// paths (relative to xcrud's folder) public static $themes_path = 'themes'; // php and ini files public static $lang_path = 'languages'; // ini files // external session public static $external_session = false; // use only when you use integration with externall session // loading events public static $before_construct = false; // callable param, runs before instance creation public static $after_render = false; // callable param, runs after instance was rendered // system public static $demo_mode = false; // disables any changing data in database public static $performance_mode = false; // experimental, disables {field_tags} features public static $autoclean_timeout = 3; // in seconds. Do not change, if not sure. Xcrud clears old instances in session when you reload browser tab or open new tab with xcrud. In this case Xcrud can't work in two tabs in the same time. You can increase timeout on your risk. // anti XSS public static $auto_xss_filtering = false; // enable all xcrud's POST and GET data filtering public static $xss_disalowed_attibutes = array('on\\w*', 'xmlns', 'formaction'); // Remove bad attributes such as style, onclick and xmlns public static $xss_naughty_html = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|input|isindex|layer|link|meta|object|plaintext|script|textarea|title|video|xml|xss'; // If a tag containing any of the words in the list below is found, the tag gets converted to entities. public static $xss_naughty_scripts = 'alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink'; } Xcrud_config::init();