problems with using explode("t", $string) from form_textarea

[eluser]xorzizten[/eluser]
Hi!
I have a little problem exploding a string from form_textarea on \t. It does not seem that it posts the \t at all??

My controller

Code:

public function add_inventory()
{
  if($this->input->post('submit_inv'))
  {
   $lines = explode("\n", $this->input->post('inv_list'));
   foreach($lines AS $line)
   {
    $items[] = explode("\t", $line);
   }
  }
  
  $this->load->view('template/header');
  $this->load->view('economysystem/add_inventory', array('lines' => $items));
  $this->load->view('template/footer');
}

My view;

Code:

<h1>Add New Inventory List</h1>

&lt;?php
if(validation_errors())
{
echo validation_errors();
}
echo form_open(current_url());
$data = array(
'name' => 'inv_list',
'id' => 'inv_list',
'rows' => '40',
'cols' => '80',
);
echo form_textarea($data).'<br />';
echo form_submit('submit_inv','Add Inventory');
echo form_close();
?&gt;

I'm using a copy/paste from a list which contains tabs. One line from this looks like;

Code:

2 ACA/AS Civilian Uniform Arctic Glasses (M) 1 51.00 PED CARRIED

the same line with indicators at where the tab is located.

Code:

2 [tab] ACA/AS Civilian Uniform Arctic Glasses (M) [tab] 1 [tab] 51.00 PED [tab] CARRIED

Run through my function it produces;

Code:

Array
(
    [0] => Array
        (
            [0] => 2 ACA/AS Civilian Uniform Arctic Glasses (M) 1 51.00 PED CARRIED
        )

)

Which is not what i want!

I made this code in an stand alone file outside CI;

Code:

<form acti method="post">
<textarea name="inv_list" id="inv_list" rows="40" cols="80"></textarea>
<input type="submit" name="submit_inv" value="Add Inventory" />
</form>
<?php
if(isset($_POST['submit_inv']))
{
$lines = explode("\n", $_POST['inv_list']);
foreach($lines AS $line)
{
  $items[] = explode("\t", $line);
}
echo '<pre>';
print_r($items);
echo '</pre>';
}
?&gt;

And this produces;

Code:

Array
(
    [0] => Array
        (
            [0] => 2
            [1] => ACA/AS Civilian Uniform Arctic Glasses (M)
            [2] => 1
            [3] => 51.00 PED
            [4] => CARRIED
        )

)

Which is what i'm looking for

Hope my problem makes any cense, and that someone may help me produce the desired result

Kind regards
Kjell-Arne

[eluser]Aken[/eluser]
Do you have global xss_clean enabled?

[eluser]xorzizten[/eluser]
[quote author="Aken" date="1362521140"]Do you have global xss_clean enabled?[/quote]

Yes i have, as my site take quite alot of user input.
I tried turning it off, and that fixed the problem.

Is there no other way to fix this, or do i really have to turn global xss filtering off, and att it to all my input fields troughout the site.. we'r talking hundreds here :p

Thanx for the comment.

[eluser]TheFuzzy0ne[/eluser]
I would suggest simply disabling xss_clean on-the-fly for that part of your app with:

Code:

$this->config->set_item('global_xss_filtering', FALSE);

Then, after you've explode()d your string, clean each value by making a call to $this->security->xss_clean()

Hope this helps.

[eluser]Aken[/eluser]
You can't change the config item for it on the fly, because of when global xss_clean is performed (after the config file is loaded, before the controller is loaded, and no hook in between).

My advice would be to add logic to your config file to determine the current URL, and to disable global XSS on that particular URL. Then you'd need to add xss_clean to your individual POST items.

Another option is change the way you're handling the input. Maybe do a file upload instead of a textarea. Just a thought.