summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-01-24 23:26:37 +0100
committerAndrey Andreev <narf@devilix.net>2014-01-24 23:26:37 +0100
commitc35327fd05b3f06916afe4a5b5fbedc9648a2e08 (patch)
treedff94f4319a60132691ed0181c32d294e473f2b2 /system
parent44930554e0a47027b136abf2904825cab53f965f (diff)
parent2b284f9b171ba0e0886db15772a6a62e9155f74f (diff)
Merge branch 'develop' into feature/user-guide-cleanup
Diffstat (limited to 'system')
-rw-r--r--system/core/Common.php1
-rw-r--r--system/core/Security.php8
2 files changed, 6 insertions, 3 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index 00e303098..cfc63c2aa 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -76,6 +76,7 @@ if ( ! function_exists('is_really_writable'))
* the file, based on the read-only attribute. is_writable() is also unreliable
* on Unix servers if safe_mode is on.
*
+ * @link https://bugs.php.net/bug.php?id=54709
* @param string
* @return void
*/
diff --git a/system/core/Security.php b/system/core/Security.php
index d6356f869..49e5ab411 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -69,7 +69,9 @@ class CI_Security {
public $html5_entities = array(
'&colon;' => ':',
'&lpar;' => '(',
- '&rpar;' => ')'
+ '&rpar;' => ')',
+ '&newline;' => "\n",
+ '&tab;' => "\t"
);
/**
@@ -467,7 +469,7 @@ class CI_Security {
* So this: <blink>
* Becomes: &lt;blink&gt;
*/
- $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+ $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|video|svg|xml|xss';
$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
/*
@@ -660,7 +662,7 @@ class CI_Security {
protected function _remove_evil_attributes($str, $is_image)
{
// Formaction, style, and xmlns
- $evil_attributes = array('style', 'xmlns', 'formaction');
+ $evil_attributes = array('style', 'xmlns', 'formaction', 'form', 'xlink:href');
if ($is_image === TRUE)
{