• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What is CodeIgniter doing to my POST data!?

#1
[eluser]Emkay[/eluser]
I am trying to use the tinymce editor http://tinymce.moxiecode.com/ with my private messaging system. The problem is that when formatting is applied, the message is not saved properly into the database.

For example <span color=""></span> tags are distorted and the color attribute is entirely omitted. It is similar with lots of other tags. Why is it going this? Does it have have something to do with automatic filtering when I use $this->input->post?

I tested the same form outside of the codeigniter enviroment and it doesn't have this problem. All tags are intact and the wysiwyg form works flawlessly.

As you can see I'm a but of a noob with input security, can anyone advise me on how to fix this problem and also make the form still as secure as possible?

#2
[eluser]osci[/eluser]
This has been posted on about two or three topics. no clear answer as to what should be done except from modifying a core file. do a search about wysiwyg or fckeditor (same problem) and 2.0.2

#3
[eluser]cuestar[/eluser]
I have encountered this and I figured it's about XSS security.

In config.php, find
Code:
$config['global_xss_filtering'] = TRUE;
change its value to FALSE.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.