Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Kohana and Codeigniter both have encode_php_tags(). I understand XSS cleaning (for Javascript), but when and why would you use encode_php_tags()? What is the security threat?
A smart fellow on the #kohana forum suggested that it is there because Expression Engine uses eval() for templates. If someone were to embed PHP in a string it is possible it would be eval()’d and executed. Since Kohana does not use eval() for templates it is possible that it is just left over from Codeigniter days.