diff options
| author | Andrey Andreev <narf@bofh.bg> | 2012-07-05 15:31:12 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@bofh.bg> | 2012-07-05 15:31:12 +0200 |
| commit | 92d18a7b6c46eadc9db58ca60ffce3980e2313ff (patch) | |
| tree | b0a869a5312279d65c3e920ffbf0b32344ab1d0f /system/core/Security.php | |
| parent | d66872ae5d7cd4d2b531251a9c63528e81af3322 (diff) | |
| parent | 7ca36131d881d3f83a86d824263d4abd65439e12 (diff) | |
Merge upstream branch
Diffstat (limited to 'system/core/Security.php')
| -rw-r--r-- | system/core/Security.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 227217e75..b22d2cf19 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -395,20 +395,20 @@ class CI_Security { if (preg_match('/<a/i', $str)) { - $str = preg_replace_callback('#<a\s+([^>]*?)(>|$)#si', array($this, '_js_link_removal'), $str); + $str = preg_replace_callback('#<a\s+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); } if (preg_match('/<img/i', $str)) { - $str = preg_replace_callback('#<img\s+([^>]*?)(\s?/?>|$)#si', array($this, '_js_img_removal'), $str); + $str = preg_replace_callback('#<img\s+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str); } - if (preg_match('/(script|xss)/i', $str)) + if (preg_match('/script|xss/i', $str)) { - $str = preg_replace('#<(/*)(script|xss)(.*?)\>#si', '[removed]', $str); + $str = preg_replace('#</*(?:script|xss).*?>#si', '[removed]', $str); } } - while($original !== $str); + while ($original !== $str); unset($original); @@ -683,7 +683,7 @@ class CI_Security { protected function _js_link_removal($match) { return str_replace($match[1], - preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', + preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), @@ -706,7 +706,7 @@ class CI_Security { protected function _js_img_removal($match) { return str_replace($match[1], - preg_replace('#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', + preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), |