summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorpaulburdick <devnull@localhost>2007-06-28 01:07:36 +0200
committerpaulburdick <devnull@localhost>2007-06-28 01:07:36 +0200
commit8816aaab7ac21d4e3ccd1eedd86462bc94aff2c1 (patch)
tree5a0ed89551d23d022773feb0f0f58d479b30b818 /system
parent391eb03004deee85b9b0e978982950723b9742b5 (diff)
Diffstat (limited to 'system')
-rw-r--r--system/libraries/Input.php17
1 files changed, 13 insertions, 4 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index f9d23ae79..9a73ab9b9 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -68,21 +68,30 @@ class CI_Input {
*/
function _sanitize_globals()
{
+ // Would kind of be "wrong" to unset any of these GLOBALS.
+ $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA');
+
// Unset globals for securiy.
// This is effectively the same as register_globals = off
foreach (array($_GET, $_POST, $_COOKIE) as $global)
{
if ( ! is_array($global))
{
- global $global;
- $$global = NULL;
+ if ( ! in_array($global, $protected))
+ {
+ global $global;
+ $$global = NULL;
+ }
}
else
{
foreach ($global as $key => $val)
{
- global $$key;
- $$key = NULL;
+ if ( ! in_array($key, $protected))
+ {
+ global $$key;
+ $$key = NULL;
+ }
}
}
}