5 files changed, 32 insertions, 25 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 974e2e428..c82b69ff9 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -95,13 +95,14 @@ class CI_Security {
 	 *
 	 * @var array
 	 */
-	protected $_never_allowed_regex =	array(
+	protected $_never_allowed_regex = array(
 		'javascript\s*:',
 		'expression\s*(\(|&\#40;)', // CSS and IE
 		'vbscript\s*:', // IE, surprise!
-		'Redirect\s+302'
+		'Redirect\s+302',
+		"([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
 	);
-
+	
 	/**
 	 * Initialize security class
 	 */
@@ -365,10 +366,11 @@ class CI_Security {
 		 * These words are compacted back to their correct state.
 		 */
 		$words = array(
-			'javascript', 'expression', 'vbscript', 'script',
+			'javascript', 'expression', 'vbscript', 'script', 'base64',
 			'applet', 'alert', 'document', 'write', 'cookie', 'window'
 		);
 
+
 		foreach ($words as $word)
 		{
 			$word = implode('\s*', str_split($word)).'\s*';
@@ -605,10 +607,11 @@ class CI_Security {
 			$attribs = array();
 
 			// find occurrences of illegal attribute strings without quotes
-			preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s]*)/is', $str, $matches, PREG_SET_ORDER);
+			preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
 
 			foreach ($matches as $attr)
 			{
+
 				$attribs[] = preg_quote($attr[0], '/');
 			}
 
@@ -623,7 +626,7 @@ class CI_Security {
 			// replace illegal attribute strings that are inside an html tag
 			if (count($attribs) > 0)
 			{
-				$str = preg_replace('/<(\/?[^><]+?)([^A-Za-z\-])('.implode('|', $attribs).')([\s><])([><]*)/i', '<$1$2$4$5', $str, -1, $count);
+				$str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count);
 			}
 
 		} while ($count);
@@ -664,7 +667,7 @@ class CI_Security {
 	protected function _js_link_removal($match)
 	{
 		return str_replace($match[1],
-					preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+					preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
 							'',
 							$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
 					),
@@ -804,7 +807,7 @@ class CI_Security {
 
 		foreach ($this->_never_allowed_regex as $regex)
 		{
-			$str = preg_replace('#'.$regex.'#i', '[removed]', $str);
+			$str = preg_replace('#'.$regex.'#is', '[removed]', $str);
 		}
 
 		return $str;
@@ -841,4 +844,4 @@ class CI_Security {
 }
 
 /* End of file Security.php */
-/* Location: ./system/core/Security.php */
-\ No newline at end of file
+/* Location: ./system/core/Security.php */
diff --git a/system/database/drivers/interbase/interbase_utility.php b/system/database/drivers/interbase/interbase_utility.php
index 1b92af9b6..164211836 100644
--- a/system/database/drivers/interbase/interbase_utility.php
+++ b/system/database/drivers/interbase/interbase_utility.php
@@ -42,7 +42,7 @@ class CI_DB_interbase_utility extends CI_DB_utility {
 	 * @param	string	$filename
 	 * @return	mixed
 	 */
-	protected function backup($filename)
+	protected function _backup($filename)
 	{
 		if ($service = ibase_service_attach($this->db->hostname, $this->db->username, $this->db->password))
 		{
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 5547c6a69..c396580be 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -448,7 +448,7 @@ class CI_Form_validation {
 			{
 				$this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']);
 			}
-			elseif ( ! empty($validation_array[$field]))
+			elseif (isset($validation_array[$field]) && $validation_array[$field] !== '')
 			{
 				$this->_field_data[$field]['postdata'] = $validation_array[$field];
 			}
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 8ad67050d..24d4bd4d0 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -725,7 +725,7 @@ class CI_Upload {
 	public function get_extension($filename)
 	{
 		$x = explode('.', $filename);
-		return '.'.end($x);
+		return (count($x) !== 1) ? '.'.end($x) : '';
 	}
 
 	// --------------------------------------------------------------------
@@ -850,6 +850,10 @@ class CI_Upload {
 			{
 				return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
 			}
+			else
+			{
+				return FALSE;
+			}
 		}
 
 		if (($data = @file_get_contents($file)) === FALSE)
@@ -1099,4 +1103,4 @@ class CI_Upload {
 }
 
 /* End of file Upload.php */
-/* Location: ./system/libraries/Upload.php */
-\ No newline at end of file
+/* Location: ./system/libraries/Upload.php */
diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php
index 0ac605fa4..ff596f04b 100644
--- a/system/libraries/User_agent.php
+++ b/system/libraries/User_agent.php
@@ -51,14 +51,14 @@ class CI_User_agent {
 	 * @var bool
 	 */
 	public $is_browser = FALSE;
-	
+
 	/**
 	 * Flag for if the user-agent is a robot
 	 *
 	 * @var bool
 	 */
 	public $is_robot = FALSE;
-	
+
 	/**
 	 * Flag for if the user-agent is a mobile browser
 	 *
@@ -72,7 +72,7 @@ class CI_User_agent {
 	 * @var array
 	 */
 	public $languages = array();
-	
+
 	/**
 	 * Character sets accepted by the current user agent
 	 *
@@ -86,21 +86,21 @@ class CI_User_agent {
 	 * @var array
 	 */
 	public $platforms = array();
-	
+
 	/**
 	 * List of browsers to compare against current user agent
 	 *
 	 * @var array
 	 */
 	public $browsers = array();
-	
+
 	/**
 	 * List of mobile browsers to compare against current user agent
 	 *
 	 * @var array
 	 */
 	public $mobiles = array();
-	
+
 	/**
 	 * List of robots to compare against current user agent
 	 *
@@ -114,28 +114,28 @@ class CI_User_agent {
 	 * @var string
 	 */
 	public $platform = '';
-	
+
 	/**
 	 * Current user-agent browser
 	 *
 	 * @var string
 	 */
 	public $browser = '';
-	
+
 	/**
 	 * Current user-agent version
 	 *
 	 * @var string
 	 */
 	public $version = '';
-	
+
 	/**
 	 * Current user-agent mobile name
 	 *
 	 * @var string
 	 */
 	public $mobile = '';
-	
+
 	/**
 	 * Current user-agent robot name
 	 *
@@ -330,7 +330,7 @@ class CI_User_agent {
 		{
 			foreach ($this->mobiles as $key => $val)
 			{
-				if (FALSE !== (strpos(strtolower($this->agent), $key)))
+				if (FALSE !== (stripos($this->agent, $key)))
 				{
 					$this->is_mobile = TRUE;
 					$this->mobile = $val;
@@ -604,7 +604,7 @@ class CI_User_agent {
 	/**
 	 * Test for a particular character set
 	 *
-	 * @param	string $charset
+	 * @param	string	$charset
 	 * @return	bool
 	 */
 	public function accept_charset($charset = 'utf-8')