summaryrefslogtreecommitdiffstats
path: root/system/libraries/Input.php
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2008-05-30 22:00:11 +0200
committerDerek Jones <derek.jones@ellislab.com>2008-05-30 22:00:11 +0200
commit9f23e7c24c9786bbe576ca6df3dc362581216bef (patch)
tree308d519829eb267e62f8ba279d52c9630ad30086 /system/libraries/Input.php
parentbd4400988922b2560975a80498404d7ecd000c0b (diff)
moved word compacting to a callback for clarity, added a few js event handlers for removal
Diffstat (limited to 'system/libraries/Input.php')
-rw-r--r--system/libraries/Input.php23
1 files changed, 20 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index cac05c71d..5f066cc5e 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -715,10 +715,10 @@ class CI_Input {
{
$temp .= substr($word, $i, 1)."\s*";
}
-
+
// We only want to do this when it is followed by a non-word character
// That way valid stuff like "dealer to" does not become "dealerto"
- $str = preg_replace('#('.substr($temp, 0, -3).')(\W)#ise', "preg_replace('/\s+/s', '', '\\1').'\\2'", $str);
+ $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str);
}
/*
@@ -757,7 +757,7 @@ class CI_Input {
* but it's unlikely to be a problem.
*
*/
- $event_handlers = array('onblur','onchange','onclick','onended','onerror','onfocus','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmouseover','onmouseup','onresize','onselect','onsubmit','onunload','xmlns');
+ $event_handlers = array('onblur','onchange','onclick','ondblclick','onended','onerror','onfocus','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmousemove','onmouseover','onmouseout','onmouseup','onresize','onselect','onsubmit','onunload','xmlns');
if ($is_image === TRUE)
{
@@ -875,6 +875,23 @@ class CI_Input {
// --------------------------------------------------------------------
/**
+ * Compact Exploded Words
+ *
+ * Callback function for xss_clean() to remove whitespace from
+ * things like j a v a s c r i p t
+ *
+ * @access public
+ * @param type
+ * @return type
+ */
+ function _compact_exploded_words($matches)
+ {
+ return preg_replace('/\s+/s', '', $matches[1]).$matches[2];
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Sanitize Naughty HTML
*
* Callback function for xss_clean() to remove naughty HTML elements