Fix #346

When ['global_xss_filtering'] was turned on, the , , & superglobals were automatically overwritten. This resulted in one of the following problems: - xss_clean() being called twice - Inability to retrieve the original (not filtered) value XSS filtering is now only applied on demand by the Input class, and the default value for the parameter in CI_Input methods is changed to NULL. Unless a boolean value is passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering'] value.
author: Andrey Andreev <narf@devilix.net> 2014-01-08 16:19:03 +0100
committer: Andrey Andreev <narf@devilix.net> 2014-01-08 16:19:03 +0100
commit: 80a16b1cd0d4716b5ea41497685a8fac02e34333 (patch)
tree: 3705897a0412c65f0ff4e01f6733a67217064bff /system/helpers
parent: fb614478990694c3622baee2d01b414638c26508 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/system/helpers/cookie_helper.php b/system/helpers/cookie_helper.php
index 5cdcdd137..a79083a63 100644
--- a/system/helpers/cookie_helper.php
+++ b/system/helpers/cookie_helper.php
@@ -74,8 +74,9 @@ if ( ! function_exists('get_cookie'))
 	 * @param	bool
 	 * @return	mixed
 	 */
-	function get_cookie($index, $xss_clean = FALSE)
+	function get_cookie($index, $xss_clean = NULL)
 	{
+		is_bool($xss_clean) OR $xss_clean = (config_item('global_xss_filtering') === TRUE);
 		$prefix = isset($_COOKIE[$index]) ? '' : config_item('cookie_prefix');
 		return get_instance()->input->cookie($prefix.$index, $xss_clean);
 	}
author	Andrey Andreev <narf@devilix.net>	2014-01-08 16:19:03 +0100
committer	Andrey Andreev <narf@devilix.net>	2014-01-08 16:19:03 +0100
commit	80a16b1cd0d4716b5ea41497685a8fac02e34333 (patch)
tree	3705897a0412c65f0ff4e01f6733a67217064bff /system/helpers
parent	fb614478990694c3622baee2d01b414638c26508 (diff)