diff options
-rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 5 | ||||
-rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 5 | ||||
-rw-r--r-- | system/libraries/Input.php | 17 |
3 files changed, 10 insertions, 17 deletions
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 367c2d11f..50f4ecfbf 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -222,11 +222,6 @@ class CI_DB_mysql_driver extends CI_DB { */
function escape_str($str)
{
- if (get_magic_quotes_gpc())
- {
- return $str;
- }
-
if (function_exists('mysql_real_escape_string'))
{
return mysql_real_escape_string($str, $this->conn_id);
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 98e7f6c76..9cfc68ea6 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -225,11 +225,6 @@ class CI_DB_mysqli_driver extends CI_DB { */
function escape_str($str)
{
- if (get_magic_quotes_gpc())
- {
- return $str;
- }
-
return mysqli_real_escape_string($this->conn_id, $str);
}
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 63a6833d6..f113cff71 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -68,7 +68,8 @@ class CI_Input { */
function _sanitize_globals()
{
- // Unset globals. This is effectively the same as register_globals = off
+ // Unset globals for securiy.
+ // This is effectively the same as register_globals = off
foreach (array($_GET, $_POST, $_COOKIE) as $global)
{
if ( ! is_array($global))
@@ -147,6 +148,13 @@ class CI_Input { return $new_array;
}
+ // We strip slashes if magic quotes is on to keep things consistent
+ if (get_magic_quotes_gpc())
+ {
+ $str = stripslashes($str);
+ }
+
+ // Should we filter the input data?
if ($this->use_xss_clean === TRUE)
{
$str = $this->xss_clean($str);
@@ -175,12 +183,7 @@ class CI_Input { {
exit('Disallowed Key Characters.');
}
-
- if ( ! get_magic_quotes_gpc())
- {
- return addslashes($str);
- }
-
+
return $str;
}
|