• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
system/Input.php escape filter Globel Variable key is there any problem?

#1
[eluser]Shiro[/eluser]
I'm using CI 1.72
Input.php

From the line 130
Code:
// Is $_GET data allowed? If not we'll set the $_GET to an empty array
        if ($this->allow_get_array == FALSE)
        {
            $_GET = array();
        }
        else
        {
            $_GET = $this->_clean_input_data($_GET);
        }

CI run the function _clean_input_data, after that

Code:
function _clean_input_data($str)
    {
        if (is_array($str))
        {
            $new_array = array();
            foreach ($str as $key => $val)
            {
                $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
            }
            return $new_array;
        }

I would like to ask, if I do not filter the key,
I change to
Code:
$new_array[$key] = $this->_clean_input_data($val);

will there any security issue or hacking problem?
I only escape $_GET.

Please share your opinion


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.