Skip to content
Browse files

updated branch + changelog

  • Loading branch information...
1 parent 206a4a3 commit e6e4074ba2b37c002be6feebafcec2e24a5fa902 @it-can committed Mar 2, 2012
Showing with 15 additions and 6 deletions.
  1. +14 −6 system/core/Input.php
  2. +1 −0 user_guide_src/source/changelog.rst
View
20 system/core/Input.php
@@ -498,7 +498,7 @@ protected function _sanitize_globals()
foreach ($_COOKIE as $key => $val)
{
- $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ $_COOKIE[$this->_clean_input_keys($key, TRUE)] = $this->_clean_input_data($val, TRUE);
}
}
@@ -525,14 +525,14 @@ protected function _sanitize_globals()
* @param string
* @return string
*/
- protected function _clean_input_data($str)
+ protected function _clean_input_data($str, $cookie = FALSE)
{
if (is_array($str))
{
$new_array = array();
foreach ($str as $key => $val)
{
- $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ $new_array[$this->_clean_input_keys($key, $cookie)] = $this->_clean_input_data($val, $cookie);
}
return $new_array;
}
@@ -583,12 +583,20 @@ protected function _clean_input_data($str)
* @param string
* @return string
*/
- protected function _clean_input_keys($str)
+ protected function _clean_input_keys($str, $cookie = FALSE)
{
if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str))
{
- set_status_header(503);
- exit('Disallowed Key Characters.');
+ // If $cookie true we will unset it
+ if ($cookie)
+ {
+ unset($_COOKIE[$str]);
+ }
+ else
+ {
+ set_status_header(503);
+ exit('Disallowed Key Characters.');
+ }
}
// Clean UTF-8 if supported
View
1 user_guide_src/source/changelog.rst
@@ -123,6 +123,7 @@ Bug fixes for 3.0
- Fixed a bug (#638) - db_set_charset() ignored its arguments and always used the configured charset and collation instead.
- Fixed a bug (#413) - Oracle's _error_message() and _error_number() methods used to only return connection-related errors.
- Fixed a bug (#804) - Profiler library was trying to handle objects as strings in some cases, resulting in warnings being issued by htmlspecialchars().
+- Fixed a bug (#33) - CodeIgniter attempts to validate data it didn't create and crashes.
Version 2.1.1
=============

0 comments on commit e6e4074

Please sign in to comment.
Something went wrong with that request. Please try again.