diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-01-24 21:48:07 +0100 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-01-24 21:48:07 +0100 |
commit | d85a11e9f9da50d04c724c0a4bc8c9ee734f2f59 (patch) | |
tree | f1b4aec6729d2dedc5ae8c5728bc119d7f98ca0d | |
parent | af9526259228800a7bef84d1396d1325c0c41a21 (diff) |
added CI's global variables to the protected array in_sanitize_globals()
-rw-r--r-- | system/libraries/Input.php | 7 | ||||
-rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 5 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index de70738e2..1874b3790 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -68,8 +68,9 @@ class CI_Input { */
function _sanitize_globals()
{
- // Would kind of be "wrong" to unset any of these GLOBALS.
- $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA');
+ // Would kind of be "wrong" to unset any of these GLOBALS
+ $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
+ 'system_folder', 'application_folder', 'BM', 'EXT', 'CFG', 'URI', 'RTR', 'OUT', 'IN');
// Unset globals for securiy.
// This is effectively the same as register_globals = off
@@ -79,7 +80,7 @@ class CI_Input { {
if ( ! in_array($global, $protected))
{
- global $global;
+ global $$global;
$$global = NULL;
}
}
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 6f0ec6755..96f0a67e8 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -158,6 +158,7 @@ Change Log <ul>
<li>Removed an extraneous call to loading models (#3286).</li>
<li>Removed extraneous load of $CFG in _display_cache() of the Output class (#3285)</li>
+ <li>Fixed a bug (#3310) with sanitization of globals in the Input class that could unset CI's global variables.</li>
<li>Fixed a bug (#1890) in csv_from_result() where content that included the delimiter would break the file.</li>
<li>Fixed a bug (#3156) in Text Helper highlight_code() causing PHP tags to be handled incorrectly.</li>
<li>Fixed a bug (#3289) in the File Helper where temp files in directories being tested with is_really_writable() were not being handled properly</li>
|