diff options
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Common.php | 1 | ||||
-rw-r--r-- | system/core/Security.php | 8 |
2 files changed, 6 insertions, 3 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 00e303098..cfc63c2aa 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -76,6 +76,7 @@ if ( ! function_exists('is_really_writable')) * the file, based on the read-only attribute. is_writable() is also unreliable * on Unix servers if safe_mode is on. * + * @link https://bugs.php.net/bug.php?id=54709 * @param string * @return void */ diff --git a/system/core/Security.php b/system/core/Security.php index d6356f869..49e5ab411 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -69,7 +69,9 @@ class CI_Security { public $html5_entities = array( ':' => ':', '(' => '(', - ')' => ')' + ')' => ')', + '&newline;' => "\n", + '&tab;' => "\t" ); /** @@ -467,7 +469,7 @@ class CI_Security { * So this: <blink> * Becomes: <blink> */ - $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss'; + $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|video|svg|xml|xss'; $str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str); /* @@ -660,7 +662,7 @@ class CI_Security { protected function _remove_evil_attributes($str, $is_image) { // Formaction, style, and xmlns - $evil_attributes = array('style', 'xmlns', 'formaction'); + $evil_attributes = array('style', 'xmlns', 'formaction', 'form', 'xlink:href'); if ($is_image === TRUE) { |