Make the bad filename array public in Security library

1 files changed, 38 insertions, 18 deletions

diff --git a/system/core/Security.php b/system/core/Security.php
index 196d61144..3d04d5e12 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -38,6 +38,30 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 class CI_Security {
 
 	/**
+	 * List of sanitize filename strings
+	 *
+	 * @var	array
+	 */
+	public $sanitize_filename_str =	array(
+		'../', '<!--', '-->', '<', '>',
+		"'", '"', '&', '$', '#',
+		'{', '}', '[', ']', '=',
+		';', '?', '%20', '%22',
+		'%3c',		// <
+		'%253c',	// <
+		'%3e',		// >
+		'%0e',		// >
+		'%28',		// (
+		'%29',		// )
+		'%2528',	// (
+		'%26',		// &
+		'%24',		// $
+		'%3f',		// ?
+		'%3b',		// ;
+		'%3d'		// =
+	);
+
+	/**
 	 * XSS Hash
 	 *
 	 * Random Hash for protecting URLs.
@@ -541,6 +565,19 @@ class CI_Security {
 	// --------------------------------------------------------------------
 
 	/**
+	 * Set Sanitize Filename Strings
+	 *
+	 * @param	array	$strings
+	 * @return	void
+	 */
+	public function set_sanitize_filename_str($strings)
+	{
+		$this->sanitize_filename_str = $strings;
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
 	 * Sanitize Filename
 	 *
 	 * @param	string	$str		Input file name
@@ -549,24 +586,7 @@ class CI_Security {
 	 */
 	public function sanitize_filename($str, $relative_path = FALSE)
 	{
-		$bad = array(
-			'../', '<!--', '-->', '<', '>',
-			"'", '"', '&', '$', '#',
-			'{', '}', '[', ']', '=',
-			';', '?', '%20', '%22',
-			'%3c',		// <
-			'%253c',	// <
-			'%3e',		// >
-			'%0e',		// >
-			'%28',		// (
-			'%29',		// )
-			'%2528',	// (
-			'%26',		// &
-			'%24',		// $
-			'%3f',		// ?
-			'%3b',		// ;
-			'%3d'		// =
-		);
+		$bad = $this->sanitize_filename_str;
 
 		if ( ! $relative_path)
 		{