Reputation: 415
CodeIgniter: Use get_post with XSS filtering on entire $_POST array
Is there an easier way than
foreach($_POST as $x=>$y){
$arr[$x] = $this->input->get_post($y, TRUE);
}
to just have the entire $_POST array cleaned with CI's XSS filter. Looking at the input library it seems though get_post() only accepts an individual variable rather than being able to clean the entire array and then return the array back.
Upvotes: 0
Views: 4299
Answers (3)
Reputation: 21
$this->input->post(NULL, TRUE);
returns all POST items with XSS filter
$this->input->post();
returns all POST items without XSS filter
Upvotes: 2
Reputation: 341
The chosen answer for this is correct in a sense but the information is provided is not a suitable answer to the real problem which is XSS filtering in CI.
To further the comment by bobince some good reading at:
http://ponderwell.net/2010/08/codeigniter-xss-protection-is-good-but-not-enough-by-itself/
Either htmlspecialchars / htmlentities / urlencode on all output or go home. CI's XSS filter uses a dated and broken blacklist technique that fails a lot of XSS attacks.
Encode and validate. Always.
Upvotes: 2
Reputation: 1728
Not sure if you want it globally, but if you do... from ze manual:
If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your application/config/config.php file and setting this:
$config['global_xss_filtering'] = TRUE;
Upvotes: 7
Related Questions
- CodeIgniter 2.2.1 XSS filter removes tab character from post variable
- XSS filtering on CodeIgniter form
- Codeigniter XSS filter removing inline style on post Ajax data
- Codeigniter - Disable XSS filtering on a post basis
- Codeigniter global_xss_filtering
- Disabling codeigniter xss filtering or running over it
- XSS Filtering in codeigniter
- How to XSS filtering variable?
- XSS Filtering won't disable on post codeigniter
- CodeIgniter input filtering