summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Silvis <remko@hotels.nl>2018-03-05 10:45:03 +0100
committerRemko Silvis <remko@hotels.nl>2018-03-05 10:45:03 +0100
commit1a8aa70474fbd18758401c4bdd354c1a43756ccc (patch)
tree6db9eef998d0fb7934a8b55f70222c667b74e75d
parent8ef6526651c4900308255c2cda0f7278223ea387 (diff)
Added parenthesis check around "document" elements and fixed non-existent document.window filter to window.document
-rw-r--r--system/core/Security.php8
1 files changed, 5 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index b8f76e5e2..506b4c7e8 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -134,7 +134,9 @@ class CI_Security {
*/
protected $_never_allowed_str = array(
'document.cookie' => '[removed]',
+ '(document).cookie' => '[removed]',
'document.write' => '[removed]',
+ '(document).write' => '[removed]',
'.parentNode' => '[removed]',
'.innerHTML' => '[removed]',
'-moz-binding' => '[removed]',
@@ -152,7 +154,7 @@ class CI_Security {
*/
protected $_never_allowed_regex = array(
'javascript\s*:',
- '(document|(document\.)?window)\.(location|on\w*)',
+ '(\(?document\)?|\(?window\)?(\.document)?)\.(location|on\w*)',
'expression\s*(\(|&\#40;)', // CSS and IE
'vbscript\s*:', // IE, surprise!
'wscript\s*:', // IE
@@ -905,7 +907,7 @@ class CI_Security {
return str_replace(
$match[1],
preg_replace(
- '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si',
+ '#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|\(?document\)?\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si',
'',
$this->_filter_attributes($match[1])
),
@@ -933,7 +935,7 @@ class CI_Security {
return str_replace(
$match[1],
preg_replace(
- '#src=.*?(?:(?:alert|prompt|confirm|eval)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+ '#src=.*?(?:(?:alert|prompt|confirm|eval)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|\(?document\)?\.|\.cookie|<script|<xss|base64\s*,)#si',
'',
$this->_filter_attributes($match[1])
),