summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2013-08-04 12:28:18 +0200
committerAndrey Andreev <narf@devilix.net>2013-08-04 12:28:18 +0200
commit4201aba8afefedf1b2f13d4f2402b77f6fe4d493 (patch)
tree6af7eeb78fdef0681d8215d44124c79e0395f8a8 /system/core/Security.php
parentc958eebea2525133bcef9fe47a5dfab9e23128dd (diff)
parent4495cc740c1c0e382cc62d3d174abd17c0b4d84f (diff)
Merge pull request #2575 from wmh/filename_rule
Add windows filename rule as an option for upload files
Diffstat (limited to 'system/core/Security.php')
-rw-r--r--system/core/Security.php43
1 files changed, 25 insertions, 18 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 196d61144..70cf3e013 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -38,6 +38,30 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class CI_Security {
/**
+ * List of sanitize filename strings
+ *
+ * @var array
+ */
+ public $filename_bad_chars = array(
+ '../', '<!--', '-->', '<', '>',
+ "'", '"', '&', '$', '#',
+ '{', '}', '[', ']', '=',
+ ';', '?', '%20', '%22',
+ '%3c', // <
+ '%253c', // <
+ '%3e', // >
+ '%0e', // >
+ '%28', // (
+ '%29', // )
+ '%2528', // (
+ '%26', // &
+ '%24', // $
+ '%3f', // ?
+ '%3b', // ;
+ '%3d' // =
+ );
+
+ /**
* XSS Hash
*
* Random Hash for protecting URLs.
@@ -549,24 +573,7 @@ class CI_Security {
*/
public function sanitize_filename($str, $relative_path = FALSE)
{
- $bad = array(
- '../', '<!--', '-->', '<', '>',
- "'", '"', '&', '$', '#',
- '{', '}', '[', ']', '=',
- ';', '?', '%20', '%22',
- '%3c', // <
- '%253c', // <
- '%3e', // >
- '%0e', // >
- '%28', // (
- '%29', // )
- '%2528', // (
- '%26', // &
- '%24', // $
- '%3f', // ?
- '%3b', // ;
- '%3d' // =
- );
+ $bad = $this->filename_bad_chars;
if ( ! $relative_path)
{