Subversion-Projekte lars-tiefland.ci

Revision

Revision 2049 | Revision 2242 | Zur aktuellen Revision | Ganze Datei anzeigen | Leerzeichen ignorieren | Details | Blame | Letzte Ă„nderung | Log anzeigen | RSS feed

Revision 2049 Revision 2107
Zeile 352... Zeile 352...
352 
	public function xss_clean($str, $is_image = FALSE)
 352 
	public function xss_clean($str, $is_image = FALSE)
353 
	{
 353 
	{
354 
		// Is the string an array?
 354 
		// Is the string an array?
355 
		if (is_array($str))
 355 
		if (is_array($str))
356 
		{
 356 
		{
357 
			while (list($key) = each($str))
 357 
			foreach ($str as $key => &$value)
358 
			{
 358 
			{
359 
				$str[$key] = $this->xss_clean($str[$key]);
 359 
				$str[$key] = $this->xss_clean($value);
360 
			}
 360 
			}
Zeile 361... Zeile 361...
361 
 
 361 
 
362 
			return $str;
 362 
			return $str;
Zeile 867... Zeile 867...
867 
			$is_evil_pattern = '#^('.implode('|', $evil_attributes).')$#i';
 867 
			$is_evil_pattern = '#^('.implode('|', $evil_attributes).')$#i';
Zeile 868... Zeile 868...
868 
 
 868 
 
869 
			// Each iteration filters a single attribute
 869 
			// Each iteration filters a single attribute
870 
			do
 870 
			do
871 
			{
 871 
			{
872 
				// Strip any non-alpha characters that may preceed an attribute.
 872 
				// Strip any non-alpha characters that may precede an attribute.
873 
				// Browsers often parse these incorrectly and that has been a
 873 
				// Browsers often parse these incorrectly and that has been a
874 
				// of numerous XSS issues we've had.
 874 
				// of numerous XSS issues we've had.
Zeile 875... Zeile 875...
875 
				$matches['attributes'] = preg_replace('#^[^a-z]+#i', '', $matches['attributes']);
 875 
				$matches['attributes'] = preg_replace('#^[^a-z]+#i', '', $matches['attributes']);