From bb2041dc4e5a121de9321fbf87846b7358d59d39 Mon Sep 17 00:00:00 2001
From: Rick Ellis <rick.ellis@ellislab.com>
Date: Sat, 9 Jun 2007 00:16:13 +0000
Subject:

---
 system/database/drivers/mysql/mysql_driver.php   |  5 -----
 system/database/drivers/mysqli/mysqli_driver.php |  5 -----
 system/libraries/Input.php                       | 17 ++++++++++-------
 3 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 367c2d11f..50f4ecfbf 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -222,11 +222,6 @@ class CI_DB_mysql_driver extends CI_DB {
 	 */
 	function escape_str($str)	
 	{	
-		if (get_magic_quotes_gpc())
-		{
-			return $str;
-		}
-
 		if (function_exists('mysql_real_escape_string'))
 		{
 			return mysql_real_escape_string($str, $this->conn_id);
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 98e7f6c76..9cfc68ea6 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -225,11 +225,6 @@ class CI_DB_mysqli_driver extends CI_DB {
 	 */
 	function escape_str($str)	
 	{	
-		if (get_magic_quotes_gpc())
-		{
-			return $str;
-		}
-
 		return mysqli_real_escape_string($this->conn_id, $str);
 	}
 		
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 63a6833d6..f113cff71 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -68,7 +68,8 @@ class CI_Input {
 	 */
 	function _sanitize_globals()
 	{
-		// Unset globals. This is effectively the same as register_globals = off
+		// Unset globals for securiy. 
+		// This is effectively the same as register_globals = off
 		foreach (array($_GET, $_POST, $_COOKIE) as $global)
 		{
 			if ( ! is_array($global))
@@ -147,6 +148,13 @@ class CI_Input {
 			return $new_array;
 		}
 		
+		// We strip slashes if magic quotes is on to keep things consistent
+		if (get_magic_quotes_gpc())
+		{
+			$str = stripslashes($str);
+		}
+		
+		// Should we filter the input data?
 		if ($this->use_xss_clean === TRUE)
 		{
 			$str = $this->xss_clean($str);
@@ -175,12 +183,7 @@ class CI_Input {
 		 {
 			exit('Disallowed Key Characters.');
 		 }
-	
-		if ( ! get_magic_quotes_gpc())
-		{
-		   return addslashes($str);
-		}
-		
+
 		return $str;
 	}
 
-- 
cgit v1.2.3-24-g4f1b