added CI's global variables to the protected array in_sanitize_globals()

author: Derek Jones <derek.jones@ellislab.com> 2008-01-24 21:48:07 +0100
committer: Derek Jones <derek.jones@ellislab.com> 2008-01-24 21:48:07 +0100
commit: d85a11e9f9da50d04c724c0a4bc8c9ee734f2f59 (patch)
tree: f1b4aec6729d2dedc5ae8c5728bc119d7f98ca0d /system/libraries
parent: af9526259228800a7bef84d1396d1325c0c41a21 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index de70738e2..1874b3790 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -68,8 +68,9 @@ class CI_Input {
 	 */
 	function _sanitize_globals()
 	{
-		// Would kind of be "wrong" to unset any of these GLOBALS.
-		$protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA');
+		// Would kind of be "wrong" to unset any of these GLOBALS
+		$protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
+							'system_folder', 'application_folder', 'BM', 'EXT', 'CFG', 'URI', 'RTR', 'OUT', 'IN');
 		
 		// Unset globals for securiy. 
 		// This is effectively the same as register_globals = off
@@ -79,7 +80,7 @@ class CI_Input {
 			{
 				if ( ! in_array($global, $protected))
 				{
-					global $global;
+					global $$global;
 					$$global = NULL;
 				}
 			}
author	Derek Jones <derek.jones@ellislab.com>	2008-01-24 21:48:07 +0100
committer	Derek Jones <derek.jones@ellislab.com>	2008-01-24 21:48:07 +0100
commit	d85a11e9f9da50d04c724c0a4bc8c9ee734f2f59 (patch)
tree	f1b4aec6729d2dedc5ae8c5728bc119d7f98ca0d /system/libraries
parent	af9526259228800a7bef84d1396d1325c0c41a21 (diff)