From 757dda61aa0556aca8172dc2a8175596afe28ce2 Mon Sep 17 00:00:00 2001
From: Greg Aker <greg.aker@ellislab.com>
Date: Wed, 14 Apr 2010 19:06:19 -0500
Subject: Fixing a bug where odbc/mssql/oci8 db drivers would encounter a PHP
 error due to a function being moved from the input to security class.

Moving remove_invisible_characters() to Common.php so the entire class does not need to be instantiated in those database drivers.
---
 system/libraries/Security.php | 42 ++----------------------------------------
 1 file changed, 2 insertions(+), 40 deletions(-)

(limited to 'system/libraries/Security.php')

diff --git a/system/libraries/Security.php b/system/libraries/Security.php
index 60adf0a27..cdae50168 100644
--- a/system/libraries/Security.php
+++ b/system/libraries/Security.php
@@ -198,7 +198,7 @@ class CI_Security {
 		/*
 		 * Remove Invisible Characters
 		 */
-		$str = $this->_remove_invisible_characters($str);
+		$str = remove_invisible_characters($str);
 
 		/*
 		 * Protect GET variables in URLs
@@ -258,7 +258,7 @@ class CI_Security {
 		/*
 		 * Remove Invisible Characters Again!
 		 */
-		$str = $this->_remove_invisible_characters($str);
+		$str = remove_invisible_characters($str);
 		
 		/*
 		 * Convert all tabs to spaces
@@ -480,44 +480,6 @@ class CI_Security {
 
 	// --------------------------------------------------------------------
 	
-	/**
-	 * Remove Invisible Characters
-	 *
-	 * This prevents sandwiching null characters
-	 * between ascii characters, like Java\0script.
-	 *
-	 * @access	public
-	 * @param	string
-	 * @return	string
-	 */
-	function _remove_invisible_characters($str)
-	{
-		static $non_displayables;
-		
-		if ( ! isset($non_displayables))
-		{
-			// every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09),
-			$non_displayables = array(
-										'/%0[0-8bcef]/',			// url encoded 00-08, 11, 12, 14, 15
-										'/%1[0-9a-f]/',				// url encoded 16-31
-										'/[\x00-\x08]/',			// 00-08
-										'/\x0b/', '/\x0c/',			// 11, 12
-										'/[\x0e-\x1f]/'				// 14-31
-									);
-		}
-
-		do
-		{
-			$cleaned = $str;
-			$str = preg_replace($non_displayables, '', $str);
-		}
-		while ($cleaned != $str);
-
-		return $str;
-	}
-
-	// --------------------------------------------------------------------
-	
 	/**
 	 * Compact Exploded Words
 	 *
-- 
cgit v1.2.3-24-g4f1b