Fixing a bug where odbc/mssql/oci8 db drivers would encounter a PHP error due to a function being moved from the input to security class.
Moving remove_invisible_characters() to Common.php so the entire class does not need to be instantiated in those database drivers.
diff --git a/system/libraries/Security.php b/system/libraries/Security.php
index 60adf0a..cdae501 100644
--- a/system/libraries/Security.php
+++ b/system/libraries/Security.php
@@ -198,7 +198,7 @@
/*
* Remove Invisible Characters
*/
- $str = $this->_remove_invisible_characters($str);
+ $str = remove_invisible_characters($str);
/*
* Protect GET variables in URLs
@@ -258,7 +258,7 @@
/*
* Remove Invisible Characters Again!
*/
- $str = $this->_remove_invisible_characters($str);
+ $str = remove_invisible_characters($str);
/*
* Convert all tabs to spaces
@@ -481,44 +481,6 @@
// --------------------------------------------------------------------
/**
- * Remove Invisible Characters
- *
- * This prevents sandwiching null characters
- * between ascii characters, like Java\0script.
- *
- * @access public
- * @param string
- * @return string
- */
- function _remove_invisible_characters($str)
- {
- static $non_displayables;
-
- if ( ! isset($non_displayables))
- {
- // every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09),
- $non_displayables = array(
- '/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
- '/%1[0-9a-f]/', // url encoded 16-31
- '/[\x00-\x08]/', // 00-08
- '/\x0b/', '/\x0c/', // 11, 12
- '/[\x0e-\x1f]/' // 14-31
- );
- }
-
- do
- {
- $cleaned = $str;
- $str = preg_replace($non_displayables, '', $str);
- }
- while ($cleaned != $str);
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
* Compact Exploded Words
*
* Callback function for xss_clean() to remove whitespace from