diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/core/Security.php | 10 | ||||
-rw-r--r-- | system/libraries/Upload.php | 50 |
2 files changed, 11 insertions, 49 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index a6cd14a5f..7aae54efc 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -576,7 +576,15 @@ class CI_Security { } $str = remove_invisible_characters($str, FALSE); - return stripslashes(str_replace($bad, '', $str)); + + do + { + $old = $str; + $str = str_replace($bad, '', $str); + } + while ($old !== $str); + + return stripslashes($str); } // ---------------------------------------------------------------- diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1f0bd6a6e..814ea68a4 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -463,7 +463,8 @@ class CI_Upload { } // Sanitize the file name for security - $this->file_name = $this->clean_file_name($this->file_name); + $CI =& get_instance(); + $this->file_name = $CI->security->sanitize_filename($this->file_name); // Truncate the file name if it's too long if ($this->max_filename > 0) @@ -971,53 +972,6 @@ class CI_Upload { // -------------------------------------------------------------------- /** - * Clean the file name for security - * - * @param string $filename - * @return string - */ - public function clean_file_name($filename) - { - $bad = array( - '<!--', '-->', - "'", '"', - '<', '>', - '&', '$', - '=', - ';', - '?', - '/', - '!', - '#', - '%20', - '%22', - '%3c', // < - '%253c', // < - '%3e', // > - '%0e', // > - '%28', // ( - '%29', // ) - '%2528', // ( - '%26', // & - '%24', // $ - '%3f', // ? - '%3b', // ; - '%3d' // = - ); - - do - { - $old_filename = $filename; - $filename = str_replace($bad, '', $filename); - } - while ($old_filename !== $filename); - - return stripslashes($filename); - } - - // -------------------------------------------------------------------- - - /** * Limit the File Name Length * * @param string $filename |