Skip to content

Commit c2a26a1

Browse files
author
Phil Sturgeon
committed
Fixed UTF-8 characters in XML and loaded Security library so it doesn't fall over when cleaning XSS.
1 parent 44cd134 commit c2a26a1

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

application/libraries/REST_Controller.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ class REST_Controller extends CI_Controller {
1818
'xml' => 'application/xml',
1919
'rawxml' => 'application/xml',
2020
'json' => 'application/json',
21-
'jsonp' => 'application/json',
21+
'jsonp' => 'application/javascript',
2222
'serialize' => 'application/vnd.php.serialized',
2323
'php' => 'text/plain',
2424
'html' => 'text/html',
@@ -36,6 +36,7 @@ public function __construct()
3636
// Lets grab the config and get ready to party
3737
$this->load->config('rest');
3838

39+
$this->load->library('security');
3940
if ($this->config->item('rest_auth') == 'basic')
4041
{
4142
$this->_prepare_basic_auth();
@@ -681,7 +682,7 @@ private function _format_xml($data = array(), $structure = NULL, $basenode = 'xm
681682
is_bool($value) AND $value = (int) $value;
682683

683684
// add single node.
684-
$value = htmlentities($value, ENT_NOQUOTES, "UTF-8");
685+
$value = htmlspecialchars(html_entity_decode($value, ENT_QUOTES, 'UTF-8'), ENT_QUOTES, "UTF-8");
685686

686687
$UsedKeys[] = $key;
687688

@@ -735,7 +736,7 @@ private function _format_rawxml($data = array(), $structure = NULL, $basenode =
735736
is_bool($value) AND $value = (int) $value;
736737

737738
// add single node.
738-
$value = htmlentities($value, ENT_NOQUOTES, "UTF-8");
739+
$value = htmlspecialchars(html_entity_decode($value, ENT_QUOTES, 'UTF-8'), ENT_QUOTES, "UTF-8");
739740

740741
$UsedKeys[] = $key;
741742

0 commit comments

Comments
 (0)