diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/core/CodeIgniter.php | 7 | ||||
| -rw-r--r-- | system/core/Input.php | 16 | ||||
| -rw-r--r-- | system/core/Security.php (renamed from system/libraries/Security.php) | 0 | ||||
| -rw-r--r-- | system/core/Utf8.php | 2 |
4 files changed, 15 insertions, 10 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 39a4d7ffd..7f4595e68 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -197,6 +197,13 @@ } /* + * ----------------------------------------------------- + * Load the security class for xss and csrf support + * ----------------------------------------------------- + */ + $SEC =& load_class('Security', 'core'); + +/* * ------------------------------------------------------ * Load the Input class and sanitize globals * ------------------------------------------------------ diff --git a/system/core/Input.php b/system/core/Input.php index 18131350f..dc7612e64 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -53,11 +53,8 @@ class CI_Input { $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); $this->_enable_csrf = (config_item('csrf_protection') === TRUE); - // Do we need to load the security class? - if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE) - { - $this->security =& load_class('Security'); - } + global $SEC; + $this->security =& $SEC; // Do we need the UTF-8 class? if (UTF8_ENABLED === TRUE) @@ -92,8 +89,7 @@ class CI_Input { if ($xss_clean === TRUE) { - $_security =& load_class('Security'); - return $_security->xss_clean($array[$index]); + return $this->security->xss_clean($array[$index]); } return $array[$index]; @@ -527,6 +523,9 @@ class CI_Input { { $str = $this->uni->clean_string($str); } + + // Remove control characters + $str = remove_invisible_characters($str); // Should we filter the input data? if ($this->_enable_xss === TRUE) @@ -642,8 +641,7 @@ class CI_Input { if ($xss_clean === TRUE) { - $_security =& load_class('Security'); - return $_security->xss_clean($this->headers[$index]); + return $this->security->xss_clean($this->headers[$index]); } return $this->headers[$index]; diff --git a/system/libraries/Security.php b/system/core/Security.php index ceef9779c..ceef9779c 100644 --- a/system/libraries/Security.php +++ b/system/core/Security.php diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 5d5a7ef72..2a27d1f35 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -107,7 +107,7 @@ class CI_Utf8 { */ function safe_ascii_for_xml($str) { - return preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S', '', $str); + return remove_invisible_characters($str, FALSE); } // -------------------------------------------------------------------- |