diff options
Diffstat (limited to 'system/core')
-rwxr-xr-x | system/core/Input.php | 1 | ||||
-rwxr-xr-x | system/core/Router.php | 5 | ||||
-rwxr-xr-x | system/core/Security.php | 21 | ||||
-rwxr-xr-x | system/core/URI.php | 4 |
4 files changed, 15 insertions, 16 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index 7594a2e45..fc2a550bc 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -226,7 +226,6 @@ class CI_Input { */ public function cookie($index = '', $xss_clean = FALSE) { - $index = config_item('cookie_prefix').$index; return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } diff --git a/system/core/Router.php b/system/core/Router.php index fe9909b06..9314052fe 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -242,12 +242,9 @@ class CI_Router { $segments[1] = 'index'; } - // This is being routed to a file in a sub directory - $this->directory and array_unshift($segments, trim($this->directory, '/')); - // Update our "routed" segment array to contain the segments. // Note: If there is no custom routing, this array will be - // identical to $this->uri->segments + // identical to $this->uri->segments $this->uri->rsegments = $segments; } diff --git a/system/core/Security.php b/system/core/Security.php index 974e2e428..c82b69ff9 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -95,13 +95,14 @@ class CI_Security { * * @var array */ - protected $_never_allowed_regex = array( + protected $_never_allowed_regex = array( 'javascript\s*:', 'expression\s*(\(|&\#40;)', // CSS and IE 'vbscript\s*:', // IE, surprise! - 'Redirect\s+302' + 'Redirect\s+302', + "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?" ); - + /** * Initialize security class */ @@ -365,10 +366,11 @@ class CI_Security { * These words are compacted back to their correct state. */ $words = array( - 'javascript', 'expression', 'vbscript', 'script', + 'javascript', 'expression', 'vbscript', 'script', 'base64', 'applet', 'alert', 'document', 'write', 'cookie', 'window' ); + foreach ($words as $word) { $word = implode('\s*', str_split($word)).'\s*'; @@ -605,10 +607,11 @@ class CI_Security { $attribs = array(); // find occurrences of illegal attribute strings without quotes - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s]*)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { + $attribs[] = preg_quote($attr[0], '/'); } @@ -623,7 +626,7 @@ class CI_Security { // replace illegal attribute strings that are inside an html tag if (count($attribs) > 0) { - $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z\-])('.implode('|', $attribs).')([\s><])([><]*)/i', '<$1$2$4$5', $str, -1, $count); + $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count); } } while ($count); @@ -664,7 +667,7 @@ class CI_Security { protected function _js_link_removal($match) { return str_replace($match[1], - preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', + preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), @@ -804,7 +807,7 @@ class CI_Security { foreach ($this->_never_allowed_regex as $regex) { - $str = preg_replace('#'.$regex.'#i', '[removed]', $str); + $str = preg_replace('#'.$regex.'#is', '[removed]', $str); } return $str; @@ -841,4 +844,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */
\ No newline at end of file +/* Location: ./system/core/Security.php */ diff --git a/system/core/URI.php b/system/core/URI.php index 705575a0c..cf82c5838 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -645,10 +645,10 @@ class CI_URI { */ public function ruri_string() { - return implode('/', $this->rsegment_array()); + return '/'.implode('/', $this->rsegment_array()); } } /* End of file URI.php */ -/* Location: ./system/core/URI.php */
\ No newline at end of file +/* Location: ./system/core/URI.php */ |