From 8816aaab7ac21d4e3ccd1eedd86462bc94aff2c1 Mon Sep 17 00:00:00 2001
From: paulburdick <devnull@localhost>
Date: Wed, 27 Jun 2007 23:07:36 +0000
Subject:

---
 system/libraries/Input.php | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index f9d23ae79..9a73ab9b9 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -68,21 +68,30 @@ class CI_Input {
 	 */
 	function _sanitize_globals()
 	{
+		// Would kind of be "wrong" to unset any of these GLOBALS.
+		$protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA');
+		
 		// Unset globals for securiy. 
 		// This is effectively the same as register_globals = off
 		foreach (array($_GET, $_POST, $_COOKIE) as $global)
 		{
 			if ( ! is_array($global))
 			{
-				global $global;
-				$$global = NULL;
+				if ( ! in_array($global, $protected))
+				{
+					global $global;
+					$$global = NULL;
+				}
 			}
 			else
 			{
 				foreach ($global as $key => $val)
 				{
-					global $$key;
-					$$key = NULL;
+					if ( ! in_array($key, $protected))
+					{
+						global $$key;
+						$$key = NULL;
+					}
 				}	
 			}
 		}
-- 
cgit v1.2.3-24-g4f1b