Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename()

Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73.

1 files changed, 2 insertions, 48 deletions

diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 1f0bd6a6e..814ea68a4 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -463,7 +463,8 @@ class CI_Upload {
 		}
 
 		// Sanitize the file name for security
-		$this->file_name = $this->clean_file_name($this->file_name);
+		$CI =& get_instance();
+		$this->file_name = $CI->security->sanitize_filename($this->file_name);
 
 		// Truncate the file name if it's too long
 		if ($this->max_filename > 0)
@@ -971,53 +972,6 @@ class CI_Upload {
 	// --------------------------------------------------------------------
 
 	/**
-	 * Clean the file name for security
-	 *
-	 * @param	string	$filename
-	 * @return	string
-	 */
-	public function clean_file_name($filename)
-	{
-		$bad = array(
-				'<!--', '-->',
-				"'", '"',
-				'<', '>',
-				'&', '$',
-				'=',
-				';',
-				'?',
-				'/',
-				'!',
-				'#',
-				'%20',
-				'%22',
-				'%3c',		// <
-				'%253c',	// <
-				'%3e',		// >
-				'%0e',		// >
-				'%28',		// (
-				'%29',		// )
-				'%2528',	// (
-				'%26',		// &
-				'%24',		// $
-				'%3f',		// ?
-				'%3b',		// ;
-				'%3d'		// =
-			);
-
-		do
-		{
-			$old_filename = $filename;
-			$filename = str_replace($bad, '', $filename);
-		}
-		while ($old_filename !== $filename);
-
-		return stripslashes($filename);
-	}
-
-	// --------------------------------------------------------------------
-
-	/**
 	 * Limit the File Name Length
 	 *
 	 * @param	string	$filename