summaryrefslogtreecommitdiffstats
path: root/system/core/Common.php
diff options
context:
space:
mode:
authorGreg Aker <greg.aker@ellislab.com>2010-04-15 02:06:19 +0200
committerGreg Aker <greg.aker@ellislab.com>2010-04-15 02:06:19 +0200
commit757dda61aa0556aca8172dc2a8175596afe28ce2 (patch)
tree825d49d42328cdcf46642c1df71233d6879975c1 /system/core/Common.php
parentb4ae79daccd0823fd86bda446046c933164ffb01 (diff)
Fixing a bug where odbc/mssql/oci8 db drivers would encounter a PHP error due to a function being moved from the input to security class.
Moving remove_invisible_characters() to Common.php so the entire class does not need to be instantiated in those database drivers.
Diffstat (limited to 'system/core/Common.php')
-rw-r--r--system/core/Common.php37
1 files changed, 37 insertions, 0 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index 6e2f72509..9dee591e6 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -479,6 +479,43 @@
$_error->log_exception($severity, $message, $filepath, $line);
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Remove Invisible Characters
+ *
+ * This prevents sandwiching null characters
+ * between ascii characters, like Java\0script.
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+ function remove_invisible_characters($str)
+ {
+ static $non_displayables;
+
+ if ( ! isset($non_displayables))
+ {
+ // every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09),
+ $non_displayables = array(
+ '/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
+ '/%1[0-9a-f]/', // url encoded 16-31
+ '/[\x00-\x08]/', // 00-08
+ '/\x0b/', '/\x0c/', // 11, 12
+ '/[\x0e-\x1f]/' // 14-31
+ );
+ }
+
+ do
+ {
+ $cleaned = $str;
+ $str = preg_replace($non_displayables, '', $str);
+ }
+ while ($cleaned != $str);
+
+ return $str;
+ }
/* End of file Common.php */