summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2008-01-24 21:48:07 +0100
committerDerek Jones <derek.jones@ellislab.com>2008-01-24 21:48:07 +0100
commitd85a11e9f9da50d04c724c0a4bc8c9ee734f2f59 (patch)
treef1b4aec6729d2dedc5ae8c5728bc119d7f98ca0d
parentaf9526259228800a7bef84d1396d1325c0c41a21 (diff)
added CI's global variables to the protected array in_sanitize_globals()
-rw-r--r--system/libraries/Input.php7
-rw-r--r--user_guide/changelog.html1
2 files changed, 5 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index de70738e2..1874b3790 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -68,8 +68,9 @@ class CI_Input {
*/
function _sanitize_globals()
{
- // Would kind of be "wrong" to unset any of these GLOBALS.
- $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA');
+ // Would kind of be "wrong" to unset any of these GLOBALS
+ $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
+ 'system_folder', 'application_folder', 'BM', 'EXT', 'CFG', 'URI', 'RTR', 'OUT', 'IN');
// Unset globals for securiy.
// This is effectively the same as register_globals = off
@@ -79,7 +80,7 @@ class CI_Input {
{
if ( ! in_array($global, $protected))
{
- global $global;
+ global $$global;
$$global = NULL;
}
}
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 6f0ec6755..96f0a67e8 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -158,6 +158,7 @@ Change Log
<ul>
<li>Removed an extraneous call to loading models (#3286).</li>
<li>Removed extraneous load of $CFG in _display_cache() of the Output class (#3285)</li>
+ <li>Fixed a bug (#3310) with sanitization of globals in the Input class that could unset CI's global variables.</li>
<li>Fixed a bug (#1890) in csv_from_result() where content that included the delimiter would break the file.</li>
<li>Fixed a bug (#3156) in Text Helper highlight_code() causing PHP tags to be handled incorrectly.</li>
<li>Fixed a bug (#3289) in the File Helper where temp files in directories being tested with is_really_writable() were not being handled properly</li>