From 757dda61aa0556aca8172dc2a8175596afe28ce2 Mon Sep 17 00:00:00 2001
From: Greg Aker <greg.aker@ellislab.com>
Date: Wed, 14 Apr 2010 19:06:19 -0500
Subject: Fixing a bug where odbc/mssql/oci8 db drivers would encounter a PHP
 error due to a function being moved from the input to security class.

Moving remove_invisible_characters() to Common.php so the entire class does not need to be instantiated in those database drivers.
---
 system/core/Common.php                         | 37 +++++++++++++++++++++++
 system/database/drivers/mssql/mssql_driver.php |  5 +--
 system/database/drivers/oci8/oci8_driver.php   |  5 +--
 system/database/drivers/odbc/odbc_driver.php   |  5 +--
 system/libraries/Security.php                  | 42 ++------------------------
 5 files changed, 42 insertions(+), 52 deletions(-)

(limited to 'system')

diff --git a/system/core/Common.php b/system/core/Common.php
index 6e2f72509..9dee591e6 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -479,6 +479,43 @@
 		$_error->log_exception($severity, $message, $filepath, $line);
 	}
 
+	// --------------------------------------------------------------------
+	
+	/**
+	 * Remove Invisible Characters
+	 *
+	 * This prevents sandwiching null characters
+	 * between ascii characters, like Java\0script.
+	 *
+	 * @access	public
+	 * @param	string
+	 * @return	string
+	 */
+	function remove_invisible_characters($str)
+	{
+		static $non_displayables;
+		
+		if ( ! isset($non_displayables))
+		{
+			// every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09),
+			$non_displayables = array(
+										'/%0[0-8bcef]/',			// url encoded 00-08, 11, 12, 14, 15
+										'/%1[0-9a-f]/',				// url encoded 16-31
+										'/[\x00-\x08]/',			// 00-08
+										'/\x0b/', '/\x0c/',			// 11, 12
+										'/[\x0e-\x1f]/'				// 14-31
+									);
+		}
+
+		do
+		{
+			$cleaned = $str;
+			$str = preg_replace($non_displayables, '', $str);
+		}
+		while ($cleaned != $str);
+
+		return $str;
+	}
 
 
 /* End of file Common.php */
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index 0c74726a2..40900e832 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -260,12 +260,9 @@ class CI_DB_mssql_driver extends CI_DB {
    		
 	   		return $str;
 	   	}
-
-		// Access the CI object
-		$CI =& get_instance();
 		
 		// Escape single quotes
-		$str = str_replace("'", "''", $CI->input->_remove_invisible_characters($str));
+		$str = str_replace("'", "''", remove_invisible_characters($str));
 		
 		// escape LIKE condition wildcards
 		if ($like === TRUE)
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index cd0e09577..6f317d2e6 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -403,10 +403,7 @@ class CI_DB_oci8_driver extends CI_DB {
 	   		return $str;
 	   	}
 
-		// Access the CI object
-		$CI =& get_instance();
-
-		$str = $CI->input->_remove_invisible_characters($str);
+		$str = remove_invisible_characters($str);
 		
 		// escape LIKE condition wildcards
 		if ($like === TRUE)
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index d5df8ef8c..6e682313f 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -271,12 +271,9 @@ class CI_DB_odbc_driver extends CI_DB {
    		
 	   		return $str;
 	   	}
-
-		// Access the CI object
-		$CI =& get_instance();
 		
 		// ODBC doesn't require escaping
-		$str = $CI->input->_remove_invisible_characters($str);
+		$str = remove_invisible_characters($str);
 		
 		// escape LIKE condition wildcards
 		if ($like === TRUE)
diff --git a/system/libraries/Security.php b/system/libraries/Security.php
index 60adf0a27..cdae50168 100644
--- a/system/libraries/Security.php
+++ b/system/libraries/Security.php
@@ -198,7 +198,7 @@ class CI_Security {
 		/*
 		 * Remove Invisible Characters
 		 */
-		$str = $this->_remove_invisible_characters($str);
+		$str = remove_invisible_characters($str);
 
 		/*
 		 * Protect GET variables in URLs
@@ -258,7 +258,7 @@ class CI_Security {
 		/*
 		 * Remove Invisible Characters Again!
 		 */
-		$str = $this->_remove_invisible_characters($str);
+		$str = remove_invisible_characters($str);
 		
 		/*
 		 * Convert all tabs to spaces
@@ -480,44 +480,6 @@ class CI_Security {
 
 	// --------------------------------------------------------------------
 	
-	/**
-	 * Remove Invisible Characters
-	 *
-	 * This prevents sandwiching null characters
-	 * between ascii characters, like Java\0script.
-	 *
-	 * @access	public
-	 * @param	string
-	 * @return	string
-	 */
-	function _remove_invisible_characters($str)
-	{
-		static $non_displayables;
-		
-		if ( ! isset($non_displayables))
-		{
-			// every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09),
-			$non_displayables = array(
-										'/%0[0-8bcef]/',			// url encoded 00-08, 11, 12, 14, 15
-										'/%1[0-9a-f]/',				// url encoded 16-31
-										'/[\x00-\x08]/',			// 00-08
-										'/\x0b/', '/\x0c/',			// 11, 12
-										'/[\x0e-\x1f]/'				// 14-31
-									);
-		}
-
-		do
-		{
-			$cleaned = $str;
-			$str = preg_replace($non_displayables, '', $str);
-		}
-		while ($cleaned != $str);
-
-		return $str;
-	}
-
-	// --------------------------------------------------------------------
-	
 	/**
 	 * Compact Exploded Words
 	 *
-- 
cgit v1.2.3-24-g4f1b