diff options
-rw-r--r-- | system/libraries/Xmlrpc.php | 9 | ||||
-rw-r--r-- | system/libraries/Xmlrpcs.php | 10 | ||||
-rw-r--r-- | user_guide/changelog.html | 1 | ||||
-rw-r--r-- | user_guide/libraries/xmlrpc.html | 2 |
4 files changed, 18 insertions, 4 deletions
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php index c46d52cdb..2e0df5c9b 100644 --- a/system/libraries/Xmlrpc.php +++ b/system/libraries/Xmlrpc.php @@ -63,6 +63,7 @@ class CI_Xmlrpc { var $result; var $response = array(); // Response from remote server + var $xss_clean = TRUE; //------------------------------------- // VALUES THAT MULTIPLE CLASSES NEED @@ -513,7 +514,7 @@ class XML_RPC_Response } else { - $array[$key] = $CI->security->xss_clean($array[$key]); + $array[$key] = ($this->xss_clean) ? $CI->security->xss_clean($array[$key]) : $array[$key]; } } @@ -529,7 +530,7 @@ class XML_RPC_Response } else { - $result = $CI->security->xss_clean($result); + $result = ($this->xss_clean) ? $CI->security->xss_clean($result) : $result; } } @@ -1129,7 +1130,7 @@ class XML_RPC_Message extends CI_Xmlrpc { // 'bits' is for the MetaWeblog API image bits // @todo - this needs to be made more general purpose - $array[$key] = ($key == 'bits') ? $array[$key] : $CI->security->xss_clean($array[$key]); + $array[$key] = ($key == 'bits' OR $this->xss_clean == FALSE) ? $array[$key] : $CI->security->xss_clean($array[$key]); } } @@ -1149,7 +1150,7 @@ class XML_RPC_Message extends CI_Xmlrpc } else { - $parameters[] = $CI->security->xss_clean($a_param); + $parameters[] = ($this->xss_clean) ? $CI->security->xss_clean($a_param) : $a_param; } } } diff --git a/system/libraries/Xmlrpcs.php b/system/libraries/Xmlrpcs.php index fe1c99bf5..c1fe649f9 100644 --- a/system/libraries/Xmlrpcs.php +++ b/system/libraries/Xmlrpcs.php @@ -81,6 +81,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc { $this->object = $config['object']; } + + if (isset($config['xss_clean'])) + { + $this->xss_clean = $config['xss_clean']; + } } //------------------------------------- @@ -247,6 +252,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc // Check to see if it is a system call $system_call = (strncmp($methName, 'system', 5) == 0) ? TRUE : FALSE; + if ($this->xss_clean == FALSE) + { + $m->xss_clean = FALSE; + } + //------------------------------------- // Valid Method //------------------------------------- diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 69d7d4b88..5d2ca2f39 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -89,6 +89,7 @@ Hg Tag: </p> <li>Added HTTP headers and Config information to the <a href="general/profiling.html">Profiler</a> output.</li> <li>Added Chrome and Flock to the list of detectable browsers by <kbd>browser()</kbd> in the <a href="libraries/user_agent.html">User Agent Class</a>.</li> <li>The <a href="libraries/unit_testing.html">Unit Test Class</a> now has an optional "notes" field available to it, and allows for discrete display of test result items using <kbd>$this->unit->set_test_items()</kbd>.</li> + <li>Added a <kbd>$xss_clean</kbd> class variable to the XMLRPC library, enabling control over the use of the Security library's <kbd>xss_clean()</kbd> method.</li> </ul> </li> <li>Database diff --git a/user_guide/libraries/xmlrpc.html b/user_guide/libraries/xmlrpc.html index 9f163ae58..6e929f1fb 100644 --- a/user_guide/libraries/xmlrpc.html +++ b/user_guide/libraries/xmlrpc.html @@ -200,6 +200,8 @@ server will load the <dfn>My_blog</dfn> class and call the <dfn>update_entry</df <p>The function names in the above example are arbitrary. You'll decide what they should be called on your server, or if you are using standardized APIs, like the Blogger or MetaWeblog API, you'll use their function names.</p> + +<p>There are two additional configuration keys you may make use of when initializing the server class: <var>debug</var> can be set to TRUE in order to enable debugging, and <var>xss_clean</var> may be set to FALSE to prevent sending data through the Security library's xss_clean function. <h2>Processing Server Requests</h2> |