All geek questions in one place

CodeIgniter adds semicolons

How to stop CodeIgniter by adding semicolons ; to data sent via POST that contains ampersand and and ?

For example, it converts "a = 1 & b = 2 & c = 3" to "a = 1 & b; = 2 & c; = 3". From a look at the forums, it seems that this is XSS filtering, which I don't want to disable on the site only for 1 controller, so I tried the code below, but it still does this:

$this->config->set_item('global_xss_filtering',false);
+1
source share
3 answers

I do not use XSS filtering, as it still has an error. For example, you won’t be able to post a form that has YouTube embedded code when XSS filtering is enabled. I use only the filter for the field that I want it to be cleared.

If your form works with XSS filtering disabled, disable it. If you need to sanitize it against an XSS attack, perhaps consider another library, such as an HTML cleaner .

0
source

The problem is the security class.

The next line adds a semicolon if missing.

 $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', "\\1;\\2", $str);

The solution is to extend CI by creating your own My_Security class. Paste it into the main folder using the _validate_entities function.

Comment on the line above.

0
source

To disable cross-site scripting filtering, see codeigniter in this user guide page

Alternatively, if you want to leave a code fix breaking into the kernel, execute this solution

0
source

Source: https://habr.com/ru/post/1432785/

More articles:


All Articles