POST scrubbing issue #1777

Closed
zrr4990 opened this Issue Sep 5, 2012 · 2 comments

Projects

None yet

2 participants

@zrr4990
zrr4990 commented Sep 5, 2012

I'm using the latest version of CodeIgniter on a box with PHP Version 5.2.10-2ubuntu6.10.

When I submit POST data it appears to be scrubbed and decoded even though I have the xss_clean global turned off.

This is causing problems when passwords are submitted and certain sequences are not grabbed as raw post data.

@zrr4990
zrr4990 commented Sep 5, 2012

To elaborate, if I submit the characters %11 in a <input ... /> field, when I get the POST data, it gives me a NULL character in the POST data.

Now, if I remove the code inside the remove_invisible_characters($str, $url_encoded=TRUE) function at line 512 of system/core/common.php, then I get the correct raw post data, seen as %11.

@narfbg
Collaborator
narfbg commented Oct 26, 2012

Duplicate of #148

@narfbg narfbg closed this Oct 26, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment