summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorRobin Sowell <robin.sowell@ellislab.com>2010-03-18 14:44:55 +0100
committerRobin Sowell <robin.sowell@ellislab.com>2010-03-18 14:44:55 +0100
commit66a3fc0a7dc6ae84da4a1e852e4458fda7714567 (patch)
treeb3af2e9f7e8f830b2f00029aae9c648c64f388d0 /system
parent4e8d66aeea7f03b75df5a387a54fce1889834ded (diff)
Added a $xss_clean class variable to the XMLRPC library, enabling control over the use of the Security library's xss_clean() method.
Diffstat (limited to 'system')
-rw-r--r--system/libraries/Xmlrpc.php9
-rw-r--r--system/libraries/Xmlrpcs.php10
2 files changed, 15 insertions, 4 deletions
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index c46d52cdb..2e0df5c9b 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -63,6 +63,7 @@ class CI_Xmlrpc {
var $result;
var $response = array(); // Response from remote server
+ var $xss_clean = TRUE;
//-------------------------------------
// VALUES THAT MULTIPLE CLASSES NEED
@@ -513,7 +514,7 @@ class XML_RPC_Response
}
else
{
- $array[$key] = $CI->security->xss_clean($array[$key]);
+ $array[$key] = ($this->xss_clean) ? $CI->security->xss_clean($array[$key]) : $array[$key];
}
}
@@ -529,7 +530,7 @@ class XML_RPC_Response
}
else
{
- $result = $CI->security->xss_clean($result);
+ $result = ($this->xss_clean) ? $CI->security->xss_clean($result) : $result;
}
}
@@ -1129,7 +1130,7 @@ class XML_RPC_Message extends CI_Xmlrpc
{
// 'bits' is for the MetaWeblog API image bits
// @todo - this needs to be made more general purpose
- $array[$key] = ($key == 'bits') ? $array[$key] : $CI->security->xss_clean($array[$key]);
+ $array[$key] = ($key == 'bits' OR $this->xss_clean == FALSE) ? $array[$key] : $CI->security->xss_clean($array[$key]);
}
}
@@ -1149,7 +1150,7 @@ class XML_RPC_Message extends CI_Xmlrpc
}
else
{
- $parameters[] = $CI->security->xss_clean($a_param);
+ $parameters[] = ($this->xss_clean) ? $CI->security->xss_clean($a_param) : $a_param;
}
}
}
diff --git a/system/libraries/Xmlrpcs.php b/system/libraries/Xmlrpcs.php
index fe1c99bf5..c1fe649f9 100644
--- a/system/libraries/Xmlrpcs.php
+++ b/system/libraries/Xmlrpcs.php
@@ -81,6 +81,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc
{
$this->object = $config['object'];
}
+
+ if (isset($config['xss_clean']))
+ {
+ $this->xss_clean = $config['xss_clean'];
+ }
}
//-------------------------------------
@@ -247,6 +252,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc
// Check to see if it is a system call
$system_call = (strncmp($methName, 'system', 5) == 0) ? TRUE : FALSE;
+ if ($this->xss_clean == FALSE)
+ {
+ $m->xss_clean = FALSE;
+ }
+
//-------------------------------------
// Valid Method
//-------------------------------------