diff options
author | Andrey Andreev <narf@devilix.net> | 2014-01-08 16:19:03 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-01-08 16:19:03 +0100 |
commit | 80a16b1cd0d4716b5ea41497685a8fac02e34333 (patch) | |
tree | 3705897a0412c65f0ff4e01f6733a67217064bff /system/helpers/security_helper.php | |
parent | fb614478990694c3622baee2d01b414638c26508 (diff) |
Fix #346
When ['global_xss_filtering'] was turned on, the , , &
superglobals were automatically overwritten. This resulted in one of the following problems:
- xss_clean() being called twice
- Inability to retrieve the original (not filtered) value
XSS filtering is now only applied on demand by the Input class, and the default value for
the parameter in CI_Input methods is changed to NULL. Unless a boolean value is
passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering']
value.
Diffstat (limited to 'system/helpers/security_helper.php')
0 files changed, 0 insertions, 0 deletions