Skip to content
This repository

Rewrite fix issue #33 #902

Closed
wants to merge 4 commits into from

4 participants

M. Vugteveen Amine Cherrai Cory Kennedy-Darby Andrey Andreev
M. Vugteveen

This is a rewrite of pull request (#794) from @MidnightHack
Related issue is #33

Amine Cherrai

thanks

Cory Kennedy-Darby

@narfbg Any idea why this pull was never taken?

Andrey Andreev
Collaborator

fd0aabb

Thanks @IT-Can for the initial solution.

Andrey Andreev narfbg closed this September 23, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 4 unique commits by 1 author.

Jan 09, 2012
M. Vugteveen rewrite fix issue #33 1b246c1
Jan 10, 2012
M. Vugteveen styling fixes 7fc6f74
Mar 02, 2012
M. Vugteveen Merge branch 'develop' of git://github.com/EllisLab/CodeIgniter into …
…develop-fixes-33

Conflicts:
	system/core/Input.php
206a4a3
M. Vugteveen updated branch + changelog e6e4074
This page is out of date. Refresh to see the latest.
20  system/core/Input.php
@@ -498,7 +498,7 @@ protected function _sanitize_globals()
498 498
 
499 499
 			foreach ($_COOKIE as $key => $val)
500 500
 			{
501  
-				$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
  501
+				$_COOKIE[$this->_clean_input_keys($key, TRUE)] = $this->_clean_input_data($val, TRUE);
502 502
 			}
503 503
 		}
504 504
 
@@ -525,14 +525,14 @@ protected function _sanitize_globals()
525 525
 	* @param	string
526 526
 	* @return	string
527 527
 	*/
528  
-	protected function _clean_input_data($str)
  528
+	protected function _clean_input_data($str, $cookie = FALSE)
529 529
 	{
530 530
 		if (is_array($str))
531 531
 		{
532 532
 			$new_array = array();
533 533
 			foreach ($str as $key => $val)
534 534
 			{
535  
-				$new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
  535
+				$new_array[$this->_clean_input_keys($key, $cookie)] = $this->_clean_input_data($val, $cookie);
536 536
 			}
537 537
 			return $new_array;
538 538
 		}
@@ -583,12 +583,20 @@ protected function _clean_input_data($str)
583 583
 	* @param	string
584 584
 	* @return	string
585 585
 	*/
586  
-	protected function _clean_input_keys($str)
  586
+	protected function _clean_input_keys($str, $cookie = FALSE)
587 587
 	{
588 588
 		if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str))
589 589
 		{
590  
-			set_status_header(503);
591  
-			exit('Disallowed Key Characters.');
  590
+			// If $cookie true we will unset it
  591
+			if ($cookie)
  592
+			{
  593
+				unset($_COOKIE[$str]);
  594
+			}
  595
+			else
  596
+			{
  597
+				set_status_header(503);
  598
+				exit('Disallowed Key Characters.');
  599
+			}
592 600
 		}
593 601
 
594 602
 		// Clean UTF-8 if supported
1  user_guide_src/source/changelog.rst
Source Rendered
@@ -123,6 +123,7 @@ Bug fixes for 3.0
123 123
 -  Fixed a bug (#638) - db_set_charset() ignored its arguments and always used the configured charset and collation instead.
124 124
 -  Fixed a bug (#413) - Oracle's _error_message() and _error_number() methods used to only return connection-related errors.
125 125
 -  Fixed a bug (#804) - Profiler library was trying to handle objects as strings in some cases, resulting in warnings being issued by htmlspecialchars().
  126
+-  Fixed a bug (#33) - CodeIgniter attempts to validate data it didn't create and crashes.
126 127
 
127 128
 Version 2.1.1
128 129
 =============
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.