summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvlakoff <vlakoff@gmail.com>2012-07-02 15:20:11 +0200
committervlakoff <vlakoff@gmail.com>2012-07-02 15:20:11 +0200
commita81f60c6bf59a4ce8b9fc8ccdea9bc7a0fbeb16d (patch)
tree933879c892c3b749201407db94fa569d13478e58
parentfac3761c6a01a12457c61cd4e3b17dba5ee26bf7 (diff)
Clean up regexes in Security->xss_clean()
Removed some unneeded capturing groups (or made them non-capturing) and some unneeded escape characters
-rw-r--r--system/core/Security.php14
1 files changed, 7 insertions, 7 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 227217e75..b22d2cf19 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -395,20 +395,20 @@ class CI_Security {
if (preg_match('/<a/i', $str))
{
- $str = preg_replace_callback('#<a\s+([^>]*?)(>|$)#si', array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback('#<a\s+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
}
if (preg_match('/<img/i', $str))
{
- $str = preg_replace_callback('#<img\s+([^>]*?)(\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback('#<img\s+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
}
- if (preg_match('/(script|xss)/i', $str))
+ if (preg_match('/script|xss/i', $str))
{
- $str = preg_replace('#<(/*)(script|xss)(.*?)\>#si', '[removed]', $str);
+ $str = preg_replace('#</*(?:script|xss).*?>#si', '[removed]', $str);
}
}
- while($original !== $str);
+ while ($original !== $str);
unset($original);
@@ -683,7 +683,7 @@ class CI_Security {
protected function _js_link_removal($match)
{
return str_replace($match[1],
- preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
+ preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),
@@ -706,7 +706,7 @@ class CI_Security {
protected function _js_img_removal($match)
{
return str_replace($match[1],
- preg_replace('#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+ preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),