From 5afba5a8c444d608712174665288aa10237e8b27 Mon Sep 17 00:00:00 2001 From: tianhe1986 Date: Sat, 23 Jul 2016 01:02:01 +0800 Subject: Replace url_encoded invisible characters case-insensitively. Signed-off-by: tianhe1986 --- system/core/Common.php | 4 ++-- tests/codeigniter/core/Common_test.php | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/system/core/Common.php b/system/core/Common.php index b87ce4d62..e0d011db7 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -716,8 +716,8 @@ if ( ! function_exists('remove_invisible_characters')) // carriage return (dec 13) and horizontal tab (dec 09) if ($url_encoded) { - $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15 - $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31 + $non_displayables[] = '/%0[0-8bcef]/i'; // url encoded 00-08, 11, 12, 14, 15 + $non_displayables[] = '/%1[0-9a-f]/i'; // url encoded 16-31 } $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127 diff --git a/tests/codeigniter/core/Common_test.php b/tests/codeigniter/core/Common_test.php index 81a185eaf..ca19e5de0 100644 --- a/tests/codeigniter/core/Common_test.php +++ b/tests/codeigniter/core/Common_test.php @@ -54,4 +54,16 @@ class Common_test extends CI_TestCase { ); } + // ------------------------------------------------------------------------ + + public function test_remove_invisible_characters() + { + $raw_string = 'Here is a string containing invisible'.chr(0x08).' text %0e.'; + $removed_string = 'Here is a string containing invisible text %0e.'; + $this->assertEquals($removed_string, remove_invisible_characters($raw_string, FALSE)); + + $raw_string = 'Here is a string %0econtaining url_encoded invisible%1F text.'; + $removed_string = 'Here is a string containing url_encoded invisible text.'; + $this->assertEquals($removed_string, remove_invisible_characters($raw_string)); + } } \ No newline at end of file -- cgit v1.2.3-24-g4f1b