Changeset 2309 for trunk/system/libraries/Input.php
- Timestamp:
- 03/16/2008 03:34:43 AM (10 months ago)
- Files:
-
- 1 modified
-
trunk/system/libraries/Input.php (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/system/libraries/Input.php
r1911 r2309 35 35 36 36 /** 37 * Sets whether to globally enable the XSS processing. 37 * Sanitizes global GET, POST and COOKIE data. Also takes care of 38 * register_globals, if it has been enabled. 39 * 40 * @return void 38 41 */ 39 42 public function __construct() … … 219 222 $chars = (PCRE_UNICODE_PROPERTIES) ? '\pL' : 'a-zA-Z'; 220 223 221 if ( ! preg_match('#^['.$chars.'0-9:_/-]+ $#uD', $str))224 if ( ! preg_match('#^['.$chars.'0-9:_/-]++$#uD', $str)) 222 225 { 223 226 exit('Disallowed key characters in global data.'); … … 255 258 256 259 if ($this->ip_address === FALSE) 257 { 258 $this->ip_address = '0.0.0.0'; 259 return $this->ip_address; 260 } 260 return $this->ip_address = '0.0.0.0'; 261 261 262 262 if (strstr($this->ip_address, ',')) … … 266 266 } 267 267 268 if ( ! $this->valid_ip($this->ip_address))268 if ( ! valid::ip($this->ip_address)) 269 269 { 270 270 $this->ip_address = '0.0.0.0'; … … 321 321 322 322 // Do not clean empty strings 323 if (trim($string) == '')323 if (trim($string) === '') 324 324 return $string; 325 325 … … 406 406 $oldstring = $string; 407 407 $string = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*>#i', '', $string); 408 } while ($oldstring != $string); 408 } 409 while ($oldstring !== $string); 409 410 break; 410 411 }
