Make the bad filename array public in Security library
diff --git a/system/core/Security.php b/system/core/Security.php
index 196d611..3d04d5e 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -38,6 +38,30 @@
class CI_Security {
/**
+ * List of sanitize filename strings
+ *
+ * @var array
+ */
+ public $sanitize_filename_str = array(
+ '../', '<!--', '-->', '<', '>',
+ "'", '"', '&', '$', '#',
+ '{', '}', '[', ']', '=',
+ ';', '?', '%20', '%22',
+ '%3c', // <
+ '%253c', // <
+ '%3e', // >
+ '%0e', // >
+ '%28', // (
+ '%29', // )
+ '%2528', // (
+ '%26', // &
+ '%24', // $
+ '%3f', // ?
+ '%3b', // ;
+ '%3d' // =
+ );
+
+ /**
* XSS Hash
*
* Random Hash for protecting URLs.
@@ -541,6 +565,19 @@
// --------------------------------------------------------------------
/**
+ * Set Sanitize Filename Strings
+ *
+ * @param array $strings
+ * @return void
+ */
+ public function set_sanitize_filename_str($strings)
+ {
+ $this->sanitize_filename_str = $strings;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Sanitize Filename
*
* @param string $str Input file name
@@ -549,24 +586,7 @@
*/
public function sanitize_filename($str, $relative_path = FALSE)
{
- $bad = array(
- '../', '<!--', '-->', '<', '>',
- "'", '"', '&', '$', '#',
- '{', '}', '[', ']', '=',
- ';', '?', '%20', '%22',
- '%3c', // <
- '%253c', // <
- '%3e', // >
- '%0e', // >
- '%28', // (
- '%29', // )
- '%2528', // (
- '%26', // &
- '%24', // $
- '%3f', // ?
- '%3b', // ;
- '%3d' // =
- );
+ $bad = $this->sanitize_filename_str;
if ( ! $relative_path)
{