Input sanitize destroys session cookie #148

Closed
bitbucket-import opened this Issue Aug 19, 2011 · 0 comments

Comments

Projects
None yet
1 participant

When I add urlencoded data to my session the Input->_sanitize_globals() destroys the cookie data within the data.

For example, try to store the array bellow into your session data:
{{{

!php

array
'admin' =>
array
'id' => string '1' (length=1)
'nome' => string 'Ricardo' (length=7)
'sobrenome' => string 'Martins' (length=7)
'email' => string 'ricardo@example.info' (length=27)
'usuario' => string 'martins' (length=7)
'senha' => string 'e99a18c428cb38d5f260853678922e03' (length=32)
'administrador' => string '1' (length=1)
'ultimo_login' => string '2011-05-05 17:07:21' (length=19)
'dt_excluido' => null
'gravatar' => string 'http://www.gravatar.com/avatar/b8e7a05af0c27cbcd8c5f62ce32a49d6.jpg?s=55&d=http%3A%2F%2Flocalhost%2Facommerce%2Fstatic%2Fzapt%2Fimages%2Favatar.jpg'

}}}

When it checks for my gravatar data, it will destroy my session cookie and I loose my session.
It happens on the following line:
{{{

!php

$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
}}}

of Input.php.

I tried on 2.0.1 and 2.0.2 versions.

@Dentxinho Dentxinho pushed a commit to Dentxinho/CodeIgniter that referenced this issue Sep 28, 2012

@benedmunds benedmunds Merge pull request #148 from Codemonkey1991/2
Added norwegian language file
13500f4

narfbg closed this in 5ac428b Jan 8, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment