From 000ab69f536420a0214e4d8d15898bcacf918ece Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Tue, 13 May 2008 14:46:38 +0000
Subject: Hey you!  Yeah, you, that other set of hardcoded arrays in
 xss_clean().  You're coming with me, pal!

---
 system/libraries/Input.php | 24 +++---------------------
 1 file changed, 3 insertions(+), 21 deletions(-)

(limited to 'system/libraries/Input.php')

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index c86a3cec0..ec06101e6 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -801,30 +801,12 @@ class CI_Input {
 		 * something got through the above filters
 		 *
 		 */
-		$bad = array(
-						'document.cookie'	=> '[removed]',
-						'document.write'	=> '[removed]',
-						'.parentNode'		=> '[removed]',
-						'.innerHTML'		=> '[removed]',
-						'window.location'	=> '[removed]',
-						'-moz-binding'		=> '[removed]',
-						'<!--'				=> '&lt;!--',
-						'-->'				=> '--&gt;',
-						'<![CDATA['			=> '&lt;![CDATA['
-					);
-
-		foreach ($bad as $key => $val)
+		foreach ($this->never_allowed_str as $key => $val)
 		{
 			$str = str_replace($key, $val, $str);   
 		}
-
-		$bad = array(
-						"javascript\s*:"	=> '[removed]',
-						"expression\s*\("	=> '[removed]', // CSS and IE
-						"Redirect\s+302"	=> '[removed]'
-					);
-				
-		foreach ($bad as $key => $val)
+	
+		foreach ($this->never_allowed_regex as $key => $val)
 		{
 			$str = preg_replace("#".$key."#i", $val, $str);   
 		}
-- 
cgit v1.2.3-24-g4f1b