[eluser]Ngulo[/eluser]
Hi i’m setting up my application to be ok with mongo db, mongo allows only utf-8; chars to be stored, so i changed the code of function xss_clean() to my core/security.php lib as shown:
Code:
public function xss_clean($str, $is_image = FALSE)
{
/*
* Is the string an array?
*
*/
if (is_array($str))
{
while (list($key) = each($str))
{
$str[$key] = $this->xss_clean($str[$key]);
}
return $str;
}
/*Remove non utf-8; chars*/
$str = htmlspecialchars(urlencode(preg_replace(’/[\x00-\x1F\x80-\xFF]/’,’‘,$str)));
so now all non-utf-8; should be escaped, BUT when posting somenthing like “hey hey %(here without space)80 it returns error cause of not utf-8; char '%(here without space)80', so i putted also an urlencode() which encodes strings like '&(here without space)80' , so should be ok having a fixed urlencode() in the security.php core lib, for all the application to avoid these errors?
or to better say .... will this line cause some problems somewhere or sometimes in my app? :
Code:
/*Remove non utf-8; chars*/
$str = htmlspecialchars(urlencode(preg_replace(’/[\x00-\x1F\x80-\xFF]/’,’‘,$str)));
and why using urlencode() chars like '%(here without space)80' works in utf-8; and doesn't works without using urlencode() ?
