summaryrefslogtreecommitdiffstats
path: root/system/core/Input.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/core/Input.php')
-rw-r--r--system/core/Input.php40
1 files changed, 19 insertions, 21 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index 626245390..89eda56b0 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -36,7 +36,7 @@ class CI_Input {
var $_enable_csrf = FALSE; // Set automatically based on config setting
protected $headers = array();
-
+
/**
* Constructor
@@ -53,11 +53,8 @@ class CI_Input {
$this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
$this->_enable_csrf = (config_item('csrf_protection') === TRUE);
- // Do we need to load the security class?
- if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE)
- {
- $this->security =& load_class('Security');
- }
+ global $SEC;
+ $this->security =& $SEC;
// Do we need the UTF-8 class?
if (UTF8_ENABLED === TRUE)
@@ -92,8 +89,7 @@ class CI_Input {
if ($xss_clean === TRUE)
{
- $_security =& load_class('Security');
- return $_security->xss_clean($array[$index]);
+ return $this->security->xss_clean($array[$index]);
}
return $array[$index];
@@ -151,7 +147,7 @@ class CI_Input {
}
return $post;
}
-
+
return $this->_fetch_from_array($_POST, $index, $xss_clean);
}
@@ -205,7 +201,7 @@ class CI_Input {
* @param mixed
* @param string the value of the cookie
* @param string the number of seconds until expiration
- * @param string the cookie domain. Usually: .yourdomain.com
+ * @param string the cookie domain. Usually: .yourdomain.com
* @param string the cookie path
* @param string the cookie prefix
* @param bool true makes the cookie secure
@@ -406,9 +402,9 @@ class CI_Input {
function _sanitize_globals()
{
// It would be "wrong" to unset any of these GLOBALS.
- $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST',
+ $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST',
'_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
- 'system_folder', 'application_folder', 'BM', 'EXT',
+ 'system_folder', 'application_folder', 'BM', 'EXT',
'CFG', 'URI', 'RTR', 'OUT', 'IN');
// Unset globals for securiy.
@@ -528,6 +524,9 @@ class CI_Input {
$str = $this->uni->clean_string($str);
}
+ // Remove control characters
+ $str = remove_invisible_characters($str);
+
// Should we filter the input data?
if ($this->_enable_xss === TRUE)
{
@@ -539,7 +538,7 @@ class CI_Input {
{
if (strpos($str, "\r") !== FALSE)
{
- $str = str_replace(array("\r\n", "\r"), PHP_EOL, $str);
+ $str = str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str);
}
}
@@ -580,7 +579,7 @@ class CI_Input {
/**
* Request Headers
*
- * In Apache, you can simply call apache_request_headers(), however for
+ * In Apache, you can simply call apache_request_headers(), however for
* people running other webservers the function is undefined.
*
* @return array
@@ -610,10 +609,10 @@ class CI_Input {
{
$key = str_replace('_', ' ', strtolower($key));
$key = str_replace(' ', '-', ucwords($key));
-
+
$this->headers[$key] = $val;
}
-
+
return $this->headers;
}
@@ -634,7 +633,7 @@ class CI_Input {
{
$this->request_headers();
}
-
+
if ( ! isset($this->headers[$index]))
{
return FALSE;
@@ -642,11 +641,10 @@ class CI_Input {
if ($xss_clean === TRUE)
{
- $_security =& load_class('Security');
- return $_security->xss_clean($this->headers[$index]);
+ return $this->security->xss_clean($this->headers[$index]);
}
- return $this->headers[$index];
+ return $this->headers[$index];
}
// --------------------------------------------------------------------