2

I'm working with CI 2.1.4 and HMVC and i have this problem with security class and config files. I have 3 modules with custom config file and default config.php file in app/config folder.

application
   config
      config.php // Default security config 
          $config['global_xss_filtering'] = false;
          $config['csrf_protection'] = false;
          $config['csrf_token_name'] = 'xxx';
          $config['csrf_cookie_name'] = 'xxx';
          $config['csrf_expire'] = 7200;
   modules
      module_1
         config
            config.php // with this config
                $config['global_xss_filtering'] = true;
      module_2
         config
            config.php // with this config
                $config['global_xss_filtering'] = true;
                $config['csrf_protection'] = true;
                $config['csrf_token_name'] = 'yyy';
                $config['csrf_cookie_name'] = 'yyy';
                $config['csrf_expire'] = 7200;
      module_3
         config
            config.php // default config

but doesn't work, the config file is not overwritten by modules config setup

user2094178
  • 9,204
  • 10
  • 41
  • 70
AldoZumaran
  • 547
  • 5
  • 23

1 Answers1

0

hmm...maybe a bug in the HMVC extension, because the module config file should override the global config file...anyway, to save the day, you can always add the second parameter to TRUE inline when calling post, so that way you will be sure that the security filter was applied example : 

$some_data= $this->input->post('some_data', TRUE);
//the 2nd parameter (true) lets you run the data through the XSS filter.

source : https://ellislab.com/codeigniter/user-guide/libraries/input.html

Nassim
  • 2,879
  • 2
  • 37
  • 39