Rewrite fix issue #33 #902

Closed
wants to merge 4 commits into
from
Jump to file or symbol
Failed to load files and symbols.
+15 −6
Diff settings

Always

Just for now

View
@@ -498,7 +498,7 @@ protected function _sanitize_globals()
foreach ($_COOKIE as $key => $val)
{
- $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ $_COOKIE[$this->_clean_input_keys($key, TRUE)] = $this->_clean_input_data($val, TRUE);
}
}
@@ -525,14 +525,14 @@ protected function _sanitize_globals()
* @param string
* @return string
*/
- protected function _clean_input_data($str)
+ protected function _clean_input_data($str, $cookie = FALSE)
{
if (is_array($str))
{
$new_array = array();
foreach ($str as $key => $val)
{
- $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ $new_array[$this->_clean_input_keys($key, $cookie)] = $this->_clean_input_data($val, $cookie);
}
return $new_array;
}
@@ -583,12 +583,20 @@ protected function _clean_input_data($str)
* @param string
* @return string
*/
- protected function _clean_input_keys($str)
+ protected function _clean_input_keys($str, $cookie = FALSE)
{
if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str))
{
- set_status_header(503);
- exit('Disallowed Key Characters.');
+ // If $cookie true we will unset it
+ if ($cookie)
+ {
+ unset($_COOKIE[$str]);
+ }
+ else
+ {
+ set_status_header(503);
+ exit('Disallowed Key Characters.');
+ }
}
// Clean UTF-8 if supported
@@ -123,6 +123,7 @@ Bug fixes for 3.0
- Fixed a bug (#638) - db_set_charset() ignored its arguments and always used the configured charset and collation instead.
- Fixed a bug (#413) - Oracle's _error_message() and _error_number() methods used to only return connection-related errors.
- Fixed a bug (#804) - Profiler library was trying to handle objects as strings in some cases, resulting in warnings being issued by htmlspecialchars().
+- Fixed a bug (#33) - CodeIgniter attempts to validate data it didn't create and crashes.
Version 2.1.1
=============