From 7c60b12da3260cb3046f3f500431a1b7a5fb766d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 8 Feb 2014 18:47:19 +0200 Subject: CI_Input tweaks - Make get_post(), post_get() and server()'s parameter mandatory. - Change default value of parameter to NULL for cookie(), input_stream() and _fetch_from_array() (for consistency with get(), post()). - Delegate Array-vs-single and parameter detection to _fetch_from_array() to overall simplify the code. --- system/core/Input.php | 85 ++++++++++++--------------------------------------- 1 file changed, 20 insertions(+), 65 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index ccb70daec..35ce5f12f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -152,8 +152,20 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - protected function _fetch_from_array(&$array, $index = '', $xss_clean = NULL) + protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL) { + // If $index is NULL, it means that the whole $array is requested + if ($index === NULL) + { + $output = array(); + foreach (array_keys($array) as $key) + { + $output[$key] = $this->_fetch_from_array($array, $key, $xss_clean); + } + + return $output; + } + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; if (isset($array[$index])) @@ -202,26 +214,6 @@ class CI_Input { */ public function get($index = NULL, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - - // Check if a field has been provided - if ($index === NULL) - { - if (empty($_GET)) - { - return array(); - } - - $get = array(); - - // loop through the full _GET array - foreach (array_keys($_GET) as $key) - { - $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean); - } - return $get; - } - return $this->_fetch_from_array($_GET, $index, $xss_clean); } @@ -236,26 +228,6 @@ class CI_Input { */ public function post($index = NULL, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - - // Check if a field has been provided - if ($index === NULL) - { - if (empty($_POST)) - { - return array(); - } - - $post = array(); - - // Loop through the full _POST array and return it - foreach (array_keys($_POST) as $key) - { - $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean); - } - return $post; - } - return $this->_fetch_from_array($_POST, $index, $xss_clean); } @@ -268,10 +240,8 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function post_get($index = '', $xss_clean = NULL) + public function post_get($index, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return isset($_POST[$index]) ? $this->post($index, $xss_clean) : $this->get($index, $xss_clean); @@ -286,10 +256,8 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function get_post($index = '', $xss_clean = NULL) + public function get_post($index, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return isset($_GET[$index]) ? $this->get($index, $xss_clean) : $this->post($index, $xss_clean); @@ -304,10 +272,8 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function cookie($index = '', $xss_clean = NULL) + public function cookie($index = NULL, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -320,10 +286,8 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function server($index = '', $xss_clean = NULL) + public function server($index, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -338,23 +302,14 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function input_stream($index = '', $xss_clean = NULL) + public function input_stream($index = NULL, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - // The input stream can only be read once, so we'll need to check // if we have already done that first. - if (is_array($this->_input_stream)) - { - return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); - } - - // Parse the input stream in our cache var - parse_str(file_get_contents('php://input'), $this->_input_stream); if ( ! is_array($this->_input_stream)) { - $this->_input_stream = array(); - return NULL; + parse_str(file_get_contents('php://input'), $this->_input_stream); + is_array($this->_input_stream) OR $this->_input_stream = array(); } return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); -- cgit v1.2.3-24-g4f1b From e4e1091d42e854e96706c153c71410301b3c3047 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 8 Feb 2014 19:58:48 +0200 Subject: Deprecate CI_Config::system_url() --- system/core/Config.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core') diff --git a/system/core/Config.php b/system/core/Config.php index a0e830abe..93c950e2e 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -332,6 +332,7 @@ class CI_Config { /** * System URL * + * @deprecated 3.0.0 Encourages insecure practices * @return string */ public function system_url() -- cgit v1.2.3-24-g4f1b