From a5f63d1cc0d751160840f730976830df8e42eca3 Mon Sep 17 00:00:00 2001
From: FrancescoUK <francesco.lodolo.uk@gmail.com>
Date: Thu, 26 May 2016 18:41:59 +0100
Subject: [PATCH] Do proper XSS sanity check with excel files (#39)

---
 application/controllers/Customers.php | 7 +------
 application/controllers/Items.php     | 7 +------
 2 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php
index b9ea52dfc..9d0c6cfbc 100644
--- a/application/controllers/Customers.php
+++ b/application/controllers/Customers.php
@@ -171,12 +171,7 @@ class Customers extends Person_controller
 				while (($data = fgetcsv($handle)) !== FALSE) 
 				{
 					// XSS file data sanity check
-					if ($this->security->xss_clean($data) === FALSE)
-					{
-						echo json_encode( array('success'=>false, 'message'=>'Your uploaded file contains malicious data') );
-
-						return;
-					}
+					$data = $this->security->xss_clean($data);
 					
 					$person_data = array(
 						'first_name'=>$data[0],
diff --git a/application/controllers/Items.php b/application/controllers/Items.php
index af61af6c4..f841bca2e 100644
--- a/application/controllers/Items.php
+++ b/application/controllers/Items.php
@@ -578,12 +578,7 @@ class Items extends Secure_area implements iData_controller
                 while (($data = fgetcsv($handle)) !== FALSE)
                 {
 					// XSS file data sanity check
-					if ($this->security->xss_clean($data) === FALSE)
-					{
-						echo json_encode( array('success'=>false, 'message'=>'Your uploaded file contains malicious data') );
-
-						return;
-					}
+					$data = $this->security->xss_clean($data);
 					
 					if (sizeof($data) >= 23)
 					{