diff options
| author | Greg Aker <greg.aker@ellislab.com> | 2010-04-15 02:06:19 +0200 |
|---|---|---|
| committer | Greg Aker <greg.aker@ellislab.com> | 2010-04-15 02:06:19 +0200 |
| commit | 757dda61aa0556aca8172dc2a8175596afe28ce2 (patch) | |
| tree | 825d49d42328cdcf46642c1df71233d6879975c1 /system/libraries | |
| parent | b4ae79daccd0823fd86bda446046c933164ffb01 (diff) | |
Fixing a bug where odbc/mssql/oci8 db drivers would encounter a PHP error due to a function being moved from the input to security class.
Moving remove_invisible_characters() to Common.php so the entire class does not need to be instantiated in those database drivers.
Diffstat (limited to 'system/libraries')
| -rw-r--r-- | system/libraries/Security.php | 42 |
1 files changed, 2 insertions, 40 deletions
diff --git a/system/libraries/Security.php b/system/libraries/Security.php index 60adf0a27..cdae50168 100644 --- a/system/libraries/Security.php +++ b/system/libraries/Security.php @@ -198,7 +198,7 @@ class CI_Security { /* * Remove Invisible Characters */ - $str = $this->_remove_invisible_characters($str); + $str = remove_invisible_characters($str); /* * Protect GET variables in URLs @@ -258,7 +258,7 @@ class CI_Security { /* * Remove Invisible Characters Again! */ - $str = $this->_remove_invisible_characters($str); + $str = remove_invisible_characters($str); /* * Convert all tabs to spaces @@ -481,44 +481,6 @@ class CI_Security { // -------------------------------------------------------------------- /** - * Remove Invisible Characters - * - * This prevents sandwiching null characters - * between ascii characters, like Java\0script. - * - * @access public - * @param string - * @return string - */ - function _remove_invisible_characters($str) - { - static $non_displayables; - - if ( ! isset($non_displayables)) - { - // every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09), - $non_displayables = array( - '/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15 - '/%1[0-9a-f]/', // url encoded 16-31 - '/[\x00-\x08]/', // 00-08 - '/\x0b/', '/\x0c/', // 11, 12 - '/[\x0e-\x1f]/' // 14-31 - ); - } - - do - { - $cleaned = $str; - $str = preg_replace($non_displayables, '', $str); - } - while ($cleaned != $str); - - return $str; - } - - // -------------------------------------------------------------------- - - /** * Compact Exploded Words * * Callback function for xss_clean() to remove whitespace from |