summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/config.php28
-rw-r--r--system/core/Input.php23
-rw-r--r--user_guide_src/source/changelog.rst2
-rw-r--r--user_guide_src/source/installation/upgrade_320.rst7
-rw-r--r--user_guide_src/source/libraries/input.rst4
5 files changed, 8 insertions, 56 deletions
diff --git a/application/config/config.php b/application/config/config.php
index c088e80c0..535f0f817 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -193,20 +193,6 @@ $config['directory_trigger'] = 'd';
/*
|--------------------------------------------------------------------------
-| Allow $_GET array
-|--------------------------------------------------------------------------
-|
-| By default CodeIgniter enables access to the $_GET array. If for some
-| reason you would like to disable it, set 'allow_get_array' to FALSE.
-|
-| WARNING: This feature is DEPRECATED and currently available only
-| for backwards compatibility purposes!
-|
-*/
-$config['allow_get_array'] = TRUE;
-
-/*
-|--------------------------------------------------------------------------
| Error Logging Threshold
|--------------------------------------------------------------------------
|
@@ -412,20 +398,6 @@ $config['cookie_httponly'] = FALSE;
/*
|--------------------------------------------------------------------------
-| Standardize newlines
-|--------------------------------------------------------------------------
-|
-| Determines whether to standardize newline characters in input data,
-| meaning to replace \r\n, \r, \n occurrences with the PHP_EOL value.
-|
-| WARNING: This feature is DEPRECATED and currently available only
-| for backwards compatibility purposes!
-|
-*/
-$config['standardize_newlines'] = FALSE;
-
-/*
-|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
diff --git a/system/core/Input.php b/system/core/Input.php
index ec57cd448..a6be7b517 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -58,15 +58,6 @@ class CI_Input {
protected $ip_address = FALSE;
/**
- * Allow GET array flag
- *
- * If set to FALSE, then $_GET will be set to an empty array.
- *
- * @var bool
- */
- protected $_allow_get_array = TRUE;
-
- /**
* Enable XSS flag
*
* Determines whether the XSS filter is always active when
@@ -128,7 +119,6 @@ class CI_Input {
*/
public function __construct()
{
- $this->_allow_get_array = (config_item('allow_get_array') === TRUE);
$this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
$this->_enable_csrf = (config_item('csrf_protection') === TRUE);
@@ -149,13 +139,6 @@ class CI_Input {
$this->security->csrf_verify();
}
- if ( ! empty($_POST) && config_item('standardize_newlines') === TRUE)
- {
- array_walk_recursive($_POST, function(&$value) {
- $value = preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $value);
- });
- }
-
log_message('info', 'Input Class Initialized');
}
@@ -598,11 +581,7 @@ class CI_Input {
protected function _sanitize_globals()
{
// Is $_GET data allowed? If not we'll set the $_GET to an empty array
- if ($this->_allow_get_array === FALSE)
- {
- $_GET = array();
- }
- elseif (is_array($_GET))
+ if (is_array($_GET))
{
foreach ($_GET as $key => $val)
{
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 7e2d4a9ca..a0f91a148 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -10,6 +10,8 @@ Release Date: Not Released
- Core
- Changed :doc:`URI Library <libraries/uri>` to ignore the ``$config['url_suffix']``, ``$config['permitted_uri_chars']`` configuration settings for CLI requests.
+ - Removed previously deprecated ``$config['allow_get_array']``.
+ - Removed previously deprecated ``$config['standardize_newlines']``.
- Removed previously deprecated :doc:`Input Library <libraries/input>` method ``is_cli_request()`` (use :php:func:`is_cli()` instead).
- Removed previously deprecated :doc:`Routing Class <general/routing>` methods ``fetch_directory()``, ``fetch_class()`` and ``fetch_method()`` (use the respective class properties instead).
- Removed previously deprecated :doc:`Config Library <libraries/config>` method ``system_url()`` (encourages insecure practices).
diff --git a/user_guide_src/source/installation/upgrade_320.rst b/user_guide_src/source/installation/upgrade_320.rst
index b587470f2..6501f40db 100644
--- a/user_guide_src/source/installation/upgrade_320.rst
+++ b/user_guide_src/source/installation/upgrade_320.rst
@@ -128,8 +128,11 @@ HTML 5 formatting.
Step 7: Remove usage of previously deprecated functionalities
=============================================================
-The following is a list of functionalities deprecated in CodeIgniter
-version 3.0.x, that have been removed in 3.2.0:
+The following is a list of functionalities deprecated in previous
+CodeIgniter versions that have been removed in 3.2.0:
+
+- ``$config['allow_get_array']`` (use ``$_GET = array();`` instead)
+- ``$config['standardize_newlines']``
- ``CI_Input::is_cli_request()`` (use :php:func:`is_cli()` instead)
- ``CI_Router::fetch_directory()`` (use ``CI_Router::$directory`` instead)
diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst
index 899070ef4..8b816a567 100644
--- a/user_guide_src/source/libraries/input.rst
+++ b/user_guide_src/source/libraries/input.rst
@@ -28,16 +28,12 @@ The security filtering method is called automatically when a new
:doc:`controller <../general/controllers>` is invoked. It does the
following:
-- If ``$config['allow_get_array']`` is FALSE (default is TRUE), destroys
- the global GET array.
- Destroys all global variables in the event register_globals is
turned on.
- Filters the GET/POST/COOKIE array keys, permitting only alpha-numeric
(and a few other) characters.
- Provides XSS (Cross-site Scripting Hacks) filtering. This can be
enabled globally, or upon request.
-- Standardizes newline characters to ``PHP_EOL`` (\\n in UNIX-based OSes,
- \\r\\n under Windows). This is configurable.
XSS Filtering
=============