Overriding Code Igniter 2.14's global_xss_filtering settting

Posted by user2353007 on Stack Overflow See other posts from Stack Overflow or by user2353007
Published on 2013-11-02T03:50:03Z Indexed on 2013/11/02 3:53 UTC
Read the original article Hit count: 222

Filed under:

I have created the following file at:

application/core/MY_Security.php

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

/*
 * Does not work with global xss
 */

class MY_Security extends CI_Security
{
    function xss_clean($str, $is_image = FALSE)
    {
        $CI =& get_instance();

        $CI->load->library('My_cleaner');
        return $CI->my_cleaner->clean_html($str);
    }
}

this works great for $this->input->post('post_var', TRUE);

and

$this->security->xss_clean($input);

It is working very well except when I go into application/config/config.php and change

$config['global_xss_filtering] = FALSE;

to

$config['global_xss_filtering] = TRUE;

in that case, I just get a white page on every controllers action/function.

Does anybody know what else I have to change to get global_xss_filtering = TRUE; to work when overriding the xss_clean function in system/core/Security.php through application/core/MY_Security.php?

I'm guessing it might be something with the loader but I'm not sure where to start. The next option is to just replace the function in the system/core/Security.php file which I am trying to avoid.

Thanks.

© Stack Overflow or respective owner

Related posts about codeigniter-2