summaryrefslogtreecommitdiffstats
path: root/system/libraries
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries')
-rw-r--r--system/libraries/Xmlrpc.php9
-rw-r--r--system/libraries/Xmlrpcs.php10
2 files changed, 15 insertions, 4 deletions
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index c46d52cdb..2e0df5c9b 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -63,6 +63,7 @@ class CI_Xmlrpc {
var $result;
var $response = array(); // Response from remote server
+ var $xss_clean = TRUE;
//-------------------------------------
// VALUES THAT MULTIPLE CLASSES NEED
@@ -513,7 +514,7 @@ class XML_RPC_Response
}
else
{
- $array[$key] = $CI->security->xss_clean($array[$key]);
+ $array[$key] = ($this->xss_clean) ? $CI->security->xss_clean($array[$key]) : $array[$key];
}
}
@@ -529,7 +530,7 @@ class XML_RPC_Response
}
else
{
- $result = $CI->security->xss_clean($result);
+ $result = ($this->xss_clean) ? $CI->security->xss_clean($result) : $result;
}
}
@@ -1129,7 +1130,7 @@ class XML_RPC_Message extends CI_Xmlrpc
{
// 'bits' is for the MetaWeblog API image bits
// @todo - this needs to be made more general purpose
- $array[$key] = ($key == 'bits') ? $array[$key] : $CI->security->xss_clean($array[$key]);
+ $array[$key] = ($key == 'bits' OR $this->xss_clean == FALSE) ? $array[$key] : $CI->security->xss_clean($array[$key]);
}
}
@@ -1149,7 +1150,7 @@ class XML_RPC_Message extends CI_Xmlrpc
}
else
{
- $parameters[] = $CI->security->xss_clean($a_param);
+ $parameters[] = ($this->xss_clean) ? $CI->security->xss_clean($a_param) : $a_param;
}
}
}
diff --git a/system/libraries/Xmlrpcs.php b/system/libraries/Xmlrpcs.php
index fe1c99bf5..c1fe649f9 100644
--- a/system/libraries/Xmlrpcs.php
+++ b/system/libraries/Xmlrpcs.php
@@ -81,6 +81,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc
{
$this->object = $config['object'];
}
+
+ if (isset($config['xss_clean']))
+ {
+ $this->xss_clean = $config['xss_clean'];
+ }
}
//-------------------------------------
@@ -247,6 +252,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc
// Check to see if it is a system call
$system_call = (strncmp($methName, 'system', 5) == 0) ? TRUE : FALSE;
+ if ($this->xss_clean == FALSE)
+ {
+ $m->xss_clean = FALSE;
+ }
+
//-------------------------------------
// Valid Method
//-------------------------------------