I am using CodeIgniter.
I set $config['global_xss_filtering'] = FALSE in a config file.
Then I find this code in system/core/Input.php:
$this->_enable_xss= (config_item('global_xss_filtering') === TRUE);
What actually this code it doing? It doesn't look like a ternary statement. It seems to me is
$this->_enable_xss= (FALSE === TRUE);
In this case $this->_enable_xss returns FALSE?
This expands out to:
// If global_xss_filtering is a boolean TRUE (by strict comparison)
if (config_item('global_xss_filtering') === TRUE) {
// Set _enable_xss to TRUE
$this->_enable_xss = TRUE;
}
// Otherwise set it FALSE
else $this->_enable_xss = FALSE;
The part in () (config_item('global_xss_filtering') === TRUE) is a boolean comparison which will return TRUE or FALSE. That value is stored in $this->_enable_xss.
So in your case, you are correct that you're evaluating
$this->_enable_xss= (FALSE === TRUE);
... which sets $this->_enable_xss to FALSE.
each comparison operator returns a boolean. Yours checks if you got true left and right. So, yes, var_dump(true === false);//bool(false)
is there more code around the statement? I would say your assessment is valid. Looking at this forum http://codeigniter.com/forums/viewthread/160281/#771216 it looks like it's just setting the _enable_xss based on the config value so you can control the setting. Why they need to do a comparison is beyond me, seems unnecessary.