diff options
| -rw-r--r-- | system/helpers/security_helper.php | 14 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 3 |
2 files changed, 7 insertions, 10 deletions
diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 16dfb0de3..2f3df7834 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Security Helpers * @@ -42,7 +40,6 @@ /** * XSS Filtering * - * @access public * @param string * @param bool whether or not the content is an image file * @return string @@ -61,7 +58,6 @@ if ( ! function_exists('xss_clean')) /** * Sanitize Filename * - * @access public * @param string * @return string */ @@ -79,7 +75,6 @@ if ( ! function_exists('sanitize_filename')) /** * Hash encode a string * - * @access public * @param string * @return string */ @@ -87,6 +82,11 @@ if ( ! function_exists('do_hash')) { function do_hash($str, $type = 'sha1') { + if ( ! in_array($type, hash_algos())) + { + $type = 'md5'; + } + return hash($type, $str); } } @@ -96,7 +96,6 @@ if ( ! function_exists('do_hash')) /** * Strip Image Tags * - * @access public * @param string * @return string */ @@ -104,7 +103,7 @@ if ( ! function_exists('strip_image_tags')) { function strip_image_tags($str) { - return preg_replace(array("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "#<img\s+.*?src\s*=\s*(.+?).*?\>#"), "\\1", $str); + return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); } } @@ -113,7 +112,6 @@ if ( ! function_exists('strip_image_tags')) /** * Convert PHP tags to entities * - * @access public * @param string * @return string */ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 1c709d4d5..5dcf54dd9 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -35,8 +35,6 @@ Release Date: Not Released - Removed previously deprecated SHA1 Library. - Removed previously deprecated use of ``$autoload['core']`` in application/config/autoload.php. Only entries in ``$autoload['libraries']`` are auto-loaded now. - - Added support for HttpOnly cookies with new config option ``cookie_httponly`` (Off by default). - This affects session and CSRF cookies, as well as the behavior of set_cookie() in the Input library and cookie helper. - Helpers @@ -111,6 +109,7 @@ Release Date: Not Released - $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available. - Added method() to CI_Input to retrieve $_SERVER['REQUEST_METHOD']. - Modified valid_ip() to use PHP's filter_var() in the :doc:`Input Library <libraries/input>`. + - Added support for HTTP-Only cookies with new config option ``cookie_httponly`` (default FALSE). Bug fixes for 3.0 ------------------ |