diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-05-30 22:00:11 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-05-30 22:00:11 +0200 |
commit | 9f23e7c24c9786bbe576ca6df3dc362581216bef (patch) | |
tree | 308d519829eb267e62f8ba279d52c9630ad30086 /system/libraries | |
parent | bd4400988922b2560975a80498404d7ecd000c0b (diff) |
moved word compacting to a callback for clarity, added a few js event handlers for removal
Diffstat (limited to 'system/libraries')
-rw-r--r-- | system/libraries/Input.php | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index cac05c71d..5f066cc5e 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -715,10 +715,10 @@ class CI_Input { {
$temp .= substr($word, $i, 1)."\s*";
}
-
+
// We only want to do this when it is followed by a non-word character
// That way valid stuff like "dealer to" does not become "dealerto"
- $str = preg_replace('#('.substr($temp, 0, -3).')(\W)#ise', "preg_replace('/\s+/s', '', '\\1').'\\2'", $str);
+ $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str);
}
/*
@@ -757,7 +757,7 @@ class CI_Input { * but it's unlikely to be a problem.
*
*/
- $event_handlers = array('onblur','onchange','onclick','onended','onerror','onfocus','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmouseover','onmouseup','onresize','onselect','onsubmit','onunload','xmlns');
+ $event_handlers = array('onblur','onchange','onclick','ondblclick','onended','onerror','onfocus','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmousemove','onmouseover','onmouseout','onmouseup','onresize','onselect','onsubmit','onunload','xmlns');
if ($is_image === TRUE)
{
@@ -875,6 +875,23 @@ class CI_Input { // --------------------------------------------------------------------
/**
+ * Compact Exploded Words
+ *
+ * Callback function for xss_clean() to remove whitespace from
+ * things like j a v a s c r i p t
+ *
+ * @access public
+ * @param type
+ * @return type
+ */
+ function _compact_exploded_words($matches)
+ {
+ return preg_replace('/\s+/s', '', $matches[1]).$matches[2];
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Sanitize Naughty HTML
*
* Callback function for xss_clean() to remove naughty HTML elements
|