diff options
author | Rick Ellis <rick.ellis@ellislab.com> | 2007-06-09 02:16:13 +0200 |
---|---|---|
committer | Rick Ellis <rick.ellis@ellislab.com> | 2007-06-09 02:16:13 +0200 |
commit | bb2041dc4e5a121de9321fbf87846b7358d59d39 (patch) | |
tree | 683ccdbb1911937902435f52ae43d15c695e18b4 /system/libraries | |
parent | d885680948438cf59ad3d67820fb3ac2c6f7a8c6 (diff) |
Diffstat (limited to 'system/libraries')
-rw-r--r-- | system/libraries/Input.php | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 63a6833d6..f113cff71 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -68,7 +68,8 @@ class CI_Input { */
function _sanitize_globals()
{
- // Unset globals. This is effectively the same as register_globals = off
+ // Unset globals for securiy.
+ // This is effectively the same as register_globals = off
foreach (array($_GET, $_POST, $_COOKIE) as $global)
{
if ( ! is_array($global))
@@ -147,6 +148,13 @@ class CI_Input { return $new_array;
}
+ // We strip slashes if magic quotes is on to keep things consistent
+ if (get_magic_quotes_gpc())
+ {
+ $str = stripslashes($str);
+ }
+
+ // Should we filter the input data?
if ($this->use_xss_clean === TRUE)
{
$str = $this->xss_clean($str);
@@ -175,12 +183,7 @@ class CI_Input { {
exit('Disallowed Key Characters.');
}
-
- if ( ! get_magic_quotes_gpc())
- {
- return addslashes($str);
- }
-
+
return $str;
}
|