From 763064b8661f92953497d6ca094d687e9078903f Mon Sep 17 00:00:00 2001
From: paulburdick <devnull@localhost>
Date: Wed, 27 Jun 2007 23:25:55 +0000
Subject: *Added filename_security() method to Input library

*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.
---
 system/libraries/Input.php | 50 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

(limited to 'system/libraries')

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 9a73ab9b9..337eeff30 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -444,6 +444,56 @@ class CI_Input {
 	
 	// --------------------------------------------------------------------
 	
+	/**
+	 * Filename Security
+	 *
+	 * @access	public
+	 * @param	string
+	 * @return	string
+	 */
+	function filename_security($str)
+	{
+		$bad = array(
+						"../",
+						"./",
+						"<!--",
+						"-->",
+						"<",
+						">",
+						"'",
+						'"',
+						'&',
+						'$',
+						'#',
+						'{',
+						'}',
+						'[',
+						']',
+						'=',
+						';',
+						'?',
+						'/',
+						"%20",
+						"%22",
+						"%3c",		// <
+						"%253c", 	// <
+						"%3e", 		// >
+						"%0e", 		// >
+						"%28", 		// (  
+						"%29", 		// ) 
+						"%2528", 	// (
+						"%26", 		// &
+						"%24", 		// $
+						"%3f", 		// ?
+						"%3b", 		// ;
+						"%3d"		// =
+        			);
+        			
+        return stripslashes(str_replace($bad, '', $str));   
+	}
+	
+	// --------------------------------------------------------------------
+	
 	/**
 	 * XSS Clean
 	 *
-- 
cgit v1.2.3-24-g4f1b