Last active
August 29, 2015 14:10
-
-
Save slick2/39f54a5310e29c5a8387 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* CodeIgniter version 2 | |
* Note: Put this on your application/core folder | |
*/ | |
class MY_Security extends CI_Security { | |
/** | |
* Method: __construct(); | |
* magic | |
*/ | |
function __construct() | |
{ | |
parent::__construct(); | |
} | |
function xss_clean($str, $is_image = FALSE) | |
{ | |
$bypass = FALSE; | |
/** | |
* By pass controllers set in /application/config/config.php | |
* config.php | |
* $config['xss_exclude_uris'] = array('controller/method') | |
*/ | |
$config = new CI_Config; | |
$uri = new CI_URI; | |
$uri->_fetch_uri_string(); | |
$uri->_explode_segments(); | |
$controllers_list = $config->item('xss_exclude_uris'); | |
// we need controller class and method only | |
if (!empty($controllers_list)) | |
{ | |
$segments = array(0 => NULL, 1 => NULL); | |
$segments = $uri->segment_array(); | |
if (!empty($segments)) | |
{ | |
if (!empty($segments[1])) | |
{ | |
$action = $segments[0] . '/' . $segments[1]; | |
} | |
else | |
{ | |
$action = $segments[0]; | |
} | |
if (in_array($action, $controllers_list)) | |
{ | |
$bypass = TRUE; | |
} | |
} | |
// we unset the variable | |
unset($config); | |
unset($uri); | |
} | |
if ($bypass) | |
{ | |
return $str; | |
} | |
else | |
{ | |
return parent::xss_clean($str, $is_image); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment