diff options
author | tianhe1986 <w1s2j3229@163.com> | 2016-07-22 19:02:01 +0200 |
---|---|---|
committer | tianhe1986 <w1s2j3229@163.com> | 2016-07-22 19:02:01 +0200 |
commit | 5afba5a8c444d608712174665288aa10237e8b27 (patch) | |
tree | 331aff3747dede23ce8a2a1a30703b71565abb65 | |
parent | f461143b3336b78263ce473e283d0c67d9f7c111 (diff) |
Replace url_encoded invisible characters case-insensitively.
Signed-off-by: tianhe1986 <w1s2j3229@163.com>
-rw-r--r-- | system/core/Common.php | 4 | ||||
-rw-r--r-- | tests/codeigniter/core/Common_test.php | 12 |
2 files changed, 14 insertions, 2 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index b87ce4d62..e0d011db7 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -716,8 +716,8 @@ if ( ! function_exists('remove_invisible_characters')) // carriage return (dec 13) and horizontal tab (dec 09) if ($url_encoded) { - $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15 - $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31 + $non_displayables[] = '/%0[0-8bcef]/i'; // url encoded 00-08, 11, 12, 14, 15 + $non_displayables[] = '/%1[0-9a-f]/i'; // url encoded 16-31 } $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127 diff --git a/tests/codeigniter/core/Common_test.php b/tests/codeigniter/core/Common_test.php index 81a185eaf..ca19e5de0 100644 --- a/tests/codeigniter/core/Common_test.php +++ b/tests/codeigniter/core/Common_test.php @@ -54,4 +54,16 @@ class Common_test extends CI_TestCase { ); } + // ------------------------------------------------------------------------ + + public function test_remove_invisible_characters() + { + $raw_string = 'Here is a string containing invisible'.chr(0x08).' text %0e.'; + $removed_string = 'Here is a string containing invisible text %0e.'; + $this->assertEquals($removed_string, remove_invisible_characters($raw_string, FALSE)); + + $raw_string = 'Here is a string %0econtaining url_encoded invisible%1F text.'; + $removed_string = 'Here is a string containing url_encoded invisible text.'; + $this->assertEquals($removed_string, remove_invisible_characters($raw_string)); + } }
\ No newline at end of file |