[eluser]Shiro[/eluser]
I'm using CI 1.72
Input.php
From the line 130
Code:
// Is $_GET data allowed? If not we'll set the $_GET to an empty array
if ($this->allow_get_array == FALSE)
{
$_GET = array();
}
else
{
$_GET = $this->_clean_input_data($_GET);
}
CI run the function _clean_input_data, after that
Code:
function _clean_input_data($str)
{
if (is_array($str))
{
$new_array = array();
foreach ($str as $key => $val)
{
$new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
}
return $new_array;
}
I would like to ask, if I do not filter the key,
I change to
Code:
$new_array[$key] = $this->_clean_input_data($val);
will there any security issue or hacking problem?
I only escape $_GET.
Please share your opinion