From 5640a7158559f4521911444b50798a6a9536f38b Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Fri, 23 Apr 2010 11:22:40 -0500
Subject: ensured the security lib was loaded in a few calls to xss_clean() in
 other libraries.  Fixes #35

---
 system/libraries/Form_validation.php |  7 ++++++-
 system/libraries/Upload.php          |  7 ++++++-
 system/libraries/Xmlrpc.php          | 10 ++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index bb70f0f7f..73cb6b853 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1254,7 +1254,12 @@ class CI_Form_validation {
 	 */	
 	function xss_clean($str)
 	{
-		return $this->CI->input->xss_clean($str);
+		if ( ! is_object($this->CI->security))
+		{
+			$this->CI->load('security');
+		}
+		
+		return $this->CI->security->xss_clean($str);
 	}
 	
 	// --------------------------------------------------------------------
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 3227c3747..d7cf236f8 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -854,7 +854,12 @@ class CI_Upload {
 		}
 
 		$CI =& get_instance();
-
+		
+		if ( ! is_object($CI->security))
+		{
+			$CI->load('security');
+		}
+		
 		return $CI->security->xss_clean($data, TRUE);
 	}
 	
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index e2b149b73..ee65398ec 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -505,6 +505,11 @@ class XML_RPC_Response
 	{
 		$CI =& get_instance();
 
+		if ($this->xss_clean && ! is_object($CI->security))
+		{
+			$CI->load('security');
+		}
+
 		if ($array !== FALSE && is_array($array))
 		{
 			while (list($key) = each($array))
@@ -1119,6 +1124,11 @@ class XML_RPC_Message extends CI_Xmlrpc
 	{
 		$CI =& get_instance();	
 
+		if ($this->xss_clean && ! is_object($CI->security))
+		{
+			$CI->load('security');
+		}
+		
 		if ($array !== FALSE && is_array($array))
 		{
 			while (list($key) = each($array))
-- 
cgit v1.2.3-24-g4f1b