summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Common.php1
-rw-r--r--system/core/Security.php8
2 files changed, 6 insertions, 3 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index 00e303098..cfc63c2aa 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -76,6 +76,7 @@ if ( ! function_exists('is_really_writable'))
* the file, based on the read-only attribute. is_writable() is also unreliable
* on Unix servers if safe_mode is on.
*
+ * @link https://bugs.php.net/bug.php?id=54709
* @param string
* @return void
*/
diff --git a/system/core/Security.php b/system/core/Security.php
index d6356f869..49e5ab411 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -69,7 +69,9 @@ class CI_Security {
public $html5_entities = array(
':' => ':',
'(' => '(',
- ')' => ')'
+ ')' => ')',
+ '&newline;' => "\n",
+ '&tab;' => "\t"
);
/**
@@ -467,7 +469,7 @@ class CI_Security {
* So this: <blink>
* Becomes: &lt;blink&gt;
*/
- $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+ $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|video|svg|xml|xss';
$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
/*
@@ -660,7 +662,7 @@ class CI_Security {
protected function _remove_evil_attributes($str, $is_image)
{
// Formaction, style, and xmlns
- $evil_attributes = array('style', 'xmlns', 'formaction');
+ $evil_attributes = array('style', 'xmlns', 'formaction', 'form', 'xlink:href');
if ($is_image === TRUE)
{