Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming XML RPC > html in response > htmlspecialchars + javascript stripping
XML RPC > html in response > htmlspecialchars + javascript stripping
  • El Forum
    Guest
  •  
#2
05-25-2008, 03:00 PM

[eluser]HdotNET[/eluser]
k... looked further.

the xmlrpc class is cleaning the output using the CI input->xss_clean() method.

it happens within the xmlrpc->decode()
(called by send_request within the xmlrpc_client controller)

commenting a couple of lines solves the the script tag removing problem.

why is the data being xss cleaned here?

Code:
function decode($array=FALSE)
    {
    
        $CI =& get_instance();

        if ($array !== FALSE && is_array($array))
        {
            while (list($key) = each($array))
            {
                if (is_array($array[$key]))
                {
                    $array[$key] = $this->decode($array[$key]);
                }
                else
                {
                    //HDOTNET
                    //$array[$key] = $CI->input->xss_clean($array[$key]);
                }
            }
            
            $result = $array;
        }
        else
        {
            $result = $this->xmlrpc_decoder($this->val);
            
            if (is_array($result))
            {
                $result = $this->decode($result);
            }
            else
            {
                //HDOTNET
                //$result = $CI->input->xss_clean($result);
            }
        }
        
        return $result;
    }


Messages In This Thread
XML RPC > html in response > htmlspecialchars + javascript stripping - by El Forum - 05-25-2008, 03:00 PM



Theme © iAndrew 2016 - Forum software by © MyBB