summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/Security.php51
-rw-r--r--system/libraries/Upload.php12
2 files changed, 21 insertions, 42 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index cd1cb1ab4..196d61144 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -115,36 +115,6 @@ class CI_Security {
);
/**
- * List of bad chars for sanitize filename
- *
- * @var array
- */
- private $_filename_bad_str_rules = array(
- 'default' => array(
- '../', '<!--', '-->', '<', '>',
- "'", '"', '&', '$', '#',
- '{', '}', '[', ']', '=',
- ';', '?', '%20', '%22',
- '%3c', // <
- '%253c', // <
- '%3e', // >
- '%0e', // >
- '%28', // (
- '%29', // )
- '%2528', // (
- '%26', // &
- '%24', // $
- '%3f', // ?
- '%3b', // ;
- '%3d' // =
- ),
- 'windows' => array(
- '\\', '/', ':', '*', '?',
- '"', '<', '>', '|',
- ),
- );
-
- /**
* Class constructor
*
* @return void
@@ -577,9 +547,26 @@ class CI_Security {
* @param bool $relative_path Whether to preserve paths
* @return string
*/
- public function sanitize_filename($str, $relative_path = FALSE, $rule = 'default')
+ public function sanitize_filename($str, $relative_path = FALSE)
{
- $bad = $this->_filename_bad_str_rules[$rule];
+ $bad = array(
+ '../', '<!--', '-->', '<', '>',
+ "'", '"', '&', '$', '#',
+ '{', '}', '[', ']', '=',
+ ';', '?', '%20', '%22',
+ '%3c', // <
+ '%253c', // <
+ '%3e', // >
+ '%0e', // >
+ '%28', // (
+ '%29', // )
+ '%2528', // (
+ '%26', // &
+ '%24', // $
+ '%3f', // ?
+ '%3b', // ;
+ '%3d' // =
+ );
if ( ! $relative_path)
{
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 62eca6fdb..85428044d 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -143,13 +143,6 @@ class CI_Upload {
public $file_ext_tolower = FALSE;
/**
- * Filename Rule
- *
- * @var string
- */
- public $filename_rule = 'default';
-
- /**
* Upload path
*
* @var string
@@ -322,8 +315,7 @@ class CI_Upload {
'detect_mime' => TRUE,
'xss_clean' => FALSE,
'temp_prefix' => 'temp_file_',
- 'client_name' => '',
- 'filename_rule' => 'default',
+ 'client_name' => ''
);
foreach ($defaults as $key => $val)
@@ -480,7 +472,7 @@ class CI_Upload {
// Sanitize the file name for security
$CI =& get_instance();
- $this->file_name = $CI->security->sanitize_filename($this->file_name, FALSE, $this->filename_rule);
+ $this->file_name = $CI->security->sanitize_filename($this->file_name);
// Truncate the file name if it's too long
if ($this->max_filename > 0)