summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Loader.php8
-rw-r--r--system/core/Log.php4
-rw-r--r--system/core/Security.php9
3 files changed, 18 insertions, 3 deletions
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 62781a7bf..c742ae71a 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -936,6 +936,14 @@ class CI_Loader {
*/
if (is_array($_ci_vars))
{
+ foreach (array_keys($_ci_vars) as $key)
+ {
+ if (strncmp($key, '_ci_', 4) === 0)
+ {
+ unset($_ci_vars[$key]);
+ }
+ }
+
$this->_ci_cached_vars = array_merge($this->_ci_cached_vars, $_ci_vars);
}
extract($this->_ci_cached_vars);
diff --git a/system/core/Log.php b/system/core/Log.php
index 7c81d358b..1abdaa00e 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -191,6 +191,8 @@ class CI_Log {
return FALSE;
}
+ flock($fp, LOCK_EX);
+
// Instantiating DateTime with microseconds appended to initial date is needed for proper support of this format
if (strpos($this->_date_fmt, 'u') !== FALSE)
{
@@ -206,8 +208,6 @@ class CI_Log {
$message .= $this->_format_line($level, $date, $msg);
- flock($fp, LOCK_EX);
-
for ($written = 0, $length = strlen($message); $written < $length; $written += $result)
{
if (($result = fwrite($fp, substr($message, $written))) === FALSE)
diff --git a/system/core/Security.php b/system/core/Security.php
index bad511dd3..d5305d1ca 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -762,7 +762,14 @@ class CI_Security {
*/
public function strip_image_tags($str)
{
- return preg_replace(array('#<img[\s/]+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img[\s/]+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ return preg_replace(
+ array(
+ '#<img[\s/]+.*?src\s*=\s*(["\'])([^\\1]+?)\\1.*?\>#i',
+ '#<img[\s/]+.*?src\s*=\s*?(([^\s"\'=<>`]+)).*?\>#i'
+ ),
+ '\\2',
+ $str
+ );
}
// ----------------------------------------------------------------