Rewrite fix issue #33

system/core/Input.php

@@ -498,7 +498,7 @@ protected function _sanitize_globals()
 
 			foreach ($_COOKIE as $key => $val)
 			{
-				$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+				$_COOKIE[$this->_clean_input_keys($key, TRUE)] = $this->_clean_input_data($val, TRUE);
 			}
 		}
 
@@ -525,14 +525,14 @@ protected function _sanitize_globals()
 	* @param	string
 	* @return	string
 	*/
-	protected function _clean_input_data($str)
+	protected function _clean_input_data($str, $cookie = FALSE)
 	{
 		if (is_array($str))
 		{
 			$new_array = array();
 			foreach ($str as $key => $val)
 			{
-				$new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+				$new_array[$this->_clean_input_keys($key, $cookie)] = $this->_clean_input_data($val, $cookie);
 			}
 			return $new_array;
 		}
@@ -583,12 +583,20 @@ protected function _clean_input_data($str)
 	* @param	string
 	* @return	string
 	*/
-	protected function _clean_input_keys($str)
+	protected function _clean_input_keys($str, $cookie = FALSE)
 	{
 		if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str))
 		{
-			set_status_header(503);
-			exit('Disallowed Key Characters.');
+			// If $cookie true we will unset it
+			if ($cookie)
+			{
+				unset($_COOKIE[$str]);
+			}
+			else
+			{
+				set_status_header(503);
+				exit('Disallowed Key Characters.');
+			}
 		}
 
 		// Clean UTF-8 if supported

user_guide_src/source/changelog.rst

@@ -123,6 +123,7 @@ Bug fixes for 3.0
 -  Fixed a bug (#638) - db_set_charset() ignored its arguments and always used the configured charset and collation instead.
 -  Fixed a bug (#413) - Oracle's _error_message() and _error_number() methods used to only return connection-related errors.
 -  Fixed a bug (#804) - Profiler library was trying to handle objects as strings in some cases, resulting in warnings being issued by htmlspecialchars().
+-  Fixed a bug (#33) - CodeIgniter attempts to validate data it didn't create and crashes.
 
 Version 2.1.1
 =============