Overriding Code Igniter 2.14's global_xss_filtering settting
Posted
by
user2353007
on Stack Overflow
See other posts from Stack Overflow
or by user2353007
Published on 2013-11-02T03:50:03Z
Indexed on
2013/11/02
3:53 UTC
Read the original article
Hit count: 222
codeigniter-2
I have created the following file at:
application/core/MY_Security.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
* Does not work with global xss
*/
class MY_Security extends CI_Security
{
function xss_clean($str, $is_image = FALSE)
{
$CI =& get_instance();
$CI->load->library('My_cleaner');
return $CI->my_cleaner->clean_html($str);
}
}
this works great for $this->input->post('post_var', TRUE);
and
$this->security->xss_clean($input);
It is working very well except when I go into application/config/config.php and change
$config['global_xss_filtering] = FALSE;
to
$config['global_xss_filtering] = TRUE;
in that case, I just get a white page on every controllers action/function.
Does anybody know what else I have to change to get global_xss_filtering = TRUE; to work when overriding the xss_clean function in system/core/Security.php through application/core/MY_Security.php?
I'm guessing it might be something with the loader but I'm not sure where to start. The next option is to just replace the function in the system/core/Security.php file which I am trying to avoid.
Thanks.
© Stack Overflow or respective owner