Welcome Guest, Not a member yet? Register   Sign In
Problem with escape_str
#1

[eluser]Giacomo[/eluser]
In the new CI version I noticed a modify to "escape_str" in mysql driver. The problem right now that this modify is not compatible to back, cause the strings are escaped twice (the first time from "magic_quotes_gpc" directive and second time from "escape_str" function).

I thought about this modify for "post", "get" and "cookie" function of "Input" library:
Code:
function post($index = '', $xss_clean = FALSE)
    {
        if ( ! isset($_POST[$index]))
        {
            return FALSE;
        }

        if ($xss_clean === TRUE)
        {
            if (is_array($_POST[$index]))
            {
                foreach($_POST[$index] as $key => $val)
                {                    
                    $_POST[$index][$key] = $this->xss_clean($val);
                }
            }
            else
            {
                return $this->xss_clean($_POST[$index]);
            }
        }

        //MODIFY
        if (get_magic_quotes_gpc())
            return stripslashes($_POST[$index]);
        else
            return $_POST[$index];
    }
What do you think?


Messages In This Thread
Problem with escape_str - by El Forum - 07-15-2007, 04:13 AM
Problem with escape_str - by El Forum - 07-15-2007, 06:04 AM
Problem with escape_str - by El Forum - 07-15-2007, 07:50 AM



Theme © iAndrew 2016 - Forum software by © MyBB