diff options
Diffstat (limited to 'system/libraries')
-rw-r--r-- | system/libraries/Security.php | 42 |
1 files changed, 2 insertions, 40 deletions
diff --git a/system/libraries/Security.php b/system/libraries/Security.php index 60adf0a27..cdae50168 100644 --- a/system/libraries/Security.php +++ b/system/libraries/Security.php @@ -198,7 +198,7 @@ class CI_Security { /* * Remove Invisible Characters */ - $str = $this->_remove_invisible_characters($str); + $str = remove_invisible_characters($str); /* * Protect GET variables in URLs @@ -258,7 +258,7 @@ class CI_Security { /* * Remove Invisible Characters Again! */ - $str = $this->_remove_invisible_characters($str); + $str = remove_invisible_characters($str); /* * Convert all tabs to spaces @@ -481,44 +481,6 @@ class CI_Security { // -------------------------------------------------------------------- /** - * Remove Invisible Characters - * - * This prevents sandwiching null characters - * between ascii characters, like Java\0script. - * - * @access public - * @param string - * @return string - */ - function _remove_invisible_characters($str) - { - static $non_displayables; - - if ( ! isset($non_displayables)) - { - // every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09), - $non_displayables = array( - '/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15 - '/%1[0-9a-f]/', // url encoded 16-31 - '/[\x00-\x08]/', // 00-08 - '/\x0b/', '/\x0c/', // 11, 12 - '/[\x0e-\x1f]/' // 14-31 - ); - } - - do - { - $cleaned = $str; - $str = preg_replace($non_displayables, '', $str); - } - while ($cleaned != $str); - - return $str; - } - - // -------------------------------------------------------------------- - - /** * Compact Exploded Words * * Callback function for xss_clean() to remove whitespace from |