Foxy Forum Status

We're no longer responding to questions via our forum, but we will keep it up for historical reasons. If you can't find the answer you're looking for, please visit our knowledge base or contact us. If there's enough interest in the future, we may bring the forum back.

cURL Issue in CodeIgniter

cwillenbrockcwillenbrock Member
in Help edited March 2013
So first, let me admit that the problem is definitely somewhere in the codeigniter framework, or how I'm processing the cURL post from the test feed.

Here's the problem. I have the sample feed php file sitting in the root directory and have is posting to a controller via cURL. I've tested the functionality out of the framework and it works fine, but for some reason when I post into the CI controller, something breaks.

The first bit of the pure urlencoded() cURL post is
%15F%0A%05%1EW%E4%ED%F8%97h%B7%C7%C4%E0%0A%27U-%D0d%E1%EE%E7%F7%D1%2F%BF%24%E0%C8yD%C2%C7p% [<<MORE>>}

Again, this is the byproduct of the test_xml_datafeed.0.7.php with my site's key.

However, when I check the post data from within my controller (before decoding or decrypting) this is what I get:
F%0A%1EW%E4%ED%F8%97h%B7%C7%C4%E0%0A%27U-%D0d%E1%EE%E7%F7%D1%2F%BF%24%E0%C8yD%C2%C7p% [<<MORE>>]

Also, global XSS filtering is off.
$config['global_xss_filtering'] = FALSE;

Any ideas on what could be causing the alteration?

Since it'll work out of the framework, I can build something to process the feed, but it would make life easier if I could get this to work within the framework.

Any assistance would be greatly appreciated
Comments
  • Okay, since I literally just spent the last 5 hrs trying to fix this problem, in the off chance someone else has this issue, here's the solution:

    The issue has to do with the input filtering as part of the core functionality in CI. Essentially it's stripping all the invisible characters, which is corrupting the feed.

    The fix (in this instance) is to go to line 694 of system > core > Input.php and change it to the following:
    $str = remove_invisible_characters($str, FALSE);
    

    I've asked the EllisLabs team if they know of a better fix, but this will work if they don't have a better solution.
  • fc_adamfc_adam FoxyCart Team
    @cwillenbrock,

    Thanks for posting your findings! Definitely let us know if you hear anything more from the EllisLabs team.
  • EllisLabs describes this a a security feature and doesn't currently see it as a bug. So anyone using CodeIgniter or ExpressionEngine (which is built in CodeIgniter) will likely have to make this adjustment to the core if they're utilizing the XML datafeed.
Sign In or Register to comment.