[eluser]Patrick Johanneson[/eluser]
Edit Oops, xss_clean works fine when I pass it the strings one by one, instead of an array all at once.
However, if I enter <javascript>* in the text box, I get this error when I've got $config['global_xss_filtering'] set to TRUE:
Quote:Fatal error: Call to undefined function get_instance() in /Path/to/CI/system/libraries/Input.php on line 855
* Or, in fact, <[anything]>. <y> will do it, in fact. However, < on its own, or < >, will not.
___________________________
Hi,
When I upgraded from 1.5.3 to 1.5.4, I ran into a problem with the xss_clean stuff.
If I run the following code sample:
Code:
<?php
class Testing extends Controller{
function index(){
}
function foo(){
if(!$_POST){
echo("
<form action="/MBAir/testing/foo" method="POST">
Text: <textarea name="Text">Text goes here</textarea><br>
<input type="submit">
</form>
");
exit;
}
$this->load->helper('security');
$this->_dump($_POST);
$post = xss_clean($_POST);
$this->_dump($post);
}
function _dump($x){
echo("<pre>n");
print_r($x);
echo("</pre>n");
}
}
?>
I get the following errors:
Quote:A PHP Error was encountered
Severity: Warning
Message: stripos() expects parameter 1 to be string, array given
Filename: libraries/Input.php
Line Number: 690
A PHP Error was encountered
Severity: Warning
Message: stripos() expects parameter 1 to be string, array given
Filename: libraries/Input.php
Line Number: 696
A PHP Error was encountered
Severity: Warning
Message: stripos() expects parameter 1 to be string, array given
Filename: libraries/Input.php
Line Number: 702
I discovered this because one of my scripts has a set of three FCKEditor boxes in it. If I set $config['global_xss_filtering'] to TRUE in the config.php file, and then submit text in any or all of the FCKEditor boxes, I get the following error:
Quote:Fatal error: Call to undefined function get_instance() in /Path/to/CI/system/libraries/Input.php on line 855
Edit This happens with a clean install of CI 1.5.4 as well.
Any suggestions?
