From 66a3fc0a7dc6ae84da4a1e852e4458fda7714567 Mon Sep 17 00:00:00 2001 From: Robin Sowell Date: Thu, 18 Mar 2010 09:44:55 -0400 Subject: Added a $xss_clean class variable to the XMLRPC library, enabling control over the use of the Security library's xss_clean() method. --- system/libraries/Xmlrpc.php | 9 +++++---- system/libraries/Xmlrpcs.php | 10 ++++++++++ 2 files changed, 15 insertions(+), 4 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php index c46d52cdb..2e0df5c9b 100644 --- a/system/libraries/Xmlrpc.php +++ b/system/libraries/Xmlrpc.php @@ -63,6 +63,7 @@ class CI_Xmlrpc { var $result; var $response = array(); // Response from remote server + var $xss_clean = TRUE; //------------------------------------- // VALUES THAT MULTIPLE CLASSES NEED @@ -513,7 +514,7 @@ class XML_RPC_Response } else { - $array[$key] = $CI->security->xss_clean($array[$key]); + $array[$key] = ($this->xss_clean) ? $CI->security->xss_clean($array[$key]) : $array[$key]; } } @@ -529,7 +530,7 @@ class XML_RPC_Response } else { - $result = $CI->security->xss_clean($result); + $result = ($this->xss_clean) ? $CI->security->xss_clean($result) : $result; } } @@ -1129,7 +1130,7 @@ class XML_RPC_Message extends CI_Xmlrpc { // 'bits' is for the MetaWeblog API image bits // @todo - this needs to be made more general purpose - $array[$key] = ($key == 'bits') ? $array[$key] : $CI->security->xss_clean($array[$key]); + $array[$key] = ($key == 'bits' OR $this->xss_clean == FALSE) ? $array[$key] : $CI->security->xss_clean($array[$key]); } } @@ -1149,7 +1150,7 @@ class XML_RPC_Message extends CI_Xmlrpc } else { - $parameters[] = $CI->security->xss_clean($a_param); + $parameters[] = ($this->xss_clean) ? $CI->security->xss_clean($a_param) : $a_param; } } } diff --git a/system/libraries/Xmlrpcs.php b/system/libraries/Xmlrpcs.php index fe1c99bf5..c1fe649f9 100644 --- a/system/libraries/Xmlrpcs.php +++ b/system/libraries/Xmlrpcs.php @@ -81,6 +81,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc { $this->object = $config['object']; } + + if (isset($config['xss_clean'])) + { + $this->xss_clean = $config['xss_clean']; + } } //------------------------------------- @@ -247,6 +252,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc // Check to see if it is a system call $system_call = (strncmp($methName, 'system', 5) == 0) ? TRUE : FALSE; + if ($this->xss_clean == FALSE) + { + $m->xss_clean = FALSE; + } + //------------------------------------- // Valid Method //------------------------------------- -- cgit v1.2.3-24-g4f1b