From 033ef02392d70dbc873deacc50ee76a800d0d228 Mon Sep 17 00:00:00 2001
From: paulburdick <devnull@localhost>
Date: Tue, 26 Jun 2007 21:52:52 +0000
Subject: *Updated the XSS Filtering to take into account the IE expression()
 ability

---
 system/libraries/Input.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'system/libraries')

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 1ff72877b..dc4e605b8 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -528,9 +528,12 @@ class CI_Input {
 		 */	
 		$bad = array(
 						'document.cookie'	=> '[removed]',
+						'.parentNode'		=> '[removed]',
+						'.innerHTML'		=> '[removed]',
 						'document.write'	=> '[removed]',
 						'window.location'	=> '[removed]',
 						"javascript\s*:"	=> '[removed]',
+						"expression\s*\("	=> '[removed]', // CSS and IE
 						"Redirect\s+302"	=> '[removed]',
 						'<!--'				=> '&lt;!--',
 						'-->'				=> '--&gt;'
@@ -626,7 +629,7 @@ class CI_Input {
 		 * Becomes:		eval&#40;'some code'&#41;
 		 *
 		 */
-		$str = preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2&#40;\\3&#41;", $str);
+		$str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2&#40;\\3&#41;", $str);
 						
 		/*
 		 * Final clean up
@@ -637,9 +640,12 @@ class CI_Input {
 		 */	
 		$bad = array(
 						'document.cookie'	=> '[removed]',
+						'.parentNode'		=> '[removed]',
+						'.innerHTML'		=> '[removed]',
 						'document.write'	=> '[removed]',
 						'window.location'	=> '[removed]',
 						"javascript\s*:"	=> '[removed]',
+						"expression\s*\("	=> '[removed]', // CSS and IE
 						"Redirect\s+302"	=> '[removed]',
 						'<!--'				=> '&lt;!--',
 						'-->'				=> '--&gt;'
-- 
cgit v1.2.3-24-g4f1b