unset $Version, $Path, and $Domain cookie keys, to prevent Disallowed Key Characters from halting app execution on environments which improperly set these as keys

commit: 98e2532e5bd31dc8ec7c88e60b463436157ca011 [log] [tgz]
author: Derek Jones <derek.jones@ellislab.com> Tue Oct 07 02:03:16 2008 +0000
committer: Derek Jones <derek.jones@ellislab.com> Tue Oct 07 02:03:16 2008 +0000
tree: 36de9204d495eec087b1f4ad67c932b07cde9314
parent: 920b422881cd983c1e519852741ac324933437c2 [diff] [blame]
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 853b06d..f840c43 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php

@@ -140,6 +140,14 @@
 		$_POST = $this->_clean_input_data($_POST);

 		

 		// Clean $_COOKIE Data

+		// Also get rid of specially treated cookies that might be set by a server

+		// or silly application, that are of no use to a CI application anyway

+		// but that when present will trip our 'Disallowed Key Characters' alarm

+		// http://www.ietf.org/rfc/rfc2109.txt

+		// note that the key names below are single quoted strings, and are not PHP variables

+		unset($_COOKIE['$Version']);

+		unset($_COOKIE['$Path']);

+		unset($_COOKIE['$Domain'])

 		$_COOKIE = $this->_clean_input_data($_COOKIE);

 

 		log_message('debug', "Global POST and COOKIE data sanitized");
commit	98e2532e5bd31dc8ec7c88e60b463436157ca011	[log] [tgz]
author	Derek Jones <derek.jones@ellislab.com>	Tue Oct 07 02:03:16 2008 +0000
committer	Derek Jones <derek.jones@ellislab.com>	Tue Oct 07 02:03:16 2008 +0000
tree	36de9204d495eec087b1f4ad67c932b07cde9314
parent	920b422881cd983c1e519852741ac324933437c2 [diff] [blame]