Merge pull request #2201 from xeptor/develop Upload library, clean_file_name function: Fix xss bug.

commit: 9711b060063e4cd830197ce57e1844aa25d34dff [log] [tgz]
author: Andrey Andreev <narf@bofh.bg> Mon Jan 28 05:05:55 2013 -0800
committer: Andrey Andreev <narf@bofh.bg> Mon Jan 28 05:05:55 2013 -0800
tree: 631f527147892e1db7be7c32f79c0e39fcc9b37b
parent: 606fee0e2e0aa6a906db82e77090e91f133d7378 [diff]
parent: 9be4cd74db158d805e0bc04c48c52a6453337c1d [diff]
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 96bb17e..1f0bd6a 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php

@@ -1005,7 +1005,14 @@
 				'%3d'		// =
 			);
 
-		return stripslashes(str_replace($bad, '', $filename));
+		do
+		{
+			$old_filename = $filename;
+			$filename = str_replace($bad, '', $filename);
+		}
+		while ($old_filename !== $filename);
+
+		return stripslashes($filename);
 	}
 
 	// --------------------------------------------------------------------
commit	9711b060063e4cd830197ce57e1844aa25d34dff	[log] [tgz]
author	Andrey Andreev <narf@bofh.bg>	Mon Jan 28 05:05:55 2013 -0800
committer	Andrey Andreev <narf@bofh.bg>	Mon Jan 28 05:05:55 2013 -0800
tree	631f527147892e1db7be7c32f79c0e39fcc9b37b
parent	606fee0e2e0aa6a906db82e77090e91f133d7378 [diff]
parent	9be4cd74db158d805e0bc04c48c52a6453337c1d [diff]