summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2008-06-25 18:12:35 +0200
committerDerek Jones <derek.jones@ellislab.com>2008-06-25 18:12:35 +0200
commitfc18b009de9b1f7c1e70ded6cb69aa94b985d09a (patch)
tree38e3a40443fb22eedb66e52d616677e30224030f /system
parent7aae905cdfcc2113b7855585441d640cf665581f (diff)
added a bit of leeway for images to avoid the more common false-positives that using xss_clean() on image files might trigger
Diffstat (limited to 'system')
-rw-r--r--system/libraries/Input.php13
1 files changed, 11 insertions, 2 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 783446aec..04b373e41 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -631,8 +631,17 @@ class CI_Input {
* But it doesn't seem to pose a problem.
*
*/
- $str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
-
+ if ($is_image === TRUE)
+ {
+ // Images have a tendency to have the PHP short opening and closing tags every so often
+ // so we skip those and only do the long opening tags.
+ $str = str_replace(array('<?php', '<?PHP'), array('&lt;?php', '&lt;?PHP'), $str);
+ }
+ else
+ {
+ $str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
+ }
+
/*
* Compact any exploded words
*