/** * Clean Input Data * * Internal method that aids in escaping data and * standardizing newline characters to PHP_EOL. * * @param string|string[] $str Input string(s) * @return string */ protected function _clean_input_data($str) { if (is_array($str)) { $new_array = array(); foreach (array_keys($str) as $key) { $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($str[$key]); } return $new_array; } /* We strip slashes if magic quotes is on to keep things consistent NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and it will probably not exist in future versions at all. */ if (!Core::isPHP('5.4') && get_magic_quotes_gpc()) { $str = stripslashes($str); } // Clean UTF-8 if supported if (UTF8_ENABLED === TRUE) { $str = $this->factory->utf8->clean_string($str); } // Remove control characters $str = UTF8::remove_invisible_characters($str, FALSE); // Standardize newlines if needed if ($this->_standardize_newlines === TRUE) { return preg_replace('/(?:\\r\\n|[\\r\\n])/', PHP_EOL, $str); } return $str; }
/** * Sanitize Filename * * @param string $str Input file name * @param bool $relative_path Whether to preserve paths * @return string */ public function sanitize_filename($str, $relative_path = FALSE) { $bad = $this->filename_bad_chars; if (!$relative_path) { $bad[] = './'; $bad[] = '/'; } $str = UTF8::remove_invisible_characters($str, FALSE); do { $old = $str; $str = str_replace($bad, '', $str); } while ($old !== $str); return stripslashes($str); }