CI 1.7svn less-than (<) is passing through set_value on Form_validation

[eluser]beemr[/eluser]
Somewhere inbetween updates of the 1.7svn, the set_value function went from escaping less than (<) to letting it pass through intact.

This is messing up validation for loadXML().

Anyone else noticed this?

Thanks.

[eluser]beemr[/eluser]
Still not exactly sure what was changed between SVN's, but I needed a down-and-dirty fix so:

In set_value() in Form_validation, have the function return a regex:

Code:

return preg_replace("/</", "&amp;lt;", $this->_field_data[$field]['postdata']);

Apparently, CI 1.7svn needs to double escape the "less-than"

[eluser]beemr[/eluser]
I have unilaterally decided to open a bug report on this without preconditions.

Bug 5562

[eluser]beemr[/eluser]
It has been fixed in SVN.

[eluser]beemr[/eluser]
Whoops, spoke too soon. loadXML() will still choke on less-thans. The new SVN Form_helper adds a form_prep() call to set_value(), so now the new down-and-dirty fix will be in form_prep() right before it returns $str:

Code:

$str = reg_replace("/</","<",$str);

the regex search string should be: "/"+ampersand+"lt;/"

[eluser]beemr[/eluser]
If you don't want to extend Form_helper(), then you can simply prep your output before you load it into loadXML().

Code:

$str = preg_replace_callback('/(value=)([\'"])+([^\\2])\\2/', create_function('$matches','return $matches[1].$matches[2].htmlspecialchars($matches[3]).$matches[2];'), $this->output->get_output());
        $xml->loadXML($str);