diff options
| author | Andrey Andreev <narf@bofh.bg> | 2013-01-29 14:38:33 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@bofh.bg> | 2013-01-29 14:38:33 +0100 |
| commit | 7e5597782a589e4171ca08abdd9ce1a185542ff4 (patch) | |
| tree | de46d9995631d11c83197a266c46116e6e1343c4 /system/core/Security.php | |
| parent | d911fccb3198ffb0629d9956115ae08244ce3e66 (diff) | |
Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename()
Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73.
Diffstat (limited to 'system/core/Security.php')
| -rw-r--r-- | system/core/Security.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index a6cd14a5f..7aae54efc 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -576,7 +576,15 @@ class CI_Security { } $str = remove_invisible_characters($str, FALSE); - return stripslashes(str_replace($bad, '', $str)); + + do + { + $old = $str; + $str = str_replace($bad, '', $str); + } + while ($old !== $str); + + return stripslashes($str); } // ---------------------------------------------------------------- |