diff options
author | paulburdick <devnull@localhost> | 2007-06-28 01:25:55 +0200 |
---|---|---|
committer | paulburdick <devnull@localhost> | 2007-06-28 01:25:55 +0200 |
commit | 763064b8661f92953497d6ca094d687e9078903f (patch) | |
tree | c97101242d07b7de6d4995d38ccfd87217ca7802 /system/libraries | |
parent | 3541313e896794514b7d44a5f0aab1e47b340ef7 (diff) |
*Added filename_security() method to Input library
*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.
Diffstat (limited to 'system/libraries')
-rw-r--r-- | system/libraries/Input.php | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 9a73ab9b9..337eeff30 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -445,6 +445,56 @@ class CI_Input { // --------------------------------------------------------------------
/**
+ * Filename Security
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+ function filename_security($str)
+ {
+ $bad = array(
+ "../",
+ "./",
+ "<!--",
+ "-->",
+ "<",
+ ">",
+ "'",
+ '"',
+ '&',
+ '$',
+ '#',
+ '{',
+ '}',
+ '[',
+ ']',
+ '=',
+ ';',
+ '?',
+ '/',
+ "%20",
+ "%22",
+ "%3c", // <
+ "%253c", // <
+ "%3e", // >
+ "%0e", // >
+ "%28", // (
+ "%29", // )
+ "%2528", // (
+ "%26", // &
+ "%24", // $
+ "%3f", // ?
+ "%3b", // ;
+ "%3d" // =
+ );
+
+ return stripslashes(str_replace($bad, '', $str));
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* XSS Clean
*
* Sanitizes data so that Cross Site Scripting Hacks can be
|