diff options
author | Greg Aker <greg.aker@ellislab.com> | 2010-04-15 02:06:19 +0200 |
---|---|---|
committer | Greg Aker <greg.aker@ellislab.com> | 2010-04-15 02:06:19 +0200 |
commit | 757dda61aa0556aca8172dc2a8175596afe28ce2 (patch) | |
tree | 825d49d42328cdcf46642c1df71233d6879975c1 /system/core/Common.php | |
parent | b4ae79daccd0823fd86bda446046c933164ffb01 (diff) |
Fixing a bug where odbc/mssql/oci8 db drivers would encounter a PHP error due to a function being moved from the input to security class.
Moving remove_invisible_characters() to Common.php so the entire class does not need to be instantiated in those database drivers.
Diffstat (limited to 'system/core/Common.php')
-rw-r--r-- | system/core/Common.php | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 6e2f72509..9dee591e6 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -479,6 +479,43 @@ $_error->log_exception($severity, $message, $filepath, $line); } + // -------------------------------------------------------------------- + + /** + * Remove Invisible Characters + * + * This prevents sandwiching null characters + * between ascii characters, like Java\0script. + * + * @access public + * @param string + * @return string + */ + function remove_invisible_characters($str) + { + static $non_displayables; + + if ( ! isset($non_displayables)) + { + // every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09), + $non_displayables = array( + '/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15 + '/%1[0-9a-f]/', // url encoded 16-31 + '/[\x00-\x08]/', // 00-08 + '/\x0b/', '/\x0c/', // 11, 12 + '/[\x0e-\x1f]/' // 14-31 + ); + } + + do + { + $cleaned = $str; + $str = preg_replace($non_displayables, '', $str); + } + while ($cleaned != $str); + + return $str; + } /* End of file Common.php */ |