diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-01-25 21:55:21 +0100 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-01-25 21:55:21 +0100 |
| commit | dbd999f33374f6541f167e3d77a3e80a991b301a (patch) | |
| tree | 8a79a4fa32e8c863a1cb46f763b6107fbe9e6b97 | |
| parent | b69103e8ab0c646d01f5e97ef6a255293de1e60e (diff) | |
Previous commit caused side effects ...
| -rw-r--r-- | system/core/Security.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 15cb37620..8acab01fc 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -683,7 +683,7 @@ class CI_Security { $attribs = array(); // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - preg_match_all('/\W('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -691,7 +691,7 @@ class CI_Security { } // find occurrences of illegal attribute strings without quotes - preg_match_all('/\W('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { |