diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-01-08 15:07:31 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-01-08 15:07:31 +0100 |
| commit | 5ac428bea999a332b46b17fe26ee0045e5cfd39c (patch) | |
| tree | 7c7c758b77d39690093e68132026677a1a7f0b8b /user_guide_src/source | |
| parent | 119d8a7547e155edaaa53682b9247cd7e80d8c9d (diff) | |
Fix #148
CI_Input::_clean_input_data() assumed that all input data is URL-encoded while sanitizing it.
However, PHP already performs URL-decoding on it, so this is either redudant or overly
intrusive as it resulted in many, many reports of data containing '%' followed by 1 numeric
characters being essentially destroyed.
Supersedes PR #1229
Diffstat (limited to 'user_guide_src/source')
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 49ca39502..af9dcb0e8 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -645,6 +645,7 @@ Bug fixes for 3.0 - Fixed a bug (#2268) - :doc:`Security Library <libraries/security>` didn't properly match JavaScript events. - Fixed a bug (#2143) - :doc:`Form Validation Library <libraries/form_validation>` didn't check for rule groups named in a *controller/method* manner when trying to load from a config file. - Fixed a bug (#2762) - :doc:`Hooks Class <general/hooks>` didn't properly check if the called class/function exists. +- Fixed a bug (#346) - while sanitizing input data, ``CI_Input::_clean_input_data()`` assumed that it is URL-encoded, stripping certain character sequences from it. Version 2.1.4 ============= |