diff options
Diffstat (limited to 'system/libraries/Input.php')
| -rw-r--r-- | system/libraries/Input.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 1ff72877b..dc4e605b8 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -528,9 +528,12 @@ class CI_Input { */
$bad = array(
'document.cookie' => '[removed]',
+ '.parentNode' => '[removed]',
+ '.innerHTML' => '[removed]',
'document.write' => '[removed]',
'window.location' => '[removed]',
"javascript\s*:" => '[removed]',
+ "expression\s*\(" => '[removed]', // CSS and IE
"Redirect\s+302" => '[removed]',
'<!--' => '<!--',
'-->' => '-->'
@@ -626,7 +629,7 @@ class CI_Input { * Becomes: eval('some code')
*
*/
- $str = preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str);
+ $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str);
/*
* Final clean up
@@ -637,9 +640,12 @@ class CI_Input { */
$bad = array(
'document.cookie' => '[removed]',
+ '.parentNode' => '[removed]',
+ '.innerHTML' => '[removed]',
'document.write' => '[removed]',
'window.location' => '[removed]',
"javascript\s*:" => '[removed]',
+ "expression\s*\(" => '[removed]', // CSS and IE
"Redirect\s+302" => '[removed]',
'<!--' => '<!--',
'-->' => '-->'
|