Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 14a0ac63a9dfb72e4681c37f7727cd48882152bd^! / . / system
commit14a0ac63a9dfb72e4681c37f7727cd48882152bd[log] [tgz]
authorPascal Kriete <pascal.kriete@ellislab.com>Tue Apr 05 14:55:56 2011 -0400
committerPascal Kriete <pascal.kriete@ellislab.com>Tue Apr 05 14:55:56 2011 -0400
treeaa7062f10e105984eb9df84e5b98bb1371bbf564
parent0ff50269e6bac31870a4d69bf4bc0bb895999f1f [diff]
Moving security to core.

diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 39a4d7f..7f4595e 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php

@@ -197,6 +197,13 @@
 	}
 
 /*
+ * -----------------------------------------------------
+ * Load the security class for xss and csrf support
+ * -----------------------------------------------------
+ */
+	$SEC =& load_class('Security', 'core');
+
+/*
  * ------------------------------------------------------
  *  Load the Input class and sanitize globals
  * ------------------------------------------------------

diff --git a/system/core/Input.php b/system/core/Input.php
index 1813135..dc7612e 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php

@@ -53,11 +53,8 @@
 		$this->_enable_xss		= (config_item('global_xss_filtering') === TRUE);
 		$this->_enable_csrf		= (config_item('csrf_protection') === TRUE);
 
-		// Do we need to load the security class?
-		if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE)
-		{
-			$this->security =& load_class('Security');
-		}
+		global $SEC;
+		$this->security =& $SEC;
 
 		// Do we need the UTF-8 class?
 		if (UTF8_ENABLED === TRUE)
@@ -92,8 +89,7 @@
 
 		if ($xss_clean === TRUE)
 		{
-			$_security =& load_class('Security');
-			return $_security->xss_clean($array[$index]);
+			return $this->security->xss_clean($array[$index]);
 		}
 
 		return $array[$index];
@@ -527,6 +523,9 @@
 		{
 			$str = $this->uni->clean_string($str);
 		}
+		
+		// Remove control characters
+		$str = remove_invisible_characters($str);
 
 		// Should we filter the input data?
 		if ($this->_enable_xss === TRUE)
@@ -642,8 +641,7 @@
 
 		if ($xss_clean === TRUE)
 		{
-			$_security =& load_class('Security');
-			return $_security->xss_clean($this->headers[$index]);
+			return $this->security->xss_clean($this->headers[$index]);
 		}
 
 		return $this->headers[$index];		

diff --git a/system/libraries/Security.php b/system/core/Security.php
similarity index 100%
rename from system/libraries/Security.php
rename to system/core/Security.php

diff --git a/system/core/Utf8.php b/system/core/Utf8.php
index 5d5a7ef..2a27d1f 100644
--- a/system/core/Utf8.php
+++ b/system/core/Utf8.php

@@ -107,7 +107,7 @@
 	 */
 	function safe_ascii_for_xml($str)
 	{
-		return preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S', '', $str);
+		return remove_invisible_characters($str, FALSE);
 	}
 
 	// --------------------------------------------------------------------