Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

fixing cookie problem : issues #33 #794

Closed
wants to merge 1 commit into from

4 participants

@AmineCherrai

fixing cookie problem : issues #33

@AmineCherrai AmineCherrai commented on the diff
system/core/Input.php
((6 lines not shown))
{
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
- exit('Disallowed Key Characters.');
+ //if $cookie true will unset it
+ if($cookie)

if the cookie is 'dirty' we just unset it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@AmineCherrai AmineCherrai commented on the diff
system/core/Input.php
@@ -616,11 +616,19 @@ private function _clean_input_data($str)
* @param string
* @return string
*/
- private function _clean_input_keys($str)
+ private _clean_input_keys($str , $cookie = false)

private _clean_input_keys($str , $cookie = false)

if $str is a 'cookie', $cookie should be true to not get crash when while cookie is not clean

@it-can
it-can added a note

It should be: private function

thanks for notifying me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@it-can it-can commented on the diff
system/core/Input.php
@@ -554,14 +554,14 @@ private function _sanitize_globals()
* @param string
* @return string
*/
- private function _clean_input_data($str)
+ private _clean_input_data($str, $cookie = false)
@it-can
it-can added a note

It shoud be: private function

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@it-can

Your functions don't work because you forget the word "function" after "private"

@it-can

Can you update your code so it can be merged...

@gaker

Generally speaking, functions and class vars in core code can't be private so developers are able to extend them as they please.

@it-can

I did a rewrite of your pull request: #902

@it-can it-can referenced this pull request
Closed

Rewrite fix issue #33 #902

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 17, 2011
  1. @AmineCherrai
This page is out of date. Refresh to see the latest.
Showing with 13 additions and 5 deletions.
  1. +13 −5 system/core/Input.php
View
18 system/core/Input.php
@@ -525,7 +525,7 @@ private function _sanitize_globals()
foreach ($_COOKIE as $key => $val)
{
- $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ $_COOKIE[$this->_clean_input_keys($key,true)] = $this->_clean_input_data($val, true);
}
}
@@ -554,14 +554,14 @@ private function _sanitize_globals()
* @param string
* @return string
*/
- private function _clean_input_data($str)
+ private _clean_input_data($str, $cookie = false)
@it-can
it-can added a note

It shoud be: private function

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
{
if (is_array($str))
{
$new_array = array();
foreach ($str as $key => $val)
{
- $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ $new_array[$this->_clean_input_keys($key, $cookie)] = $this->_clean_input_data($val, $cookie);
}
return $new_array;
}
@@ -616,11 +616,19 @@ private function _clean_input_data($str)
* @param string
* @return string
*/
- private function _clean_input_keys($str)
+ private _clean_input_keys($str , $cookie = false)

private _clean_input_keys($str , $cookie = false)

if $str is a 'cookie', $cookie should be true to not get crash when while cookie is not clean

@it-can
it-can added a note

It should be: private function

thanks for notifying me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
{
if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
{
- exit('Disallowed Key Characters.');
+ //if $cookie true will unset it
+ if($cookie)

if the cookie is 'dirty' we just unset it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ {
+ unset($_COOKIE[$str]);
+ }
+ else
+ {
+ exit('Disallowed Key Characters.');
+ }
}
// Clean UTF-8 if supported
Something went wrong with that request. Please try again.