summaryrefslogtreecommitdiffstats
path: root/system/helpers/cookie_helper.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-01-08 16:19:03 +0100
committerAndrey Andreev <narf@devilix.net>2014-01-08 16:19:03 +0100
commit80a16b1cd0d4716b5ea41497685a8fac02e34333 (patch)
tree3705897a0412c65f0ff4e01f6733a67217064bff /system/helpers/cookie_helper.php
parentfb614478990694c3622baee2d01b414638c26508 (diff)
Fix #346
When ['global_xss_filtering'] was turned on, the , , & superglobals were automatically overwritten. This resulted in one of the following problems: - xss_clean() being called twice - Inability to retrieve the original (not filtered) value XSS filtering is now only applied on demand by the Input class, and the default value for the parameter in CI_Input methods is changed to NULL. Unless a boolean value is passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering'] value.
Diffstat (limited to 'system/helpers/cookie_helper.php')
-rw-r--r--system/helpers/cookie_helper.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/system/helpers/cookie_helper.php b/system/helpers/cookie_helper.php
index 5cdcdd137..a79083a63 100644
--- a/system/helpers/cookie_helper.php
+++ b/system/helpers/cookie_helper.php
@@ -74,8 +74,9 @@ if ( ! function_exists('get_cookie'))
* @param bool
* @return mixed
*/
- function get_cookie($index, $xss_clean = FALSE)
+ function get_cookie($index, $xss_clean = NULL)
{
+ is_bool($xss_clean) OR $xss_clean = (config_item('global_xss_filtering') === TRUE);
$prefix = isset($_COOKIE[$index]) ? '' : config_item('cookie_prefix');
return get_instance()->input->cookie($prefix.$index, $xss_clean);
}