Hi,
yesterday i've done some test on the CI input class, (CI version 3.1.3), and i've noticed that the superglobal arrays keys are filtered by regexp for $_COOKIE, $_POST and $_GET.
The problem is, the if: (($cookie_key = $this->_clean_input_keys($key)) !== FALSE), (row 642, core/input.php), that unset from the superglobal array if not allowed chars are found in the key, is present only for $_COOKIE keys, $_POST and $_GET keys are not veryfied on rows: 613 & 622.
I had test for $_POST and $_GET inserting disallowed chars inside they keys, and those chars are not filtered at all.
Is that a bug or a devolpment choice?
Second question,
why filter by regexp the keys of superglobal array? Is not better to filter values of the superglobal instead?
Thank you,
bye.
yesterday i've done some test on the CI input class, (CI version 3.1.3), and i've noticed that the superglobal arrays keys are filtered by regexp for $_COOKIE, $_POST and $_GET.
The problem is, the if: (($cookie_key = $this->_clean_input_keys($key)) !== FALSE), (row 642, core/input.php), that unset from the superglobal array if not allowed chars are found in the key, is present only for $_COOKIE keys, $_POST and $_GET keys are not veryfied on rows: 613 & 622.
I had test for $_POST and $_GET inserting disallowed chars inside they keys, and those chars are not filtered at all.
Is that a bug or a devolpment choice?
Second question,
why filter by regexp the keys of superglobal array? Is not better to filter values of the superglobal instead?
Thank you,
bye.