diff --git a/.gitmodules b/.gitmodules
index 618d40c..893a543 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,12 +1,16 @@
[submodule "minera-bin/src/cpuminer-gc3355"]
path = minera-bin/src/cpuminer-gc3355
url = https://github.com/siklon/cpuminer-gc3355.git
+ ignore = dirty
[submodule "minera-bin/src/bfgminer"]
path = minera-bin/src/bfgminer
url = https://github.com/luke-jr/bfgminer
+ ignore = dirty
[submodule "minera-bin/src/cgminer"]
path = minera-bin/src/cgminer
url = https://github.com/ckolivas/cgminer
+ ignore = dirty
[submodule "minera-bin/src/cgminer-dmaxl-zeus"]
path = minera-bin/src/cgminer-dmaxl-zeus
url = https://github.com/dmaxl/cgminer/
+ ignore = dirty
diff --git a/system/.htaccess b/system/.htaccess
new file mode 100644
index 0000000..14249c5
--- /dev/null
+++ b/system/.htaccess
@@ -0,0 +1 @@
+Deny from all
\ No newline at end of file
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php
old mode 100644
new mode 100755
index a200727..daffa29
--- a/system/core/Benchmark.php
+++ b/system/core/Benchmark.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -24,7 +25,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Libraries
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/libraries/benchmark.html
*/
class CI_Benchmark {
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
old mode 100644
new mode 100755
index e0819c8..9c9930b
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -23,7 +24,7 @@
* @package CodeIgniter
* @subpackage codeigniter
* @category Front-controller
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/
*/
@@ -33,7 +34,7 @@
* @var string
*
*/
- define('CI_VERSION', '2.1.4');
+ define('CI_VERSION', '2.2.2');
/**
* CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
diff --git a/system/core/Common.php b/system/core/Common.php
index 07534c5..5e56aa0 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -23,7 +24,7 @@
* @package CodeIgniter
* @subpackage codeigniter
* @category Common Functions
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/
*/
@@ -32,9 +33,6 @@
/**
* Determines if the current version of PHP is greater then the supplied value
*
-* Since there are a few places where we conditionally test for PHP > 5
-* we'll set a static variable.
-*
* @access public
* @param string
* @return bool TRUE if the current version is $version or higher
@@ -254,7 +252,8 @@ function &get_config($replace = array())
}
}
- return $_config[0] =& $config;
+ $_config[0] =& $config;
+ return $_config[0];
}
}
@@ -470,9 +469,6 @@ function _exception_handler($severity, $message, $filepath, $line)
{
// We don't bother with "strict" notices since they tend to fill up
// the log file with excess information that isn't normally very helpful.
- // For example, if you are running PHP 5 and you use version 4 style
- // class functions (without prefixes like "public", "private", etc.)
- // you'll get notices telling you that these have been deprecated.
if ($severity == E_STRICT)
{
return;
diff --git a/system/core/Config.php b/system/core/Config.php
old mode 100644
new mode 100755
index 5dffbf3..45641fa
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -23,7 +24,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Libraries
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/libraries/config.html
*/
class CI_Config {
@@ -66,11 +67,13 @@ function __construct()
// Set the base_url automatically if none was provided
if ($this->config['base_url'] == '')
{
- if (isset($_SERVER['HTTP_HOST']))
+ // The regular expression is only a basic validation for a valid "Host" header.
+ // It's not exhaustive, only checks for valid characters.
+ if (isset($_SERVER['HTTP_HOST']) && preg_match('/^((\[[0-9a-f:]+\])|(\d{1,3}(\.\d{1,3}){3})|[a-z0-9\-\.]+)(:\d+)?$/i', $_SERVER['HTTP_HOST']))
{
- $base_url = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http';
+ $base_url = (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off') ? 'http' : 'https';
$base_url .= '://'. $_SERVER['HTTP_HOST'];
- $base_url .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
+ $base_url .= substr($_SERVER['SCRIPT_NAME'], 0, strpos($_SERVER['SCRIPT_NAME'], basename($_SERVER['SCRIPT_FILENAME'])));
}
else
diff --git a/system/core/Controller.php b/system/core/Controller.php
index fddb81e..e05362c 100644
--- a/system/core/Controller.php
+++ b/system/core/Controller.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -24,7 +25,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Libraries
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/general/controllers.html
*/
class CI_Controller {
@@ -37,7 +38,7 @@ class CI_Controller {
public function __construct()
{
self::$instance =& $this;
-
+
// Assign all the class objects that were instantiated by the
// bootstrap file (CodeIgniter.php) to local class variables
// so that CI can run as one big super object.
diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php
old mode 100644
new mode 100755
index 869739a..4ca2faf
--- a/system/core/Exceptions.php
+++ b/system/core/Exceptions.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -21,7 +22,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Exceptions
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/libraries/exceptions.html
*/
class CI_Exceptions {
diff --git a/system/core/Hooks.php b/system/core/Hooks.php
old mode 100644
new mode 100755
index 33f1c03..4dbabb8
--- a/system/core/Hooks.php
+++ b/system/core/Hooks.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -23,7 +24,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Libraries
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/libraries/encryption.html
*/
class CI_Hooks {
diff --git a/system/core/Input.php b/system/core/Input.php
old mode 100644
new mode 100755
index eab0e86..e3ef3ee
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -23,7 +24,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Input
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/libraries/input.html
*/
class CI_Input {
@@ -343,8 +344,8 @@ public function ip_address()
}
}
- $this->ip_address = ($spoof !== FALSE && in_array($this->server('remote_addr'), $proxy_ips, TRUE))
- ? $spoof : $this->server('remote_addr');
+ $this->ip_address = ($spoof !== FALSE && in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE))
+ ? $spoof : $_SERVER['REMOTE_ADDR'];
}
else
{
@@ -631,8 +632,24 @@ function _sanitize_globals()
unset($_COOKIE['$Path']);
unset($_COOKIE['$Domain']);
+ // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827)
+ //
+ // The session ID sanitizer doesn't check for the value type and blindly does
+ // an implicit cast to string, which triggers an 'Array to string' E_NOTICE.
+ $sess_cookie_name = config_item('cookie_prefix').config_item('sess_cookie_name');
+ if (isset($_COOKIE[$sess_cookie_name]) && ! is_string($_COOKIE[$sess_cookie_name]))
+ {
+ unset($_COOKIE[$sess_cookie_name]);
+ }
+
foreach ($_COOKIE as $key => $val)
{
+ // _clean_input_data() has been reported to break encrypted cookies
+ if ($key === $sess_cookie_name && config_item('sess_encrypt_cookie'))
+ {
+ continue;
+ }
+
$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
}
}
@@ -846,4 +863,4 @@ public function is_cli_request()
}
/* End of file Input.php */
-/* Location: ./system/core/Input.php */
\ No newline at end of file
+/* Location: ./system/core/Input.php */
diff --git a/system/core/Lang.php b/system/core/Lang.php
old mode 100644
new mode 100755
index 5ac6718..2849703
--- a/system/core/Lang.php
+++ b/system/core/Lang.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -21,7 +22,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Language
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/libraries/language.html
*/
class CI_Lang {
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 6b7ee0c..40090db 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -22,7 +23,7 @@
*
* @package CodeIgniter
* @subpackage Libraries
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @category Loader
* @link http://codeigniter.com/user_guide/libraries/loader.html
*/
diff --git a/system/core/Model.php b/system/core/Model.php
old mode 100644
new mode 100755
index e15ffbe..9bbb1fc
--- a/system/core/Model.php
+++ b/system/core/Model.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -21,7 +22,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Libraries
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/libraries/config.html
*/
class CI_Model {
diff --git a/system/core/Output.php b/system/core/Output.php
old mode 100644
new mode 100755
index ccecafd..fc88f6e
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -23,7 +24,7 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Output
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @link http://codeigniter.com/user_guide/libraries/output.html
*/
class CI_Output {
diff --git a/system/core/Router.php b/system/core/Router.php
old mode 100644
new mode 100755
index 6da6674..b39dc16
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -5,8 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc.
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -22,7 +23,7 @@
*
* @package CodeIgniter
* @subpackage Libraries
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
* @category Libraries
* @link http://codeigniter.com/user_guide/general/routing.html
*/
diff --git a/system/core/Security.php b/system/core/Security.php
old mode 100644
new mode 100755
index b0d39b9..4c265d4
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -1,12 +1,13 @@
- '[removed]',
'.parentNode' => '[removed]',
'.innerHTML' => '[removed]',
- 'window.location' => '[removed]',
'-moz-binding' => '[removed]',
'' => '-->',
@@ -90,9 +90,13 @@ class CI_Security {
*/
protected $_never_allowed_regex = array(
'javascript\s*:',
+ '(document|(document\.)?window)\.(location|on\w*)',
'expression\s*(\(|&\#40;)', // CSS and IE
'vbscript\s*:', // IE, surprise!
- 'Redirect\s+302',
+ 'wscript\s*:', // IE
+ 'jscript\s*:', // IE
+ 'vbs\s*:', // IE
+ 'Redirect\s+30\d:',
"([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
);
@@ -263,10 +267,7 @@ public function get_csrf_token_name()
*/
public function xss_clean($str, $is_image = FALSE)
{
- /*
- * Is the string an array?
