summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-07-02 15:58:37 +0200
committerAndrey Andreev <narf@bofh.bg>2012-07-02 15:58:37 +0200
commit0692a1eb0893f98a7a848e81385087ec8acd8f97 (patch)
tree07fbbe9f0a2b66b29d69afd2cd99f76db1f35de6
parent5211c094c930d69d52539591b306c293c99689ad (diff)
parenta81f60c6bf59a4ce8b9fc8ccdea9bc7a0fbeb16d (diff)
Merge pull request #1560 from vlakoff/regex
Clean up regexes in Security->xss_clean()
-rw-r--r--system/core/Security.php14
1 files changed, 7 insertions, 7 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 227217e75..b22d2cf19 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -395,20 +395,20 @@ class CI_Security {
if (preg_match('/<a/i', $str))
{
- $str = preg_replace_callback('#<a\s+([^>]*?)(>|$)#si', array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback('#<a\s+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
}
if (preg_match('/<img/i', $str))
{
- $str = preg_replace_callback('#<img\s+([^>]*?)(\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback('#<img\s+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
}
- if (preg_match('/(script|xss)/i', $str))
+ if (preg_match('/script|xss/i', $str))
{
- $str = preg_replace('#<(/*)(script|xss)(.*?)\>#si', '[removed]', $str);
+ $str = preg_replace('#</*(?:script|xss).*?>#si', '[removed]', $str);
}
}
- while($original !== $str);
+ while ($original !== $str);
unset($original);
@@ -683,7 +683,7 @@ class CI_Security {
protected function _js_link_removal($match)
{
return str_replace($match[1],
- preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
+ preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),
@@ -706,7 +706,7 @@ class CI_Security {
protected function _js_img_removal($match)
{
return str_replace($match[1],
- preg_replace('#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+ preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),