[eluser]Giacomo[/eluser]
In the new CI version I noticed a modify to "escape_str" in mysql driver. The problem right now that this modify is not compatible to back, cause the strings are escaped twice (the first time from "magic_quotes_gpc" directive and second time from "escape_str" function).
I thought about this modify for "post", "get" and "cookie" function of "Input" library:
Code:
function post($index = '', $xss_clean = FALSE)
{
if ( ! isset($_POST[$index]))
{
return FALSE;
}
if ($xss_clean === TRUE)
{
if (is_array($_POST[$index]))
{
foreach($_POST[$index] as $key => $val)
{
$_POST[$index][$key] = $this->xss_clean($val);
}
}
else
{
return $this->xss_clean($_POST[$index]);
}
}
//MODIFY
if (get_magic_quotes_gpc())
return stripslashes($_POST[$index]);
else
return $_POST[$index];
}
What do you think?