diff options
| author | paulburdick <devnull@localhost> | 2007-06-28 01:07:36 +0200 |
|---|---|---|
| committer | paulburdick <devnull@localhost> | 2007-06-28 01:07:36 +0200 |
| commit | 8816aaab7ac21d4e3ccd1eedd86462bc94aff2c1 (patch) | |
| tree | 5a0ed89551d23d022773feb0f0f58d479b30b818 /system/libraries | |
| parent | 391eb03004deee85b9b0e978982950723b9742b5 (diff) | |
Diffstat (limited to 'system/libraries')
| -rw-r--r-- | system/libraries/Input.php | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index f9d23ae79..9a73ab9b9 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -68,21 +68,30 @@ class CI_Input { */
function _sanitize_globals()
{
+ // Would kind of be "wrong" to unset any of these GLOBALS.
+ $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA');
+
// Unset globals for securiy.
// This is effectively the same as register_globals = off
foreach (array($_GET, $_POST, $_COOKIE) as $global)
{
if ( ! is_array($global))
{
- global $global;
- $$global = NULL;
+ if ( ! in_array($global, $protected))
+ {
+ global $global;
+ $$global = NULL;
+ }
}
else
{
foreach ($global as $key => $val)
{
- global $$key;
- $$key = NULL;
+ if ( ! in_array($key, $protected))
+ {
+ global $$key;
+ $$key = NULL;
+ }
}
}
}
|