2

I have configured the config.php with:

$config['global_xss_filtering'] = TRUE;

But I need to disable xss_clean for a specific post parameter. Is there anyway to add exception to this global setting. This will also reduce me space and time for providing $data = $this->security->xss_clean($data); in all methods except the one I dont need.

Saravanan
  • 1,879
  • 2
  • 27
  • 30
  • 2
    look at the thread http://stackoverflow.com/questions/3788476/codeigniter-disable-xss-filtering-on-a-post-basis – user3470953 Jul 10 '14 at 09:29

1 Answers1

6

please use

    $this->input->post('name',false);

second parameter accepts whether to perform xss_clean or not

Ashish
  • 332
  • 1
  • 8
  • It doesn't work, I tried `var_dump($this->input->post('name',FALSE))` and also `var_dump($_POST['name'])` even at the beginning of the controller, both printing the string after xss_clean. I am losing some data in this process. – Saravanan Jul 10 '14 at 08:51
  • @Saravanan any specific type of data ? like `html tags` or `special characters` ? – Karan Thakkar Jul 10 '14 at 10:04
  • Its an URL, `http://sub.example.com:8080/controller/method?text=TEXT%20SECOND&destination=1234567890` is what i enter in textarea. The post variable contains `http //sub.example.com:8080/controller/method?text=TEXT SECOND&destinati` at `var_dump($this->input->post('name',FALSE));` – Saravanan Jul 10 '14 at 11:55
  • for get parameter use $this->input->get('name',false); if still not works turn off global xss clean to off and manually perform xss clean operation where you require using the second argument set to true for xss_clean and false to get input as is... – Ashish Jul 10 '14 at 12:02