diff options
author | Greg Aker <greg@gregaker.net> | 2011-08-20 20:58:37 +0200 |
---|---|---|
committer | Greg Aker <greg@gregaker.net> | 2011-08-20 20:58:37 +0200 |
commit | 394d8c5bd3e04bd7992793ca7c648f4306a9539d (patch) | |
tree | d061b4339f2c3f30428256efae741ab04fd2bf6e /system/core/Input.php | |
parent | 43194ea1af658914a89ca49aed4dca4617b9c4ff (diff) | |
parent | d56be70257696d0bbf2dcc880888d8dc17cba21c (diff) |
Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop
Diffstat (limited to 'system/core/Input.php')
-rwxr-xr-x[-rw-r--r--] | system/core/Input.php | 64 |
1 files changed, 51 insertions, 13 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index cfbef942d..5a033e7b8 100644..100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -28,15 +28,51 @@ */ class CI_Input { + /** + * IP address of the current user + * + * @var string + */ var $ip_address = FALSE; + /** + * user agent (web browser) being used by the current user + * + * @var string + */ var $user_agent = FALSE; + /** + * If FALSE, then $_GET will be set to an empty array + * + * @var bool + */ var $_allow_get_array = TRUE; + /** + * If TRUE, then newlines are standardized + * + * @var bool + */ var $_standardize_newlines = TRUE; - var $_enable_xss = FALSE; // Set automatically based on config setting - var $_enable_csrf = FALSE; // Set automatically based on config setting - + /** + * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered + * Set automatically based on config setting + * + * @var bool + */ + var $_enable_xss = FALSE; + /** + * Enables a CSRF cookie token to be set. + * Set automatically based on config setting + * + * @var bool + */ + var $_enable_csrf = FALSE; + /** + * List of all HTTP request headers + * + * @var array + */ protected $headers = array(); - + /** * Constructor @@ -147,7 +183,7 @@ class CI_Input { } return $post; } - + return $this->_fetch_from_array($_POST, $index, $xss_clean); } @@ -402,9 +438,9 @@ class CI_Input { function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. - $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', + $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', - 'system_folder', 'application_folder', 'BM', 'EXT', + 'system_folder', 'application_folder', 'BM', 'EXT', 'CFG', 'URI', 'RTR', 'OUT', 'IN'); // Unset globals for securiy. @@ -523,7 +559,7 @@ class CI_Input { { $str = $this->uni->clean_string($str); } - + // Remove control characters $str = remove_invisible_characters($str); @@ -579,9 +615,11 @@ class CI_Input { /** * Request Headers * - * In Apache, you can simply call apache_request_headers(), however for + * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * + * @param bool XSS cleaning + * * @return array */ public function request_headers($xss_clean = FALSE) @@ -609,10 +647,10 @@ class CI_Input { { $key = str_replace('_', ' ', strtolower($key)); $key = str_replace(' ', '-', ucwords($key)); - + $this->headers[$key] = $val; } - + return $this->headers; } @@ -633,7 +671,7 @@ class CI_Input { { $this->request_headers(); } - + if ( ! isset($this->headers[$index])) { return FALSE; @@ -644,7 +682,7 @@ class CI_Input { return $this->security->xss_clean($this->headers[$index]); } - return $this->headers[$index]; + return $this->headers[$index]; } // -------------------------------------------------------------------- |