diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-06-25 18:12:35 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-06-25 18:12:35 +0200 |
commit | fc18b009de9b1f7c1e70ded6cb69aa94b985d09a (patch) | |
tree | 38e3a40443fb22eedb66e52d616677e30224030f /system/libraries/Input.php | |
parent | 7aae905cdfcc2113b7855585441d640cf665581f (diff) |
added a bit of leeway for images to avoid the more common false-positives that using xss_clean() on image files might trigger
Diffstat (limited to 'system/libraries/Input.php')
-rw-r--r-- | system/libraries/Input.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 783446aec..04b373e41 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -631,8 +631,17 @@ class CI_Input { * But it doesn't seem to pose a problem.
*
*/
- $str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'), array('<?php', '<?PHP', '<?', '?>'), $str);
-
+ if ($is_image === TRUE)
+ {
+ // Images have a tendency to have the PHP short opening and closing tags every so often
+ // so we skip those and only do the long opening tags.
+ $str = str_replace(array('<?php', '<?PHP'), array('<?php', '<?PHP'), $str);
+ }
+ else
+ {
+ $str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'), array('<?php', '<?PHP', '<?', '?>'), $str);
+ }
+
/*
* Compact any exploded words
*
|