summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2009-02-04 21:37:40 +0100
committerDerek Jones <derek.jones@ellislab.com>2009-02-04 21:37:40 +0100
commit9959fedc755786c34cb5a671443701e8f2885617 (patch)
tree94381278a3c27394bb0b8a508fb3c0d9327e72ab
parent2976adee7ca940cf1cfeb40d2f5e1beb608548a6 (diff)
improvements to xss_clean()
-rw-r--r--system/libraries/Input.php11
-rw-r--r--user_guide/changelog.html1
2 files changed, 7 insertions, 5 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 347aac3ac..e879e2d13 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -47,9 +47,10 @@ class CI_Input {
);
/* never allowed, regex replacement */
var $never_allowed_regex = array(
- "javascript\s*:" => '[removed]',
- "expression\s*\(" => '[removed]', // CSS and IE
- "Redirect\s+302" => '[removed]'
+ "javascript\s*:" => '[removed]',
+ "expression\s*(\(|&\#40;)" => '[removed]', // CSS and IE
+ "vbscript\s*:" => '[removed]', // IE, surprise!
+ "Redirect\s+302" => '[removed]'
);
/**
@@ -946,7 +947,7 @@ class CI_Input {
*/
function _convert_attribute($match)
{
- return str_replace(array('>', '<'), array('&gt;', '&lt;'), $match[0]);
+ return str_replace(array('>', '<', '\\'), array('&gt;', '&lt;', '\\\\'), $match[0]);
}
// --------------------------------------------------------------------
@@ -1043,7 +1044,7 @@ class CI_Input {
{
foreach ($matches[0] as $match)
{
- $out .= "{$match}";
+ $out .= preg_replace("#/\*.*?\*/#s", '', $match);
}
}
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 6c32f5071..43059397b 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -88,6 +88,7 @@ SVN Revision: </p>
</li>
<li>Other Changes
<ul>
+ <li>Improved security in <kbd>xss_clean()</kbd>.</li>
<li>Added 'application/msexcel' to config/mimes.php for .xls files.</li>
</ul>
</li>