diff options
| -rw-r--r-- | system/core/Input.php | 10 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
2 files changed, 7 insertions, 4 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index ded462190..164867636 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -687,9 +687,11 @@ class CI_Input { // but that when present will trip our 'Disallowed Key Characters' alarm // http://www.ietf.org/rfc/rfc2109.txt // note that the key names below are single quoted strings, and are not PHP variables - unset($_COOKIE['$Version']); - unset($_COOKIE['$Path']); - unset($_COOKIE['$Domain']); + unset( + $_COOKIE['$Version'], + $_COOKIE['$Path'], + $_COOKIE['$Domain'] + ); foreach ($_COOKIE as $key => $val) { @@ -756,7 +758,7 @@ class CI_Input { } // Remove control characters - $str = remove_invisible_characters($str); + $str = remove_invisible_characters($str, FALSE); // Should we filter the input data? if ($this->_enable_xss === TRUE) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 49ca39502..af9dcb0e8 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -645,6 +645,7 @@ Bug fixes for 3.0 - Fixed a bug (#2268) - :doc:`Security Library <libraries/security>` didn't properly match JavaScript events. - Fixed a bug (#2143) - :doc:`Form Validation Library <libraries/form_validation>` didn't check for rule groups named in a *controller/method* manner when trying to load from a config file. - Fixed a bug (#2762) - :doc:`Hooks Class <general/hooks>` didn't properly check if the called class/function exists. +- Fixed a bug (#346) - while sanitizing input data, ``CI_Input::_clean_input_data()`` assumed that it is URL-encoded, stripping certain character sequences from it. Version 2.1.4 ============= |