Skip to content

Loading…

Rewrite fix issue #33 #902

Closed
wants to merge 4 commits into from

4 participants

@it-can

This is a rewrite of pull request (#794) from @MidnightHack
Related issue is #33

@AmineCherrai

thanks

@ckdarby

@narfbg Any idea why this pull was never taken?

@narfbg

fd0aabb

Thanks @IT-Can for the initial solution.

@narfbg narfbg closed this
@it-can it-can deleted the unknown repository branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 9, 2012
  1. @it-can

    rewrite fix issue #33

    it-can committed
Commits on Jan 10, 2012
  1. @it-can

    styling fixes

    it-can committed
Commits on Mar 2, 2012
  1. @it-can

    Merge branch 'develop' of git://github.com/EllisLab/CodeIgniter into …

    it-can committed
    …develop-fixes-33
    
    Conflicts:
    	system/core/Input.php
  2. @it-can

    updated branch + changelog

    it-can committed
This page is out of date. Refresh to see the latest.
Showing with 15 additions and 6 deletions.
  1. +14 −6 system/core/Input.php
  2. +1 −0 user_guide_src/source/changelog.rst
View
20 system/core/Input.php
@@ -498,7 +498,7 @@ protected function _sanitize_globals()
foreach ($_COOKIE as $key => $val)
{
- $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ $_COOKIE[$this->_clean_input_keys($key, TRUE)] = $this->_clean_input_data($val, TRUE);
}
}
@@ -525,14 +525,14 @@ protected function _sanitize_globals()
* @param string
* @return string
*/
- protected function _clean_input_data($str)
+ protected function _clean_input_data($str, $cookie = FALSE)
{
if (is_array($str))
{
$new_array = array();
foreach ($str as $key => $val)
{
- $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ $new_array[$this->_clean_input_keys($key, $cookie)] = $this->_clean_input_data($val, $cookie);
}
return $new_array;
}
@@ -583,12 +583,20 @@ protected function _clean_input_data($str)
* @param string
* @return string
*/
- protected function _clean_input_keys($str)
+ protected function _clean_input_keys($str, $cookie = FALSE)
{
if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str))
{
- set_status_header(503);
- exit('Disallowed Key Characters.');
+ // If $cookie true we will unset it
+ if ($cookie)
+ {
+ unset($_COOKIE[$str]);
+ }
+ else
+ {
+ set_status_header(503);
+ exit('Disallowed Key Characters.');
+ }
}
// Clean UTF-8 if supported
View
1 user_guide_src/source/changelog.rst
@@ -123,6 +123,7 @@ Bug fixes for 3.0
- Fixed a bug (#638) - db_set_charset() ignored its arguments and always used the configured charset and collation instead.
- Fixed a bug (#413) - Oracle's _error_message() and _error_number() methods used to only return connection-related errors.
- Fixed a bug (#804) - Profiler library was trying to handle objects as strings in some cases, resulting in warnings being issued by htmlspecialchars().
+- Fixed a bug (#33) - CodeIgniter attempts to validate data it didn't create and crashes.
Version 2.1.1
=============
Something went wrong with that request. Please try again.