summaryrefslogtreecommitdiffstats
path: root/system/libraries/Input.php
diff options
context:
space:
mode:
authorpaulburdick <devnull@localhost>2007-06-28 01:25:55 +0200
committerpaulburdick <devnull@localhost>2007-06-28 01:25:55 +0200
commit763064b8661f92953497d6ca094d687e9078903f (patch)
treec97101242d07b7de6d4995d38ccfd87217ca7802 /system/libraries/Input.php
parent3541313e896794514b7d44a5f0aab1e47b340ef7 (diff)
*Added filename_security() method to Input library
*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.
Diffstat (limited to 'system/libraries/Input.php')
-rw-r--r--system/libraries/Input.php50
1 files changed, 50 insertions, 0 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 9a73ab9b9..337eeff30 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -445,6 +445,56 @@ class CI_Input {
// --------------------------------------------------------------------
/**
+ * Filename Security
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+ function filename_security($str)
+ {
+ $bad = array(
+ "../",
+ "./",
+ "<!--",
+ "-->",
+ "<",
+ ">",
+ "'",
+ '"',
+ '&',
+ '$',
+ '#',
+ '{',
+ '}',
+ '[',
+ ']',
+ '=',
+ ';',
+ '?',
+ '/',
+ "%20",
+ "%22",
+ "%3c", // <
+ "%253c", // <
+ "%3e", // >
+ "%0e", // >
+ "%28", // (
+ "%29", // )
+ "%2528", // (
+ "%26", // &
+ "%24", // $
+ "%3f", // ?
+ "%3b", // ;
+ "%3d" // =
+ );
+
+ return stripslashes(str_replace($bad, '', $str));
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* XSS Clean
*
* Sanitizes data so that Cross Site Scripting Hacks can be