[eluser]Leftfield[/eluser]
[quote author="InsiteFX" date="1285052623"]
Code:
// this is WRONG!
$CI = &get;_instance();
// should be:
$CI =& get_instance();
InsiteFX[/quote]
its mistake only after posting here in WYSYWYG ! Real Code
Code:
function comments_insert() {
$CI = &get;_instance();
$title = $CI->config->item('site_title');
$data['title'] = $title;
$data['date'] = date('Y:m:d');
$data['pages'] = $this->Content->get_pages();
$data['links'] = $this->Content->get_links();
$data['copyright'] = $CI->config->item('copyright');
$page_author = $_POST['author'];
$page_text = $_POST['text'];
if ($page_author && $page_text !== '' && $this->alcaptcha->check($this->input->post('captchacode')) ) {
// $this->Content->comments_insert();
$data = array('entry_id' => 53,
'text'=>$page_text, 'author'=> strip_tags(trim($this->input->post('author'))) ,
'captchacode'=>$this->input->post('captchacode'), 'date'=> $data['date']
);
$this->db->insert('comments', $data);
}
redirect('blog/comments/' . $_POST['entry_id']);
}
Code:
'author'=> strip_tags(trim($this->input->post('author')))
make :
Quote:< a href="/">XSS
Ie cut tags with only the right side and the left leaves