unset $Version, $Path, and $Domain cookie keys, to prevent Disallowed Key Characters from halting app execution on environments which improperly set these as keys

author: Derek Jones <derek.jones@ellislab.com> 2008-10-07 04:03:16 +0200
committer: Derek Jones <derek.jones@ellislab.com> 2008-10-07 04:03:16 +0200
commit: 98e2532e5bd31dc8ec7c88e60b463436157ca011 (patch)
tree: 36de9204d495eec087b1f4ad67c932b07cde9314 /system/libraries/Input.php
parent: 920b422881cd983c1e519852741ac324933437c2 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 853b06d7a..f840c433c 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -140,6 +140,14 @@ class CI_Input {
 		$_POST = $this->_clean_input_data($_POST);
 		
 		// Clean $_COOKIE Data
+		// Also get rid of specially treated cookies that might be set by a server
+		// or silly application, that are of no use to a CI application anyway
+		// but that when present will trip our 'Disallowed Key Characters' alarm
+		// http://www.ietf.org/rfc/rfc2109.txt
+		// note that the key names below are single quoted strings, and are not PHP variables
+		unset($_COOKIE['$Version']);
+		unset($_COOKIE['$Path']);
+		unset($_COOKIE['$Domain'])
 		$_COOKIE = $this->_clean_input_data($_COOKIE);
 
 		log_message('debug', "Global POST and COOKIE data sanitized");
author	Derek Jones <derek.jones@ellislab.com>	2008-10-07 04:03:16 +0200
committer	Derek Jones <derek.jones@ellislab.com>	2008-10-07 04:03:16 +0200
commit	98e2532e5bd31dc8ec7c88e60b463436157ca011 (patch)
tree	36de9204d495eec087b1f4ad67c932b07cde9314 /system/libraries/Input.php
parent	920b422881cd983c1e519852741ac324933437c2 (diff)