CodeIgniter: Use get_post with XSS filtering on entire $_POST array
Question
Is there an easier way than
foreach($_POST as $x=>$y){
$arr[$x] = $this->input->get_post($y, TRUE);
}
to just have the entire $_POST array cleaned with CI's XSS filter. Looking at the input library it seems though get_post() only accepts an individual variable rather than being able to clean the entire array and then return the array back.
3 answers
solution1
7 ACCPTED 2010-01-28 14:44:46
Not sure if you want it globally, but if you do... from ze manual:
If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your application/config/config.php file and setting this:
$config['global_xss_filtering'] = TRUE;
solution2
2 2013-03-19 22:20:49
$this->input->post(NULL, TRUE);
returns all POST items with XSS filter
$this->input->post();
returns all POST items without XSS filter
solution3
2 2010-09-01 22:30:37
The chosen answer for this is correct in a sense but the information is provided is not a suitable answer to the real problem which is XSS filtering in CI.
To further the comment by bobince some good reading at:
http://ponderwell.net/2010/08/codeigniter-xss-protection-is-good-but-not-enough-by-itself/
Either htmlspecialchars / htmlentities / urlencode on all output or go home. CI's XSS filter uses a dated and broken blacklist technique that fails a lot of XSS attacks.
Encode and validate. Always.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.