diff options
| -rw-r--r-- | system/libraries/Input.php | 8 | ||||
| -rw-r--r-- | user_guide/changelog.html | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 853b06d7a..f840c433c 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -140,6 +140,14 @@ class CI_Input { $_POST = $this->_clean_input_data($_POST);
// Clean $_COOKIE Data
+ // Also get rid of specially treated cookies that might be set by a server
+ // or silly application, that are of no use to a CI application anyway
+ // but that when present will trip our 'Disallowed Key Characters' alarm
+ // http://www.ietf.org/rfc/rfc2109.txt
+ // note that the key names below are single quoted strings, and are not PHP variables
+ unset($_COOKIE['$Version']);
+ unset($_COOKIE['$Path']);
+ unset($_COOKIE['$Domain'])
$_COOKIE = $this->_clean_input_data($_COOKIE);
log_message('debug', "Global POST and COOKIE data sanitized");
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index a822b6c4b..6595807b5 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -103,6 +103,8 @@ SVN Revision: XXXX</p> <li>Modified Pagination library to only output the "First" link when the link for page one would not be shown.</li>
<li>Added a file lock check during caching, before trying to write to the file.</li>
<li>Added driver name variable in each DB driver, based on this bug report: #4436</li>
+ <li>Modified Cookie key cleaning to unset a few troublesome key names that can be present in certain environments,
+ preventing CI from halting execution.</li>
</ul>
</li>
</ul>
|