From ad4750509885ad5bb368fc308f86d8c06d45b15c Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Thu, 19 Apr 2012 13:21:06 -0400 Subject: Normalize comments in core files --- system/core/Security.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'system/core/Security.php') diff --git a/system/core/Security.php b/system/core/Security.php index ac39ce97b..8d81babf2 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -102,6 +102,9 @@ class CI_Security { 'Redirect\s+302' ); + /** + * Initialize security class + */ public function __construct() { // Is CSRF protection enabled? @@ -558,8 +561,8 @@ class CI_Security { * Callback function for xss_clean() to remove whitespace from * things like j a v a s c r i p t * - * @param type - * @return type + * @param array + * @return string */ protected function _compact_exploded_words($matches) { @@ -568,8 +571,8 @@ class CI_Security { // -------------------------------------------------------------------- - /* - * Remove Evil HTML Attributes (like evenhandlers and style) + /** + * Remove Evil HTML Attributes (like event handlers and style) * * It removes the evil attribute and either: * - Everything up until a space -- cgit v1.2.3-24-g4f1b From 40403d21274d5e0792c7ab816ad984d6387d5c20 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Thu, 19 Apr 2012 16:38:50 -0400 Subject: Additional formatting fixes --- system/core/Security.php | 84 ++++++++++++++++++++++++------------------------ 1 file changed, 42 insertions(+), 42 deletions(-) (limited to 'system/core/Security.php') diff --git a/system/core/Security.php b/system/core/Security.php index 8d81babf2..139511661 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -41,14 +41,14 @@ class CI_Security { * * @var string */ - protected $_xss_hash = ''; + protected $_xss_hash = ''; /** * Random Hash for Cross Site Request Forgery Protection Cookie * * @var string */ - protected $_csrf_hash = ''; + protected $_csrf_hash = ''; /** * Expiration time for Cross Site Request Forgery Protection Cookie @@ -56,21 +56,21 @@ class CI_Security { * * @var int */ - protected $_csrf_expire = 7200; + protected $_csrf_expire = 7200; /** * Token name for Cross Site Request Forgery Protection Cookie * * @var string */ - protected $_csrf_token_name = 'ci_csrf_token'; + protected $_csrf_token_name = 'ci_csrf_token'; /** * Cookie name for Cross Site Request Forgery Protection Cookie * * @var string */ - protected $_csrf_cookie_name = 'ci_csrf_token'; + protected $_csrf_cookie_name = 'ci_csrf_token'; /** * List of never allowed strings @@ -78,17 +78,17 @@ class CI_Security { * @var array */ protected $_never_allowed_str = array( - 'document.cookie' => '[removed]', - 'document.write' => '[removed]', - '.parentNode' => '[removed]', - '.innerHTML' => '[removed]', - 'window.location' => '[removed]', - '-moz-binding' => '[removed]', - '' => '-->', - ' '<![CDATA[', - '' => '<comment>' - ); + 'document.cookie' => '[removed]', + 'document.write' => '[removed]', + '.parentNode' => '[removed]', + '.innerHTML' => '[removed]', + 'window.location' => '[removed]', + '-moz-binding' => '[removed]', + '' => '-->', + ' '<![CDATA[', + '' => '<comment>' + ); /** * List of never allowed regex replacement @@ -96,11 +96,11 @@ class CI_Security { * @var array */ protected $_never_allowed_regex = array( - 'javascript\s*:', - 'expression\s*(\(|&\#40;)', // CSS and IE - 'vbscript\s*:', // IE, surprise! - 'Redirect\s+302' - ); + 'javascript\s*:', + 'expression\s*(\(|&\#40;)', // CSS and IE + 'vbscript\s*:', // IE, surprise! + 'Redirect\s+302' + ); /** * Initialize security class @@ -365,9 +365,9 @@ class CI_Security { * These words are compacted back to their correct state. */ $words = array( - 'javascript', 'expression', 'vbscript', 'script', - 'applet', 'alert', 'document', 'write', 'cookie', 'window' - ); + 'javascript', 'expression', 'vbscript', 'script', + 'applet', 'alert', 'document', 'write', 'cookie', 'window' + ); foreach ($words as $word) { @@ -525,23 +525,23 @@ class CI_Security { public function sanitize_filename($str, $relative_path = FALSE) { $bad = array( - '../', '', '<', '>', - "'", '"', '&', '$', '#', - '{', '}', '[', ']', '=', - ';', '?', '%20', '%22', - '%3c', // < - '%253c', // < - '%3e', // > - '%0e', // > - '%28', // ( - '%29', // ) - '%2528', // ( - '%26', // & - '%24', // $ - '%3f', // ? - '%3b', // ; - '%3d' // = - ); + '../', '', '<', '>', + "'", '"', '&', '$', '#', + '{', '}', '[', ']', '=', + ';', '?', '%20', '%22', + '%3c', // < + '%253c', // < + '%3e', // > + '%0e', // > + '%28', // ( + '%29', // ) + '%2528', // ( + '%26', // & + '%24', // $ + '%3f', // ? + '%3b', // ; + '%3d' // = + ); if ( ! $relative_path) { @@ -841,4 +841,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ +/* Location: ./system/core/Security.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 48a7fbbeb53e82e9298036d40c42ec2564699ed0 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Mon, 23 Apr 2012 11:58:16 -0400 Subject: Use tabs to separate class properties --- system/core/Security.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'system/core/Security.php') diff --git a/system/core/Security.php b/system/core/Security.php index 139511661..974e2e428 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -41,14 +41,14 @@ class CI_Security { * * @var string */ - protected $_xss_hash = ''; + protected $_xss_hash = ''; /** * Random Hash for Cross Site Request Forgery Protection Cookie * * @var string */ - protected $_csrf_hash = ''; + protected $_csrf_hash = ''; /** * Expiration time for Cross Site Request Forgery Protection Cookie @@ -56,28 +56,28 @@ class CI_Security { * * @var int */ - protected $_csrf_expire = 7200; + protected $_csrf_expire = 7200; /** * Token name for Cross Site Request Forgery Protection Cookie * * @var string */ - protected $_csrf_token_name = 'ci_csrf_token'; + protected $_csrf_token_name = 'ci_csrf_token'; /** * Cookie name for Cross Site Request Forgery Protection Cookie * * @var string */ - protected $_csrf_cookie_name = 'ci_csrf_token'; + protected $_csrf_cookie_name = 'ci_csrf_token'; /** * List of never allowed strings * * @var array */ - protected $_never_allowed_str = array( + protected $_never_allowed_str = array( 'document.cookie' => '[removed]', 'document.write' => '[removed]', '.parentNode' => '[removed]', @@ -95,7 +95,7 @@ class CI_Security { * * @var array */ - protected $_never_allowed_regex = array( + protected $_never_allowed_regex = array( 'javascript\s*:', 'expression\s*(\(|&\#40;)', // CSS and IE 'vbscript\s*:', // IE, surprise! -- cgit v1.2.3-24-g4f1b