summaryrefslogtreecommitdiffstats
path: root/system/core/Input.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/core/Input.php')
-rwxr-xr-xsystem/core/Input.php53
1 files changed, 28 insertions, 25 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index fc2a550bc..73f46ba6a 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -44,28 +44,28 @@ class CI_Input {
* @var string
*/
public $ip_address = FALSE;
-
+
/**
* user agent (web browser) being used by the current user
*
* @var string
*/
public $user_agent = FALSE;
-
+
/**
* If FALSE, then $_GET will be set to an empty array
*
* @var bool
*/
protected $_allow_get_array = TRUE;
-
+
/**
* If TRUE, then newlines are standardized
*
* @var bool
*/
protected $_standardize_newlines = TRUE;
-
+
/**
* Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered
* Set automatically based on config setting
@@ -73,7 +73,7 @@ class CI_Input {
* @var bool
*/
protected $_enable_xss = FALSE;
-
+
/**
* Enables a CSRF cookie token to be set.
* Set automatically based on config setting
@@ -81,7 +81,7 @@ class CI_Input {
* @var bool
*/
protected $_enable_csrf = FALSE;
-
+
/**
* List of all HTTP request headers
*
@@ -94,6 +94,8 @@ class CI_Input {
*
* Sets whether to globally enable the XSS processing
* and whether to allow the $_GET array
+ *
+ * @return void
*/
public function __construct()
{
@@ -133,7 +135,7 @@ class CI_Input {
{
if ( ! isset($array[$index]))
{
- return FALSE;
+ return NULL;
}
if ($xss_clean === TRUE)
@@ -261,23 +263,27 @@ class CI_Input {
}
}
- if ($prefix == '' && config_item('cookie_prefix') != '')
+ if ($prefix === '' && config_item('cookie_prefix') !== '')
{
$prefix = config_item('cookie_prefix');
}
+
if ($domain == '' && config_item('cookie_domain') != '')
{
$domain = config_item('cookie_domain');
}
- if ($path == '/' && config_item('cookie_path') !== '/')
+
+ if ($path === '/' && config_item('cookie_path') !== '/')
{
$path = config_item('cookie_path');
}
- if ($secure == FALSE && config_item('cookie_secure') != FALSE)
+
+ if ($secure === FALSE && config_item('cookie_secure') !== FALSE)
{
$secure = config_item('cookie_secure');
}
- if ($httponly == FALSE && config_item('cookie_httponly') != FALSE)
+
+ if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE)
{
$httponly = config_item('cookie_httponly');
}
@@ -438,15 +444,7 @@ class CI_Input {
// This is effectively the same as register_globals = off
foreach (array($_GET, $_POST, $_COOKIE) as $global)
{
- if ( ! is_array($global))
- {
- if ( ! in_array($global, $protected))
- {
- global $$global;
- $$global = NULL;
- }
- }
- else
+ if (is_array($global))
{
foreach ($global as $key => $val)
{
@@ -457,10 +455,15 @@ class CI_Input {
}
}
}
+ elseif ( ! in_array($global, $protected))
+ {
+ global $$global;
+ $$global = NULL;
+ }
}
// Is $_GET data allowed? If not we'll set the $_GET to an empty array
- if ($this->_allow_get_array == FALSE)
+ if ($this->_allow_get_array === FALSE)
{
$_GET = array();
}
@@ -503,7 +506,7 @@ class CI_Input {
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
// CSRF Protection check
- if ($this->_enable_csrf == TRUE)
+ if ($this->_enable_csrf === TRUE)
{
$this->security->csrf_verify();
}
@@ -560,7 +563,7 @@ class CI_Input {
}
// Standardize newlines if needed
- if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE)
+ if ($this->_standardize_newlines === TRUE && strpos($str, "\r") !== FALSE)
{
return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str);
}
@@ -605,7 +608,7 @@ class CI_Input {
* In Apache, you can simply call apache_request_headers(), however for
* people running other webservers the function is undefined.
*
- * @param bool XSS cleaning
+ * @param bool XSS cleaning
* @return array
*/
public function request_headers($xss_clean = FALSE)
@@ -660,7 +663,7 @@ class CI_Input {
if ( ! isset($this->headers[$index]))
{
- return FALSE;
+ return NULL;
}
return ($xss_clean === TRUE)