- *
- */
+ // Is the string an array?
if (is_array($str))
{
while (list($key) = each($str))
@@ -277,14 +278,9 @@ public function xss_clean($str, $is_image = FALSE)
return $str;
}
- /*
- * Remove Invisible Characters
- */
+ //Remove Invisible Characters
$str = remove_invisible_characters($str);
- // Validate Entities in URLs
- $str = $this->_validate_entities($str);
-
/*
* URL Decode
*
@@ -293,9 +289,12 @@ public function xss_clean($str, $is_image = FALSE)
* Google
*
* Note: Use rawurldecode() so it does not remove plus signs
- *
*/
- $str = rawurldecode($str);
+ do
+ {
+ $str = rawurldecode($str);
+ }
+ while (preg_match('/%[0-9a-f]{2,}/i', $str));
/*
* Convert character entities to ASCII
@@ -303,16 +302,11 @@ public function xss_clean($str, $is_image = FALSE)
* This permits our tests below to work reliably.
* We only convert entities that are within tags since
* these are the ones that will pose security problems.
- *
*/
+ $str = preg_replace_callback("/[^a-z0-9>]+[a-z0-9]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str);
+ $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str);
- $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str);
-
- $str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", array($this, '_decode_entity'), $str);
-
- /*
- * Remove Invisible Characters Again!
- */
+ // Remove Invisible Characters Again!
$str = remove_invisible_characters($str);
/*
@@ -323,15 +317,9 @@ public function xss_clean($str, $is_image = FALSE)
* NOTE: preg_replace was found to be amazingly slow here on
* large blocks of data, so we use str_replace.
*/
+ $str = str_replace("\t", ' ', $str);
- if (strpos($str, "\t") !== FALSE)
- {
- $str = str_replace("\t", ' ', $str);
- }
-
- /*
- * Capture converted string for later comparison
- */
+ // Capture converted string for later comparison
$converted_string = $str;
// Remove Strings that are never allowed
@@ -351,11 +339,11 @@ public function xss_clean($str, $is_image = FALSE)
// Images have a tendency to have the PHP short opening and
// closing tags every so often so we skip those and only
// do the long opening tags.
- $str = preg_replace('/<\?(php)/i', "<?\\1", $str);
+ $str = preg_replace('/<\?(php)/i', '<?\\1', $str);
}
else
{
- $str = str_replace(array('', '?'.'>'), array('<?', '?>'), $str);
+ $str = str_replace(array('', '?'.'>'), array('<?', '?>'), $str);
}
/*
@@ -365,50 +353,52 @@ public function xss_clean($str, $is_image = FALSE)
* These words are compacted back to their correct state.
*/
$words = array(
- 'javascript', 'expression', 'vbscript', 'script', 'base64',
- 'applet', 'alert', 'document', 'write', 'cookie', 'window'
+ 'javascript', 'expression', 'vbscript', 'jscript', 'wscript',
+ 'vbs', 'script', 'base64', 'applet', 'alert', 'document',
+ 'write', 'cookie', 'window', 'confirm', 'prompt'
);
foreach ($words as $word)
{
- $temp = '';
-
- for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++)
- {
- $temp .= substr($word, $i, 1)."\s*";
- }
+ $word = implode('\s*', str_split($word)).'\s*';
// We only want to do this when it is followed by a non-word character
// That way valid stuff like "dealer to" does not become "dealerto"
- $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str);
+ $str = preg_replace_callback('#('.substr($word, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str);
}
/*
* Remove disallowed Javascript in links or img tags
- * We used to do some version comparisons and use of stripos for PHP5,
+ * We used to do some version comparisons and use of stripos(),
* but it is dog slow compared to these simplified non-capturing
* preg_match(), especially if the pattern exists in the string
+ *
+ * Note: It was reported that not only space characters, but all in
+ * the following pattern can be parsed as separators between a tag name
+ * and its attributes: [\d\s"\'`;,\/\=\(\x00\x0B\x09\x0C]
+ * ... however, remove_invisible_characters() above already strips the
+ * hex-encoded ones, so we'll skip them below.
*/
do
{
$original = $str;
- if (preg_match("/]*?)(>|$)#si", array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback('#]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
}
- if (preg_match("/]*?)(\s?/?>|$)#si", array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback('#]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
}
- if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str))
+ if (preg_match('/script|xss/i', $str))
{
- $str = preg_replace("#<(/*)(script|xss)(.*?)\>#si", '[removed]', $str);
+ $str = preg_replace('#*(?:script|xss).*?>#si', '[removed]', $str);
}
}
- while($original != $str);
+ while($original !== $str);
unset($original);
@@ -424,7 +414,7 @@ public function xss_clean($str, $is_image = FALSE)
* So this: