summaryrefslogtreecommitdiffstats
path: root/system/libraries/Xmlrpc.php
diff options
context:
space:
mode:
authorRobin Sowell <robin.sowell@ellislab.com>2010-03-18 14:44:55 +0100
committerRobin Sowell <robin.sowell@ellislab.com>2010-03-18 14:44:55 +0100
commit66a3fc0a7dc6ae84da4a1e852e4458fda7714567 (patch)
treeb3af2e9f7e8f830b2f00029aae9c648c64f388d0 /system/libraries/Xmlrpc.php
parent4e8d66aeea7f03b75df5a387a54fce1889834ded (diff)
Added a $xss_clean class variable to the XMLRPC library, enabling control over the use of the Security library's xss_clean() method.
Diffstat (limited to 'system/libraries/Xmlrpc.php')
-rw-r--r--system/libraries/Xmlrpc.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index c46d52cdb..2e0df5c9b 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -63,6 +63,7 @@ class CI_Xmlrpc {
var $result;
var $response = array(); // Response from remote server
+ var $xss_clean = TRUE;
//-------------------------------------
// VALUES THAT MULTIPLE CLASSES NEED
@@ -513,7 +514,7 @@ class XML_RPC_Response
}
else
{
- $array[$key] = $CI->security->xss_clean($array[$key]);
+ $array[$key] = ($this->xss_clean) ? $CI->security->xss_clean($array[$key]) : $array[$key];
}
}
@@ -529,7 +530,7 @@ class XML_RPC_Response
}
else
{
- $result = $CI->security->xss_clean($result);
+ $result = ($this->xss_clean) ? $CI->security->xss_clean($result) : $result;
}
}
@@ -1129,7 +1130,7 @@ class XML_RPC_Message extends CI_Xmlrpc
{
// 'bits' is for the MetaWeblog API image bits
// @todo - this needs to be made more general purpose
- $array[$key] = ($key == 'bits') ? $array[$key] : $CI->security->xss_clean($array[$key]);
+ $array[$key] = ($key == 'bits' OR $this->xss_clean == FALSE) ? $array[$key] : $CI->security->xss_clean($array[$key]);
}
}
@@ -1149,7 +1150,7 @@ class XML_RPC_Message extends CI_Xmlrpc
}
else
{
- $parameters[] = $CI->security->xss_clean($a_param);
+ $parameters[] = ($this->xss_clean) ? $CI->security->xss_clean($a_param) : $a_param;
}
}
}