Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename() Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73.

commit: 7e5597782a589e4171ca08abdd9ce1a185542ff4 [log] [tgz]
author: Andrey Andreev <narf@bofh.bg> Tue Jan 29 15:38:33 2013 +0200
committer: Andrey Andreev <narf@bofh.bg> Tue Jan 29 15:38:33 2013 +0200
tree: de46d9995631d11c83197a266c46116e6e1343c4
parent: d911fccb3198ffb0629d9956115ae08244ce3e66 [diff] [blame]
diff --git a/system/core/Security.php b/system/core/Security.php
index a6cd14a..7aae54e 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php

@@ -576,7 +576,15 @@
 		}
 
 		$str = remove_invisible_characters($str, FALSE);
-		return stripslashes(str_replace($bad, '', $str));
+
+		do
+		{
+			$old = $str;
+			$str = str_replace($bad, '', $str);
+		}
+		while ($old !== $str);
+
+		return stripslashes($str);
 	}
 
 	// ----------------------------------------------------------------
commit	7e5597782a589e4171ca08abdd9ce1a185542ff4	[log] [tgz]
author	Andrey Andreev <narf@bofh.bg>	Tue Jan 29 15:38:33 2013 +0200
committer	Andrey Andreev <narf@bofh.bg>	Tue Jan 29 15:38:33 2013 +0200
tree	de46d9995631d11c83197a266c46116e6e1343c4
parent	d911fccb3198ffb0629d9956115ae08244ce3e66 [diff] [blame]