diff options
| author | Andrey Andreev <narf@devilix.net> | 2015-09-10 15:36:22 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2015-09-10 15:36:22 +0200 |
| commit | abc6006884658acb4e2302460f87e2f89a5a7e80 (patch) | |
| tree | 8e2e610d6be363c4dbf79286533441af15ab7716 | |
| parent | 72ebac4eed3f5de650a26ffbc34fc0aaaa49c7d4 (diff) | |
Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4
| -rw-r--r-- | system/core/Security.php | 4 | ||||
| -rw-r--r-- | tests/codeigniter/core/Security_test.php | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 8ca66d297..e4bd327b5 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -787,11 +787,11 @@ class CI_Security { $count = $temp_count = 0; // replace occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - $str = preg_replace('/<([^>]+((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=047))*[^>]*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count); + $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count); $count += $temp_count; // find occurrences of illegal attribute strings without quotes - $str = preg_replace('/<([^>]+((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=047))*[^>]*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', '<$1[removed]', $str, -1, $temp_count); + $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', '<$1[removed]', $str, -1, $temp_count); $count += $temp_count; } while ($count); diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 68b52247e..8e6d276fc 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -147,12 +147,12 @@ class Security_test extends CI_TestCase { $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo fscommand=case-insensitive>', FALSE)); $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo seekSegmentTime=whatever>', FALSE)); $this->assertEquals( - '<foo bar=">" baz=\'\' [removed]>', - $this->security->remove_evil_attributes('<foo bar=">" baz=\'\' onAfterGreaterThan="quotes">', FALSE) + '<foo bar=">" baz=\'>\' [removed]>', + $this->security->remove_evil_attributes('<foo bar=">" baz=\'>\' onAfterGreaterThan="quotes">', FALSE) ); $this->assertEquals( - '<foo bar=">" baz=\'\' [removed]>', - $this->security->remove_evil_attributes('<foo bar=">" baz=\'\' onAfterGreaterThan=noQuotes>', FALSE) + '<foo bar=">" baz=\'>\' [removed]>', + $this->security->remove_evil_attributes('<foo bar=">" baz=\'>\' onAfterGreaterThan=noQuotes>', FALSE) ); } |