From 9f23e7c24c9786bbe576ca6df3dc362581216bef Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Fri, 30 May 2008 20:00:11 +0000 Subject: moved word compacting to a callback for clarity, added a few js event handlers for removal --- system/libraries/Input.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'system/libraries/Input.php') diff --git a/system/libraries/Input.php b/system/libraries/Input.php index cac05c71d..5f066cc5e 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -715,10 +715,10 @@ class CI_Input { { $temp .= substr($word, $i, 1)."\s*"; } - + // We only want to do this when it is followed by a non-word character // That way valid stuff like "dealer to" does not become "dealerto" - $str = preg_replace('#('.substr($temp, 0, -3).')(\W)#ise', "preg_replace('/\s+/s', '', '\\1').'\\2'", $str); + $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str); } /* @@ -757,7 +757,7 @@ class CI_Input { * but it's unlikely to be a problem. * */ - $event_handlers = array('onblur','onchange','onclick','onended','onerror','onfocus','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmouseover','onmouseup','onresize','onselect','onsubmit','onunload','xmlns'); + $event_handlers = array('onblur','onchange','onclick','ondblclick','onended','onerror','onfocus','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmousemove','onmouseover','onmouseout','onmouseup','onresize','onselect','onsubmit','onunload','xmlns'); if ($is_image === TRUE) { @@ -874,6 +874,23 @@ class CI_Input { // -------------------------------------------------------------------- + /** + * Compact Exploded Words + * + * Callback function for xss_clean() to remove whitespace from + * things like j a v a s c r i p t + * + * @access public + * @param type + * @return type + */ + function _compact_exploded_words($matches) + { + return preg_replace('/\s+/s', '', $matches[1]).$matches[2]; + } + + // -------------------------------------------------------------------- + /** * Sanitize Naughty HTML * -- cgit v1.2.3-24-g4f1b