Strange stuff ;)

Mark van der Walle

Posted: 01 March 2007 02:37 AM

[ Ignore ]

Lab Assistant

Total Posts: 207

Joined 12-22-2006

Have you recently checked out SVN? Got to love the new input class function

They added a new function:

/** 
     * Fetch an item from the GET array
     *
     * @access  public
     * @param   string
     * @param   bool
     * @return  string
     */
    function post($index = '', $xss_clean = FALSE)
    {
        if ( ! isset($_GET[$index]))
        {
            return FALSE;
        }

        if ($xss_clean === TRUE)
        {
            if (is_array($_GET[$index]))
            {
                foreach($_GET[$index] as $key => $val)
                {
                    $_GET[$index][$key] = $this->xss_clean($val);
                }
            }
            else
            {
                return $this->xss_clean($_GET[$index]);
            }
        }

        return $_GET[$index];
    } 

In addition to the already existing function:

/**
     * Fetch an item from the POST array
     *
     * @access  public
     * @param   string
     * @param   bool
     * @return  string
     */
    function post($index = '', $xss_clean = FALSE)
    {
        if ( ! isset($_POST[$index]))
        {
            return FALSE;
        }

        if ($xss_clean === TRUE)
        {
            if (is_array($_POST[$index]))
            {
                foreach($_POST[$index] as $key => $val)
                {
                    $_POST[$index][$key] = $this->xss_clean($val);
                }
            }
            else
            {
                return $this->xss_clean($_POST[$index]);
            }
        }

        return $_POST[$index];
    } 

Ofcourse I know its a small ‘bug’ but me and my colleague had a good laugh about this one Still happy to see that they add get functionality.

Profile

Shadowhand

Posted: 01 March 2007 03:49 AM

[ Ignore ] [ # 1 ]

Research Assistant

Total Posts: 351

Joined 07-25-2006

I submitted some patches over the weekend, but they weren’t broken like this. Here’s my working version, 3 files required:

Input: system/libraries/Input.php
Router: system/libraries/Router.php
config: system/application/config/config.php

Be sure to take a look at the “enable_get_requests” option in config.php. What I implemented was allowing GET requests with CI segment-based URLs. This does not require you to set your controller/method calls to be based on GET, like “enable_query_strings” does. The two options should not be used together, because they are for entirely different purposes.

Changes to Input.php:
- added the get() function, to allow $this->input->get( ‘key’ ) (follows the same standard as POST)
- stripslashes() is run on all GET/POST data when gpc_magic_quotes is enabled

Changes to Router.php:
- GET data is stripped off of segments when “enable_get_requests” is turned on.
- rawurldecode() is run on segments, via _uri_filter() (prevents hiding an XSS attack by using urlencode() to avoid the “permitted_uri_chars”)

Changes to config.php:
- added “enable_get_requests” option and explination

If anyone can test this any give some feedback, it would be greatly appreciated. I’ve been doing some rough tests with it, and it doesn’t seem anything is wrong, but….

Signature

me and some random code, hosted by dh. and a blog too! ++ dead bugs

Profile

Mark van der Walle

Posted: 01 March 2007 11:00 AM

[ Ignore ] [ # 2 ]

Lab Assistant

Total Posts: 207

Joined 12-22-2006

Just noticed it was fixed Good going.

Profile

Derek Allard

Posted: 01 March 2007 11:03 AM

[ Ignore ] [ # 3 ]

Administrator

Total Posts: 6762

Joined 03-23-2006

Yeah, sorry about that. I haven’t gone through the code much. Please try to break it as much as you can.

Signature

DerekAllard.com - CodeIgniter, ExpressionEngine, and the World of Web Design
BambooInvoice - Open Source, CodeIgniter powered invoicing.

Profile

MSG

Shadowhand

Posted: 01 March 2007 01:00 PM

[ Ignore ] [ # 4 ]

Research Assistant

Total Posts: 351

Joined 07-25-2006

Hmm, I looks like “enable_get_requests” was still not implemented Derek. GET is only available if “enable_query_strings” is on, which is not useful at all, eg: index.php?c=welcome&m=testing/direct/input&foo=bar. It doesn’t allow: index.php/welcome/testing/direct/input?foo=bar, which was the whole point of my modifications…. although maybe that’s not what you are trying to implement.

Signature

me and some random code, hosted by dh. and a blog too! ++ dead bugs

Profile

Derek Allard

Posted: 01 March 2007 01:02 PM

[ Ignore ] [ # 5 ]

Administrator

Total Posts: 6762

Joined 03-23-2006

Its in the svn, and not complete yet.

please note that while every effort is made to keep this codebase functional, we cannot guarantee the functionality of code taken from the repository.

Signature

DerekAllard.com - CodeIgniter, ExpressionEngine, and the World of Web Design
BambooInvoice - Open Source, CodeIgniter powered invoicing.

Profile

MSG

‹‹ Default Controller Bug Typo: userguide 1.5.2 xmlrpc.html ››

Username		Remember Me?
Password		forgot password?

Post Marker Legend
	New posts	Hot Topic with new posts	New Poll	Moved Topic	Sticky topic
	No new posts	Hot Topic with no new posts	Old Poll	Closed Topic	Announcements

Visitor Statistics
The most visitors ever was 719, on June 06, 2008 10:16 AM
Total Registered Members:	66412	Total Logged-in Users:	30
Total Topics:	84752	Total Anonymous Users:	1
Total Replies:	454812	Total Guests:	204
Total Posts:	539564