summaryrefslogtreecommitdiffstats
path: root/system/core/Input.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-01-08 16:19:03 +0100
committerAndrey Andreev <narf@devilix.net>2014-01-08 16:19:03 +0100
commit80a16b1cd0d4716b5ea41497685a8fac02e34333 (patch)
tree3705897a0412c65f0ff4e01f6733a67217064bff /system/core/Input.php
parentfb614478990694c3622baee2d01b414638c26508 (diff)
Fix #346
When ['global_xss_filtering'] was turned on, the , , & superglobals were automatically overwritten. This resulted in one of the following problems: - xss_clean() being called twice - Inability to retrieve the original (not filtered) value XSS filtering is now only applied on demand by the Input class, and the default value for the parameter in CI_Input methods is changed to NULL. Unless a boolean value is passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering'] value.
Diffstat (limited to 'system/core/Input.php')
-rw-r--r--system/core/Input.php38
1 files changed, 24 insertions, 14 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index 164867636..f5123fa5b 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -151,8 +151,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE)
+ protected function _fetch_from_array(&$array, $index = '', $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
+
if (isset($array[$index]))
{
$value = $array[$index];
@@ -197,8 +199,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function get($index = NULL, $xss_clean = FALSE)
+ public function get($index = NULL, $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
+
// Check if a field has been provided
if ($index === NULL)
{
@@ -229,8 +233,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function post($index = NULL, $xss_clean = FALSE)
+ public function post($index = NULL, $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
+
// Check if a field has been provided
if ($index === NULL)
{
@@ -261,8 +267,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function post_get($index = '', $xss_clean = FALSE)
+ public function post_get($index = '', $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
+
return isset($_POST[$index])
? $this->post($index, $xss_clean)
: $this->get($index, $xss_clean);
@@ -277,8 +285,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function get_post($index = '', $xss_clean = FALSE)
+ public function get_post($index = '', $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
+
return isset($_GET[$index])
? $this->get($index, $xss_clean)
: $this->post($index, $xss_clean);
@@ -293,8 +303,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function cookie($index = '', $xss_clean = FALSE)
+ public function cookie($index = '', $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
+
return $this->_fetch_from_array($_COOKIE, $index, $xss_clean);
}
@@ -307,8 +319,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function server($index = '', $xss_clean = FALSE)
+ public function server($index = '', $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
+
return $this->_fetch_from_array($_SERVER, $index, $xss_clean);
}
@@ -323,8 +337,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function input_stream($index = '', $xss_clean = FALSE)
+ public function input_stream($index = '', $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
+
// The input stream can only be read once, so we'll need to check
// if we have already done that first.
if (is_array($this->_input_stream))
@@ -760,12 +776,6 @@ class CI_Input {
// Remove control characters
$str = remove_invisible_characters($str, FALSE);
- // Should we filter the input data?
- if ($this->_enable_xss === TRUE)
- {
- $str = $this->security->xss_clean($str);
- }
-
// Standardize newlines if needed
if ($this->_standardize_newlines === TRUE)
{