Added a $xss_clean class variable to the XMLRPC library, enabling control over the use of the Security library's xss_clean() method.
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index c46d52c..2e0df5c 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -63,6 +63,7 @@
var $result;
var $response = array(); // Response from remote server
+ var $xss_clean = TRUE;
//-------------------------------------
// VALUES THAT MULTIPLE CLASSES NEED
@@ -513,7 +514,7 @@
}
else
{
- $array[$key] = $CI->security->xss_clean($array[$key]);
+ $array[$key] = ($this->xss_clean) ? $CI->security->xss_clean($array[$key]) : $array[$key];
}
}
@@ -529,7 +530,7 @@
}
else
{
- $result = $CI->security->xss_clean($result);
+ $result = ($this->xss_clean) ? $CI->security->xss_clean($result) : $result;
}
}
@@ -1129,7 +1130,7 @@
{
// 'bits' is for the MetaWeblog API image bits
// @todo - this needs to be made more general purpose
- $array[$key] = ($key == 'bits') ? $array[$key] : $CI->security->xss_clean($array[$key]);
+ $array[$key] = ($key == 'bits' OR $this->xss_clean == FALSE) ? $array[$key] : $CI->security->xss_clean($array[$key]);
}
}
@@ -1149,7 +1150,7 @@
}
else
{
- $parameters[] = $CI->security->xss_clean($a_param);
+ $parameters[] = ($this->xss_clean) ? $CI->security->xss_clean($a_param) : $a_param;
}
}
}
diff --git a/system/libraries/Xmlrpcs.php b/system/libraries/Xmlrpcs.php
index fe1c99b..c1fe649 100644
--- a/system/libraries/Xmlrpcs.php
+++ b/system/libraries/Xmlrpcs.php
@@ -81,6 +81,11 @@
{
$this->object = $config['object'];
}
+
+ if (isset($config['xss_clean']))
+ {
+ $this->xss_clean = $config['xss_clean'];
+ }
}
//-------------------------------------
@@ -247,6 +252,11 @@
// Check to see if it is a system call
$system_call = (strncmp($methName, 'system', 5) == 0) ? TRUE : FALSE;
+ if ($this->xss_clean == FALSE)
+ {
+ $m->xss_clean = FALSE;
+ }
+
//-------------------------------------
// Valid Method
//-------------------------------------