[eluser]Unknown[/eluser]
I sent string "% 10" via POST form, but it disappears from $_POST so I couldn't send string like "number % 10".
<b>Edited: 「% 10」string disappears from this post, so I added a space after "%"
</b>
I added an attribute to remove_invisible_characters function call in /system/core/Input.php:528 and fixed this problem.
Code:
// Trunk
$str = remove_invisible_characters($str);
Code:
// Fixed
$str = remove_invisible_characters($str, FALSE);
Is it over-sanitizing or not?
FYC, I attached definition of function
remove_invisible_characters in
/system/core/Common.php.
Code:
function remove_invisible_characters($str, $url_encoded = TRUE)
{
$non_displayables = array();
// every control character except newline (dec 10)
// carriage return (dec 13), and horizontal tab (dec 09)
if ($url_encoded)
{
$non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15
$non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31
}
...