summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/core/Security.php')
-rw-r--r--system/core/Security.php51
1 files changed, 19 insertions, 32 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index cd1cb1ab4..196d61144 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -115,36 +115,6 @@ class CI_Security {
);
/**
- * List of bad chars for sanitize filename
- *
- * @var array
- */
- private $_filename_bad_str_rules = array(
- 'default' => array(
- '../', '<!--', '-->', '<', '>',
- "'", '"', '&', '$', '#',
- '{', '}', '[', ']', '=',
- ';', '?', '%20', '%22',
- '%3c', // <
- '%253c', // <
- '%3e', // >
- '%0e', // >
- '%28', // (
- '%29', // )
- '%2528', // (
- '%26', // &
- '%24', // $
- '%3f', // ?
- '%3b', // ;
- '%3d' // =
- ),
- 'windows' => array(
- '\\', '/', ':', '*', '?',
- '"', '<', '>', '|',
- ),
- );
-
- /**
* Class constructor
*
* @return void
@@ -577,9 +547,26 @@ class CI_Security {
* @param bool $relative_path Whether to preserve paths
* @return string
*/
- public function sanitize_filename($str, $relative_path = FALSE, $rule = 'default')
+ public function sanitize_filename($str, $relative_path = FALSE)
{
- $bad = $this->_filename_bad_str_rules[$rule];
+ $bad = array(
+ '../', '<!--', '-->', '<', '>',
+ "'", '"', '&', '$', '#',
+ '{', '}', '[', ']', '=',
+ ';', '?', '%20', '%22',
+ '%3c', // <
+ '%253c', // <
+ '%3e', // >
+ '%0e', // >
+ '%28', // (
+ '%29', // )
+ '%2528', // (
+ '%26', // &
+ '%24', // $
+ '%3f', // ?
+ '%3b', // ;
+ '%3d' // =
+ );
if ( ! $relative_path)
{