summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/CodeIgniter.php7
-rw-r--r--system/core/Input.php16
-rw-r--r--system/core/Security.php (renamed from system/libraries/Security.php)0
-rw-r--r--system/core/Utf8.php2
4 files changed, 15 insertions, 10 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 39a4d7ffd..7f4595e68 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -197,6 +197,13 @@
}
/*
+ * -----------------------------------------------------
+ * Load the security class for xss and csrf support
+ * -----------------------------------------------------
+ */
+ $SEC =& load_class('Security', 'core');
+
+/*
* ------------------------------------------------------
* Load the Input class and sanitize globals
* ------------------------------------------------------
diff --git a/system/core/Input.php b/system/core/Input.php
index 18131350f..dc7612e64 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -53,11 +53,8 @@ class CI_Input {
$this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
$this->_enable_csrf = (config_item('csrf_protection') === TRUE);
- // Do we need to load the security class?
- if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE)
- {
- $this->security =& load_class('Security');
- }
+ global $SEC;
+ $this->security =& $SEC;
// Do we need the UTF-8 class?
if (UTF8_ENABLED === TRUE)
@@ -92,8 +89,7 @@ class CI_Input {
if ($xss_clean === TRUE)
{
- $_security =& load_class('Security');
- return $_security->xss_clean($array[$index]);
+ return $this->security->xss_clean($array[$index]);
}
return $array[$index];
@@ -527,6 +523,9 @@ class CI_Input {
{
$str = $this->uni->clean_string($str);
}
+
+ // Remove control characters
+ $str = remove_invisible_characters($str);
// Should we filter the input data?
if ($this->_enable_xss === TRUE)
@@ -642,8 +641,7 @@ class CI_Input {
if ($xss_clean === TRUE)
{
- $_security =& load_class('Security');
- return $_security->xss_clean($this->headers[$index]);
+ return $this->security->xss_clean($this->headers[$index]);
}
return $this->headers[$index];
diff --git a/system/libraries/Security.php b/system/core/Security.php
index ceef9779c..ceef9779c 100644
--- a/system/libraries/Security.php
+++ b/system/core/Security.php
diff --git a/system/core/Utf8.php b/system/core/Utf8.php
index 5d5a7ef72..2a27d1f35 100644
--- a/system/core/Utf8.php
+++ b/system/core/Utf8.php
@@ -107,7 +107,7 @@ class CI_Utf8 {
*/
function safe_ascii_for_xml($str)
{
- return preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S', '', $str);
+ return remove_invisible_characters($str, FALSE);
}
// --------------------------------------------------------------------