summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/Security.php13
-rw-r--r--system/helpers/security_helper.php3
-rw-r--r--system/libraries/Form_validation.php2
-rw-r--r--user_guide_src/source/changelog.rst5
4 files changed, 20 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 4593a1090..227217e75 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -561,6 +561,19 @@ class CI_Security {
// ----------------------------------------------------------------
/**
+ * Strip Image Tags
+ *
+ * @param string
+ * @return string
+ */
+ public function strip_image_tags($str)
+ {
+ return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ }
+
+ // ----------------------------------------------------------------
+
+ /**
* Compact Exploded Words
*
* Callback function for xss_clean() to remove whitespace from
diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php
index 7968f9e9f..0e8e9f93d 100644
--- a/system/helpers/security_helper.php
+++ b/system/helpers/security_helper.php
@@ -108,7 +108,8 @@ if ( ! function_exists('strip_image_tags'))
*/
function strip_image_tags($str)
{
- return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ $CI =& get_instance();
+ return $CI->security->strip_image_tags($str);
}
}
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 484e306b9..0d9c65f6f 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1360,7 +1360,7 @@ class CI_Form_validation {
*/
public function strip_image_tags($str)
{
- return $this->CI->input->strip_image_tags($str);
+ return $this->CI->security->strip_image_tags($str);
}
// --------------------------------------------------------------------
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 28e2f94bb..27381b49a 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -70,7 +70,8 @@ Release Date: Not Released
- ``set_realpath()`` can now also handle file paths as opposed to just directories.
- Added an optional paramater to ``delete_files()`` to enable it to skip deleting files such as .htaccess and index.html.
- ``read_file()`` is now a deprecated alias of ``file_get_contents()``.
- - :doc:`Date Helper <helpers/date_helper>` Added optional fourth parameter to ``timezone_menu()`` that allows more attributes to be added to the generated select tag
+ - Added an optional parameter to :doc:`Date Helper <helpers/date_helper>` function ``timezone_menu()`` that allows more attributes to be added to the generated select tag.
+ - :doc:`Security Helper <helpers/security_helper>` function ``strip_image_tags()`` is now an alias for the same method in the :doc:`Security Library <libraries/security>`.
- Database
@@ -190,6 +191,7 @@ Release Date: Not Released
- $config['time_reference'] now supports all timezone strings supported by PHP.
- Added support for HTTP code 303 ("See Other") in set_status_header().
- Changed :doc:`Config Library <libraries/config>` method site_url() to accept an array as well.
+ - Added method ``strip_image_tags()`` to the :doc:`Security Library <libraries/security>`.
Bug fixes for 3.0
------------------
@@ -294,6 +296,7 @@ Bug fixes for 3.0
- Fixed a bug where :doc:`URL Helper <helpers/url_helper>` function anchor_popup() ignored the attributes argument if it is not an array.
- Fixed a bug (#1328) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly check the type of the form fields before processing them.
- Fixed a bug (#79) - :doc:`Form Validation Library <libraries/form_validation>` didn't properly validate array fields that use associative keys or have custom indexes.
+- Fixed a bug (#427) - :doc:`Form Validation Library <libraries/form_validation>` method ``strip_image_tags()`` was an alias to a non-existent method.
Version 2.1.1
=============