Hi,
yesterday i've done some test on the CI input class, (CI version 3.1.3), and i've noticed that the superglobal arrays keys are filtered by regexp for $_COOKIE, $_POST and $_GET.
The problem is, the if: (($cookie_key = $this->_clean_input_keys($key)) !== FALSE), (row 642, core/input.php), that unset from the superglobal array if not allowed chars are found in the key, is present only for $_COOKIE keys, $_POST and $_GET keys are not veryfied on rows: 613 & 622.
I had test for $_POST and $_GET inserting disallowed chars inside they keys, and those chars are not filtered at all.
Is that a bug or a devolpment choice?
Second question,
why filter by regexp the keys of superglobal array? Is not better to filter values of the superglobal instead?
Thank you,
bye.