diff options
author | Andrey Andreev <narf@devilix.net> | 2014-01-08 16:19:03 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-01-08 16:19:03 +0100 |
commit | 80a16b1cd0d4716b5ea41497685a8fac02e34333 (patch) | |
tree | 3705897a0412c65f0ff4e01f6733a67217064bff /system/helpers/cookie_helper.php | |
parent | fb614478990694c3622baee2d01b414638c26508 (diff) |
Fix #346
When ['global_xss_filtering'] was turned on, the , , &
superglobals were automatically overwritten. This resulted in one of the following problems:
- xss_clean() being called twice
- Inability to retrieve the original (not filtered) value
XSS filtering is now only applied on demand by the Input class, and the default value for
the parameter in CI_Input methods is changed to NULL. Unless a boolean value is
passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering']
value.
Diffstat (limited to 'system/helpers/cookie_helper.php')
-rw-r--r-- | system/helpers/cookie_helper.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/system/helpers/cookie_helper.php b/system/helpers/cookie_helper.php index 5cdcdd137..a79083a63 100644 --- a/system/helpers/cookie_helper.php +++ b/system/helpers/cookie_helper.php @@ -74,8 +74,9 @@ if ( ! function_exists('get_cookie')) * @param bool * @return mixed */ - function get_cookie($index, $xss_clean = FALSE) + function get_cookie($index, $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = (config_item('global_xss_filtering') === TRUE); $prefix = isset($_COOKIE[$index]) ? '' : config_item('cookie_prefix'); return get_instance()->input->cookie($prefix.$index, $xss_clean); } |