diff options
| -rw-r--r-- | system/libraries/Input.php | 24 |
1 files changed, 3 insertions, 21 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index c86a3cec0..ec06101e6 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -801,30 +801,12 @@ class CI_Input { * something got through the above filters
*
*/
- $bad = array(
- 'document.cookie' => '[removed]',
- 'document.write' => '[removed]',
- '.parentNode' => '[removed]',
- '.innerHTML' => '[removed]',
- 'window.location' => '[removed]',
- '-moz-binding' => '[removed]',
- '<!--' => '<!--',
- '-->' => '-->',
- '<![CDATA[' => '<![CDATA['
- );
-
- foreach ($bad as $key => $val)
+ foreach ($this->never_allowed_str as $key => $val)
{
$str = str_replace($key, $val, $str);
}
-
- $bad = array(
- "javascript\s*:" => '[removed]',
- "expression\s*\(" => '[removed]', // CSS and IE
- "Redirect\s+302" => '[removed]'
- );
-
- foreach ($bad as $key => $val)
+
+ foreach ($this->never_allowed_regex as $key => $val)
{
$str = preg_replace("#".$key."#i", $val, $str);
}
|