summaryrefslogtreecommitdiffstats
path: root/system/libraries
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2008-05-12 20:07:08 +0200
committerDerek Jones <derek.jones@ellislab.com>2008-05-12 20:07:08 +0200
commit53437de1f94dd4c0ab270f0c6d2309344d323d9e (patch)
treefc4086b69bfbb42e7da03082a327f7a533db0954 /system/libraries
parenta632589001aa9ec769f9a80871097ce3a09b74d1 (diff)
Added protection in xss_clean() for GET variables in URLs
http://codeigniter.com/bug_tracker/bug/4167/
Diffstat (limited to 'system/libraries')
-rw-r--r--system/libraries/Input.php58
1 files changed, 55 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index ee7e9ad31..9b012d320 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -28,6 +28,7 @@
*/
class CI_Input {
var $use_xss_clean = FALSE;
+ var $xss_hash = '';
var $ip_address = FALSE;
var $user_agent = FALSE;
var $allow_get_array = FALSE;
@@ -530,7 +531,21 @@ class CI_Input {
* @return string
*/
function xss_clean($str)
- {
+ {
+ /*
+ * Is the string an array?
+ *
+ */
+ if (is_array($str))
+ {
+ while (list($key) = each($str))
+ {
+ $str[$key] = $this->xss_clean($str[$key]);
+ }
+
+ return $str;
+ }
+
/*
* Remove Null Characters
*
@@ -542,6 +557,14 @@ class CI_Input {
$str = preg_replace('/(\\\\0)+/', '', $str);
/*
+ * Protect GET variables in URLs
+ */
+
+ // 901119URL5918AMP18930PROTECT8198
+
+ $str = preg_replace('|\&([a-z\_0-9]+)\=([a-z\_0-9]+)|i', $this->xss_hash()."\\1=\\2", $str);
+
+ /*
* Validate standard character entities
*
* Add a semicolon if missing. We do this to enable
@@ -559,6 +582,12 @@ class CI_Input {
$str = preg_replace('#(&\#x?)([0-9A-F]+);?#i',"\\1\\2;",$str);
/*
+ * Un-Protect GET variables in URLs
+ */
+
+ $str = str_replace($this->xss_hash(), '&', $str);
+
+ /*
* URL Decode
*
* Just in case stuff like this is submitted:
@@ -797,6 +826,29 @@ class CI_Input {
// --------------------------------------------------------------------
/**
+ * Random Hash for protecting URLs
+ *
+ * @access public
+ * @return string
+ */
+ function xss_hash()
+ {
+ if ($this->xss_hash == '')
+ {
+ if (phpversion() >= 4.2)
+ mt_srand();
+ else
+ mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
+
+ $this->xss_hash = md5(time() + mt_rand(0, 1999999999));
+ }
+
+ return $this->xss_hash;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* JS Link Removal
*
* Callback function for xss_clean() to sanitize links
@@ -923,6 +975,6 @@ class CI_Input {
}
// END Input class
-
-/* End of file Input.php */
+
+/* End of file Input.php */
/* Location: ./system/libraries/Input.php */ \ No newline at end of file