diff options
author | Robin Sowell <robin.sowell@ellislab.com> | 2010-03-18 14:44:55 +0100 |
---|---|---|
committer | Robin Sowell <robin.sowell@ellislab.com> | 2010-03-18 14:44:55 +0100 |
commit | 66a3fc0a7dc6ae84da4a1e852e4458fda7714567 (patch) | |
tree | b3af2e9f7e8f830b2f00029aae9c648c64f388d0 /system | |
parent | 4e8d66aeea7f03b75df5a387a54fce1889834ded (diff) |
Added a $xss_clean class variable to the XMLRPC library, enabling control over the use of the Security library's xss_clean() method.
Diffstat (limited to 'system')
-rw-r--r-- | system/libraries/Xmlrpc.php | 9 | ||||
-rw-r--r-- | system/libraries/Xmlrpcs.php | 10 |
2 files changed, 15 insertions, 4 deletions
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php index c46d52cdb..2e0df5c9b 100644 --- a/system/libraries/Xmlrpc.php +++ b/system/libraries/Xmlrpc.php @@ -63,6 +63,7 @@ class CI_Xmlrpc { var $result; var $response = array(); // Response from remote server + var $xss_clean = TRUE; //------------------------------------- // VALUES THAT MULTIPLE CLASSES NEED @@ -513,7 +514,7 @@ class XML_RPC_Response } else { - $array[$key] = $CI->security->xss_clean($array[$key]); + $array[$key] = ($this->xss_clean) ? $CI->security->xss_clean($array[$key]) : $array[$key]; } } @@ -529,7 +530,7 @@ class XML_RPC_Response } else { - $result = $CI->security->xss_clean($result); + $result = ($this->xss_clean) ? $CI->security->xss_clean($result) : $result; } } @@ -1129,7 +1130,7 @@ class XML_RPC_Message extends CI_Xmlrpc { // 'bits' is for the MetaWeblog API image bits // @todo - this needs to be made more general purpose - $array[$key] = ($key == 'bits') ? $array[$key] : $CI->security->xss_clean($array[$key]); + $array[$key] = ($key == 'bits' OR $this->xss_clean == FALSE) ? $array[$key] : $CI->security->xss_clean($array[$key]); } } @@ -1149,7 +1150,7 @@ class XML_RPC_Message extends CI_Xmlrpc } else { - $parameters[] = $CI->security->xss_clean($a_param); + $parameters[] = ($this->xss_clean) ? $CI->security->xss_clean($a_param) : $a_param; } } } diff --git a/system/libraries/Xmlrpcs.php b/system/libraries/Xmlrpcs.php index fe1c99bf5..c1fe649f9 100644 --- a/system/libraries/Xmlrpcs.php +++ b/system/libraries/Xmlrpcs.php @@ -81,6 +81,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc { $this->object = $config['object']; } + + if (isset($config['xss_clean'])) + { + $this->xss_clean = $config['xss_clean']; + } } //------------------------------------- @@ -247,6 +252,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc // Check to see if it is a system call $system_call = (strncmp($methName, 'system', 5) == 0) ? TRUE : FALSE; + if ($this->xss_clean == FALSE) + { + $m->xss_clean = FALSE; + } + //------------------------------------- // Valid Method //------------------------------------- |