From fc18b009de9b1f7c1e70ded6cb69aa94b985d09a Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Wed, 25 Jun 2008 16:12:35 +0000
Subject: added a bit of leeway for images to avoid the more common
 false-positives that using xss_clean() on image files might trigger

---
 system/libraries/Input.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 783446aec..04b373e41 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -631,8 +631,17 @@ class CI_Input {
 		 * But it doesn't seem to pose a problem.
 		 *
 		 */
-		$str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'),  array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
-
+		if ($is_image === TRUE)
+		{
+			// Images have a tendency to have the PHP short opening and closing tags every so often
+			// so we skip those and only do the long opening tags.
+			$str = str_replace(array('<?php', '<?PHP'),  array('&lt;?php', '&lt;?PHP'), $str);
+		}
+		else
+		{
+			$str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'),  array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
+		}
+		
 		/*
 		 * Compact any exploded words
 		 *
-- 
cgit v1.2.3-24-g4f1b