From 8e37b8560c75d3994e59f401be977dcf386bb210 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 14 Dec 2016 13:13:05 +0200 Subject: Remove 'allow_get_array', 'standardize_newlines' config settings --- application/config/config.php | 28 ---------------------- system/core/Input.php | 23 +----------------- user_guide_src/source/changelog.rst | 2 ++ user_guide_src/source/installation/upgrade_320.rst | 7 ++++-- user_guide_src/source/libraries/input.rst | 4 ---- 5 files changed, 8 insertions(+), 56 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index c088e80c0..535f0f817 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -191,20 +191,6 @@ $config['controller_trigger'] = 'c'; $config['function_trigger'] = 'm'; $config['directory_trigger'] = 'd'; -/* -|-------------------------------------------------------------------------- -| Allow $_GET array -|-------------------------------------------------------------------------- -| -| By default CodeIgniter enables access to the $_GET array. If for some -| reason you would like to disable it, set 'allow_get_array' to FALSE. -| -| WARNING: This feature is DEPRECATED and currently available only -| for backwards compatibility purposes! -| -*/ -$config['allow_get_array'] = TRUE; - /* |-------------------------------------------------------------------------- | Error Logging Threshold @@ -410,20 +396,6 @@ $config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; -/* -|-------------------------------------------------------------------------- -| Standardize newlines -|-------------------------------------------------------------------------- -| -| Determines whether to standardize newline characters in input data, -| meaning to replace \r\n, \r, \n occurrences with the PHP_EOL value. -| -| WARNING: This feature is DEPRECATED and currently available only -| for backwards compatibility purposes! -| -*/ -$config['standardize_newlines'] = FALSE; - /* |-------------------------------------------------------------------------- | Global XSS Filtering diff --git a/system/core/Input.php b/system/core/Input.php index ec57cd448..a6be7b517 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -57,15 +57,6 @@ class CI_Input { */ protected $ip_address = FALSE; - /** - * Allow GET array flag - * - * If set to FALSE, then $_GET will be set to an empty array. - * - * @var bool - */ - protected $_allow_get_array = TRUE; - /** * Enable XSS flag * @@ -128,7 +119,6 @@ class CI_Input { */ public function __construct() { - $this->_allow_get_array = (config_item('allow_get_array') === TRUE); $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); $this->_enable_csrf = (config_item('csrf_protection') === TRUE); @@ -149,13 +139,6 @@ class CI_Input { $this->security->csrf_verify(); } - if ( ! empty($_POST) && config_item('standardize_newlines') === TRUE) - { - array_walk_recursive($_POST, function(&$value) { - $value = preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $value); - }); - } - log_message('info', 'Input Class Initialized'); } @@ -598,11 +581,7 @@ class CI_Input { protected function _sanitize_globals() { // Is $_GET data allowed? If not we'll set the $_GET to an empty array - if ($this->_allow_get_array === FALSE) - { - $_GET = array(); - } - elseif (is_array($_GET)) + if (is_array($_GET)) { foreach ($_GET as $key => $val) { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 7e2d4a9ca..a0f91a148 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -10,6 +10,8 @@ Release Date: Not Released - Core - Changed :doc:`URI Library ` to ignore the ``$config['url_suffix']``, ``$config['permitted_uri_chars']`` configuration settings for CLI requests. + - Removed previously deprecated ``$config['allow_get_array']``. + - Removed previously deprecated ``$config['standardize_newlines']``. - Removed previously deprecated :doc:`Input Library ` method ``is_cli_request()`` (use :php:func:`is_cli()` instead). - Removed previously deprecated :doc:`Routing Class ` methods ``fetch_directory()``, ``fetch_class()`` and ``fetch_method()`` (use the respective class properties instead). - Removed previously deprecated :doc:`Config Library ` method ``system_url()`` (encourages insecure practices). diff --git a/user_guide_src/source/installation/upgrade_320.rst b/user_guide_src/source/installation/upgrade_320.rst index b587470f2..6501f40db 100644 --- a/user_guide_src/source/installation/upgrade_320.rst +++ b/user_guide_src/source/installation/upgrade_320.rst @@ -128,8 +128,11 @@ HTML 5 formatting. Step 7: Remove usage of previously deprecated functionalities ============================================================= -The following is a list of functionalities deprecated in CodeIgniter -version 3.0.x, that have been removed in 3.2.0: +The following is a list of functionalities deprecated in previous +CodeIgniter versions that have been removed in 3.2.0: + +- ``$config['allow_get_array']`` (use ``$_GET = array();`` instead) +- ``$config['standardize_newlines']`` - ``CI_Input::is_cli_request()`` (use :php:func:`is_cli()` instead) - ``CI_Router::fetch_directory()`` (use ``CI_Router::$directory`` instead) diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 899070ef4..8b816a567 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -28,16 +28,12 @@ The security filtering method is called automatically when a new :doc:`controller <../general/controllers>` is invoked. It does the following: -- If ``$config['allow_get_array']`` is FALSE (default is TRUE), destroys - the global GET array. - Destroys all global variables in the event register_globals is turned on. - Filters the GET/POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters. - Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request. -- Standardizes newline characters to ``PHP_EOL`` (\\n in UNIX-based OSes, - \\r\\n under Windows). This is configurable. XSS Filtering ============= -- cgit v1.2.3-24-g4f1b