added a bit of leeway for images to avoid the more common false-positives that using xss_clean() on image files might trigger

commit: fc18b009de9b1f7c1e70ded6cb69aa94b985d09a [log] [tgz]
author: Derek Jones <derek.jones@ellislab.com> Wed Jun 25 16:12:35 2008 +0000
committer: Derek Jones <derek.jones@ellislab.com> Wed Jun 25 16:12:35 2008 +0000
tree: 38e3a40443fb22eedb66e52d616677e30224030f
parent: 7aae905cdfcc2113b7855585441d640cf665581f [diff] [blame]
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 783446a..04b373e 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php

@@ -631,8 +631,17 @@
 		 * But it doesn't seem to pose a problem.

 		 *

 		 */

-		$str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'),  array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);

-

+		if ($is_image === TRUE)

+		{

+			// Images have a tendency to have the PHP short opening and closing tags every so often

+			// so we skip those and only do the long opening tags.

+			$str = str_replace(array('<?php', '<?PHP'),  array('&lt;?php', '&lt;?PHP'), $str);

+		}

+		else

+		{

+			$str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'),  array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);

+		}

+		

 		/*

 		 * Compact any exploded words

 		 *
commit	fc18b009de9b1f7c1e70ded6cb69aa94b985d09a	[log] [tgz]
author	Derek Jones <derek.jones@ellislab.com>	Wed Jun 25 16:12:35 2008 +0000
committer	Derek Jones <derek.jones@ellislab.com>	Wed Jun 25 16:12:35 2008 +0000
tree	38e3a40443fb22eedb66e52d616677e30224030f
parent	7aae905cdfcc2113b7855585441d640cf665581f [diff] [blame]