Welcome Guest, Not a member yet? Register   Sign In
I think i found a new bug , but im not sure (involves escaping & validation->run)
#1

[eluser]johnman[/eluser]
I am currenly trying to get my form validation correct and somehow CI is throwing away some of the '\' if i use it in the input fields. Below is the debugging code i used to pinpoint the problem.

Code:
$this->validation->set_error_delimiters('<div class="error">', '</div>');

        if( count($_POST)){
            echo("Voor: ");
            echo($this->validation->name . " ");

        }

        if ($this->validation->run() == FALSE){ //validation failed, reload the view
            $data['query_groups'] = $this->db->get('user_groups');
            
        if(false || count($_POST)){
            echo("NA: ");
            echo($this->validation->name);
            exit;
        }

this gives the following output:
Code:
Voor: aaa\bbb NA: aaabbb

I checked everything until the validation->run and right at that point the '\' disappears.

Im not sure if this is already known since i know there are already some bugreports involving escaping.

(PS i know there shouldn't be any backslashes in a name anyway Smile )

I think i found it:

line 663 in validation.php
Code:
return str_replace(array("'", '"', '<', '>'), array("'", "&quot;", '&lt;', '&gt;'), stripslashes($str));

There shouldn't be a stripslashes there right?

EDIT
I also posted this in the bug topic just to be sure it is known .
#2

[eluser]Alex Florea[/eluser]
EDIT




Theme © iAndrew 2016 - Forum software by © MyBB