summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Config.php1
-rw-r--r--system/core/Input.php85
-rw-r--r--system/core/Security.php26
3 files changed, 38 insertions, 74 deletions
diff --git a/system/core/Config.php b/system/core/Config.php
index a0e830abe..93c950e2e 100644
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -332,6 +332,7 @@ class CI_Config {
/**
* System URL
*
+ * @deprecated 3.0.0 Encourages insecure practices
* @return string
*/
public function system_url()
diff --git a/system/core/Input.php b/system/core/Input.php
index ccb70daec..35ce5f12f 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -152,8 +152,20 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- protected function _fetch_from_array(&$array, $index = '', $xss_clean = NULL)
+ protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL)
{
+ // If $index is NULL, it means that the whole $array is requested
+ if ($index === NULL)
+ {
+ $output = array();
+ foreach (array_keys($array) as $key)
+ {
+ $output[$key] = $this->_fetch_from_array($array, $key, $xss_clean);
+ }
+
+ return $output;
+ }
+
is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
if (isset($array[$index]))
@@ -202,26 +214,6 @@ class CI_Input {
*/
public function get($index = NULL, $xss_clean = NULL)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
- // Check if a field has been provided
- if ($index === NULL)
- {
- if (empty($_GET))
- {
- return array();
- }
-
- $get = array();
-
- // loop through the full _GET array
- foreach (array_keys($_GET) as $key)
- {
- $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean);
- }
- return $get;
- }
-
return $this->_fetch_from_array($_GET, $index, $xss_clean);
}
@@ -236,26 +228,6 @@ class CI_Input {
*/
public function post($index = NULL, $xss_clean = NULL)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
- // Check if a field has been provided
- if ($index === NULL)
- {
- if (empty($_POST))
- {
- return array();
- }
-
- $post = array();
-
- // Loop through the full _POST array and return it
- foreach (array_keys($_POST) as $key)
- {
- $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean);
- }
- return $post;
- }
-
return $this->_fetch_from_array($_POST, $index, $xss_clean);
}
@@ -268,10 +240,8 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function post_get($index = '', $xss_clean = NULL)
+ public function post_get($index, $xss_clean = NULL)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
return isset($_POST[$index])
? $this->post($index, $xss_clean)
: $this->get($index, $xss_clean);
@@ -286,10 +256,8 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function get_post($index = '', $xss_clean = NULL)
+ public function get_post($index, $xss_clean = NULL)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
return isset($_GET[$index])
? $this->get($index, $xss_clean)
: $this->post($index, $xss_clean);
@@ -304,10 +272,8 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function cookie($index = '', $xss_clean = NULL)
+ public function cookie($index = NULL, $xss_clean = NULL)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
return $this->_fetch_from_array($_COOKIE, $index, $xss_clean);
}
@@ -320,10 +286,8 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function server($index = '', $xss_clean = NULL)
+ public function server($index, $xss_clean = NULL)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
return $this->_fetch_from_array($_SERVER, $index, $xss_clean);
}
@@ -338,23 +302,14 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function input_stream($index = '', $xss_clean = NULL)
+ public function input_stream($index = NULL, $xss_clean = NULL)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
// The input stream can only be read once, so we'll need to check
// if we have already done that first.
- if (is_array($this->_input_stream))
- {
- return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean);
- }
-
- // Parse the input stream in our cache var
- parse_str(file_get_contents('php://input'), $this->_input_stream);
if ( ! is_array($this->_input_stream))
{
- $this->_input_stream = array();
- return NULL;
+ parse_str(file_get_contents('php://input'), $this->_input_stream);
+ is_array($this->_input_stream) OR $this->_input_stream = array();
}
return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean);
diff --git a/system/core/Security.php b/system/core/Security.php
index cbff38b30..beb7f56e0 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -147,6 +147,9 @@ class CI_Security {
'(document|(document\.)?window)\.(location|on\w*)',
'expression\s*(\(|&\#40;)', // CSS and IE
'vbscript\s*:', // IE, surprise!
+ 'wscript\s*:', // IE
+ 'jscript\s*:', // IE
+ 'vbs\s*:', // IE
'Redirect\s+30\d',
"([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
);
@@ -356,7 +359,11 @@ class CI_Security {
*
* Note: Use rawurldecode() so it does not remove plus signs
*/
- $str = rawurldecode($str);
+ do
+ {
+ $str = rawurldecode($str);
+ }
+ while (preg_match('/%[0-9a-f]{2,}/i', $str));
/*
* Convert character entities to ASCII
@@ -415,8 +422,9 @@ class CI_Security {
* These words are compacted back to their correct state.
*/
$words = array(
- 'javascript', 'expression', 'vbscript', 'script', 'base64',
- 'applet', 'alert', 'document', 'write', 'cookie', 'window'
+ 'javascript', 'expression', 'vbscript', 'jscript', 'wscript',
+ 'vbs', 'script', 'base64', 'applet', 'alert', 'document',
+ 'write', 'cookie', 'window', 'confirm', 'prompt'
);
foreach ($words as $word)
@@ -446,12 +454,12 @@ class CI_Security {
if (preg_match('/<a/i', $str))
{
- $str = preg_replace_callback('#<a[\s\d"\'`;/=,\(]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback('#<a[\s\d"\'`;/=,\(\\\\]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
}
if (preg_match('/<img/i', $str))
{
- $str = preg_replace_callback('#<img[\s\d"\'`;/=,\(]+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback('#<img[\s\d"\'`;/=,\(\\\\]+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
}
if (preg_match('/script|xss/i', $str))
@@ -475,7 +483,7 @@ class CI_Security {
* So this: <blink>
* Becomes: &lt;blink&gt;
*/
- $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|math|video|svg|xml|xss';
+ $naughty = 'alert|prompt|confirm|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|math|video|svg|xml|xss';
$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
/*
@@ -490,7 +498,7 @@ class CI_Security {
* For example: eval('some code')
* Becomes: eval&#40;'some code'&#41;
*/
- $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si',
+ $str = preg_replace('#(alert|prompt|confirm|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si',
'\\1\\2&#40;\\3&#41;',
$str);
@@ -745,7 +753,7 @@ class CI_Security {
protected function _js_link_removal($match)
{
return str_replace($match[1],
- preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
+ preg_replace('#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),
@@ -770,7 +778,7 @@ class CI_Security {
protected function _js_img_removal($match)
{
return str_replace($match[1],
- preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+ preg_replace('#src=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),