diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-06-26 23:52:47 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-06-26 23:52:47 +0200 |
commit | 1a24a9da3cfbacf8802ffd0b79f5494d30278007 (patch) | |
tree | 4162c6176a54085aa9d9f63417707975e611937d /system | |
parent | ffe7938b8d6dfdbdac8a34008dbbb15d31de6080 (diff) |
Fix issue #427
Diffstat (limited to 'system')
-rw-r--r-- | system/core/Security.php | 13 | ||||
-rw-r--r-- | system/helpers/security_helper.php | 3 | ||||
-rw-r--r-- | system/libraries/Form_validation.php | 2 |
3 files changed, 16 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 4593a1090..227217e75 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -561,6 +561,19 @@ class CI_Security { // ---------------------------------------------------------------- /** + * Strip Image Tags + * + * @param string + * @return string + */ + public function strip_image_tags($str) + { + return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + } + + // ---------------------------------------------------------------- + + /** * Compact Exploded Words * * Callback function for xss_clean() to remove whitespace from diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 7968f9e9f..0e8e9f93d 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -108,7 +108,8 @@ if ( ! function_exists('strip_image_tags')) */ function strip_image_tags($str) { - return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + $CI =& get_instance(); + return $CI->security->strip_image_tags($str); } } diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 484e306b9..0d9c65f6f 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1360,7 +1360,7 @@ class CI_Form_validation { */ public function strip_image_tags($str) { - return $this->CI->input->strip_image_tags($str); + return $this->CI->security->strip_image_tags($str); } // -------------------------------------------------------------------- |