• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
XSS_Clean filters no php tags

#1
Hello @ll,

my Problems and Questions:

1. Problem

Input "<?php ?> <script>" in "recipients" field.
PHP Code:
//validate form input
$this->form_validation->set_rules('recipients''recipients''required|max_length[100]|xss_clean|callback_recipients_check');
...
...

//Callback function
public function recipients_check($recipients '')
    {
        
$foo $this->security->xss_clean($recipients);

        echo 
"<pre>";

        
print_r ($foo);

        echo 
"</pre>";
        exit;
    } 

The Return is "<?php ?> [removed]".

But why not filtering the PHP-Tags?
In User-Gguide Stands: xss_clean() does this automatically, if you use it.

A Question: Why not first Filtering and then Callback?
This is not the better Way?


Sry, for my English. I'm from Germany Big Grin

Thank you for yours Help.
Reply


Messages In This Thread
XSS_Clean filters no php tags - by Maeggi07 - 09-18-2015, 05:01 PM
RE: XSS_Clean filters no php tags - by PaulD - 09-19-2015, 12:06 PM
RE: XSS_Clean filters no php tags - by Maeggi07 - 09-22-2015, 02:56 PM
RE: XSS_Clean filters no php tags - by mwhitney - 09-23-2015, 08:29 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.