Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help XSS_Clean filters no php tags
XSS_Clean filters no php tags
  • Offline Maeggi07
    Newbie
  • *
  • Posts: 6
    Threads: 4
    Joined: Sep 2015
    Reputation: 0
#1
09-18-2015, 05:01 PM

Hello @ll,

my Problems and Questions:

1. Problem

Input "<?php ?> <script>" in "recipients" field.
PHP Code:
//validate form input
$this->form_validation->set_rules('recipients''recipients''required|max_length[100]|xss_clean|callback_recipients_check');
...
...

//Callback function
public function recipients_check($recipients '')
    {
        $foo $this->security->xss_clean($recipients);

        echo "<pre>";

        print_r ($foo);

        echo "</pre>";
        exit;
    } 

The Return is "<?php ?> [removed]".

But why not filtering the PHP-Tags?
In User-Gguide Stands: xss_clean() does this automatically, if you use it.

A Question: Why not first Filtering and then Callback?
This is not the better Way?


Sry, for my English. I'm from Germany Big Grin

Thank you for yours Help.
Reply


Messages In This Thread
XSS_Clean filters no php tags - by Maeggi07 - 09-18-2015, 05:01 PM
RE: XSS_Clean filters no php tags - by PaulD - 09-19-2015, 12:06 PM
RE: XSS_Clean filters no php tags - by Maeggi07 - 09-22-2015, 02:56 PM
RE: XSS_Clean filters no php tags - by mwhitney - 09-23-2015, 08:29 AM



Theme © iAndrew 2016 - Forum software by © MyBB