EllisLab text mark
Advanced Search
     
xss error on script tag
Posted: 31 July 2007 10:46 AM
Joined: 2007-06-26
22 posts

I globally enabled xss filtering in my config

$config['global_xss_filtering'TRUE

and submitted a form field with the following content:

alert('Test')

The following error occured:

Fatal error: Call to undefined function get_instance() in ***snip***\system\libraries\Input.php on line 855

I looked it up in the code and found the following lines, that produce the error:

$CI =& get_instance();
$charset $CI->config->item('charset'); 

I was able to workaround by using

$CFG =& load_class('Config');
$this->charset $CFG->item('charset'); 

As I don’t know, why get_instance doesn’t work (I found it in some other places, where it seems to work), I can’t fix it in another way.

Is this a bug worth bug-tracking?

 
Posted: 31 July 2007 04:57 PM   [ # 1 ]   [ Rating: 0 ]
Avatar
Joined: 2002-06-03
6512 posts

Already is. wink  And is resolved in the svn.

 Signature 
 
Posted: 01 August 2007 06:15 AM   [ # 2 ]   [ Rating: 0 ]
Joined: 2007-06-26
22 posts

Thanks for the info. Didn’t find it in the bug tracker confused

Any info on when the next version will be released?

 
Posted: 01 August 2007 10:39 AM   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2002-06-03
6512 posts

No, I’m sorry I do not have a date; you may checkout the new Input.php file from the svn.  As for not finding it in the bug tracker, if you didn’t use the drop-downs, it was only searching titles for an exact phrase match.  I’ll modify the form so that by default it searches for “all words” in titles, entries, and comments.

 Signature