code: if (isset($this->uris[$u1])) { But this gets me problem when click on add button and then return to the original list page. Thanks.
I use extended controller scheme.
Code: class MY_Controller extends CI_Controller { I use the next uri scheme: Code: http://mysite.com/admin/page/index/filter_name/foo/per_page/5/baz/bar
What kind of data are you passing thru the url and how do you use $data['filter_name'] afterwards?
Codeigniter will only accept characters inside $config['permitted_uri_chars'] in the url, but as you convert everything in the url. It won't look for any illegal characters as there aren't any. |
Welcome Guest, Not a member yet? Register Sign In |