From 98e2532e5bd31dc8ec7c88e60b463436157ca011 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Tue, 7 Oct 2008 02:03:16 +0000
Subject: unset $Version, $Path, and $Domain cookie keys, to prevent Disallowed
 Key Characters from halting app execution on environments which improperly
 set these as keys

---
 system/libraries/Input.php | 8 ++++++++
 user_guide/changelog.html  | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 853b06d7a..f840c433c 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -140,6 +140,14 @@ class CI_Input {
 		$_POST = $this->_clean_input_data($_POST);
 		
 		// Clean $_COOKIE Data
+		// Also get rid of specially treated cookies that might be set by a server
+		// or silly application, that are of no use to a CI application anyway
+		// but that when present will trip our 'Disallowed Key Characters' alarm
+		// http://www.ietf.org/rfc/rfc2109.txt
+		// note that the key names below are single quoted strings, and are not PHP variables
+		unset($_COOKIE['$Version']);
+		unset($_COOKIE['$Path']);
+		unset($_COOKIE['$Domain'])
 		$_COOKIE = $this->_clean_input_data($_COOKIE);
 
 		log_message('debug', "Global POST and COOKIE data sanitized");
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index a822b6c4b..6595807b5 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -103,6 +103,8 @@ SVN Revision: XXXX</p>
 			<li>Modified Pagination library to only output the "First" link when the link for page one would not be shown.</li>
 			<li>Added a file lock check during caching, before trying to write to the file.</li>
 			<li>Added driver name variable in each DB driver, based on this bug report: #4436</li>
+			<li>Modified Cookie key cleaning to unset a few troublesome key names that can be present in certain environments,
+				preventing CI from halting execution.</li>
 		</ul>
 	</li>
 </ul>
-- 
cgit v1.2.3-24-g4f1b