+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: over-sanitizing ("% 10" disappears from $_POST) (/showthread.php?tid=52752)
over-sanitizing ("% 10" disappears from $_POST) - El Forum - 06-25-2012
[eluser]Unknown[/eluser]
I sent string "% 10" via POST form, but it disappears from $_POST so I couldn't send string like "number % 10".
<b>Edited: 「% 10」string disappears from this post, so I added a space after "%"
</b>I added an attribute to remove_invisible_characters function call in /system/core/Input.php:528 and fixed this problem.
Code:
// Trunk
$str = remove_invisible_characters($str);Code:
// Fixed
$str = remove_invisible_characters($str, FALSE);Is it over-sanitizing or not?
FYC, I attached definition of function remove_invisible_characters in /system/core/Common.php.
Code:
function remove_invisible_characters($str, $url_encoded = TRUE)
{
$non_displayables = array();
// every control character except newline (dec 10)
// carriage return (dec 13), and horizontal tab (dec 09)
if ($url_encoded)
{
$non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15
$non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31
}
...over-sanitizing ("% 10" disappears from $_POST) - El Forum - 06-25-2012
[eluser]Unknown[/eluser]
Sorry, I found that Pull-Request about this problem has already posted to github.
https://github.com/EllisLab/CodeIgniter/pull/1229