*Added filename_security() method to Input library
*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 9a73ab9..337eeff 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -445,6 +445,56 @@
// --------------------------------------------------------------------
/**
+ * Filename Security
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+ function filename_security($str)
+ {
+ $bad = array(
+ "../",
+ "./",
+ "<!--",
+ "-->",
+ "<",
+ ">",
+ "'",
+ '"',
+ '&',
+ '$',
+ '#',
+ '{',
+ '}',
+ '[',
+ ']',
+ '=',
+ ';',
+ '?',
+ '/',
+ "%20",
+ "%22",
+ "%3c", // <
+ "%253c", // <
+ "%3e", // >
+ "%0e", // >
+ "%28", // (
+ "%29", // )
+ "%2528", // (
+ "%26", // &
+ "%24", // $
+ "%3f", // ?
+ "%3b", // ;
+ "%3d" // =
+ );
+
+ return stripslashes(str_replace($bad, '', $str));
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* XSS Clean
*
* Sanitizes data so that Cross Site Scripting Hacks can be