summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2008-08-27 16:58:12 +0200
committerDerek Jones <derek.jones@ellislab.com>2008-08-27 16:58:12 +0200
commit9dee6ec7bf77e15a1227785292e507f1a6126a8f (patch)
tree7b9e23bbfb7acc5331f7e2b231fe22b62da97fe6
parent4f3e46129d4ed11c1a1d1570a6ec0580b0a10dc7 (diff)
modified regex for image tag sanitization to retain trailing space and closing slash to remain valid XHTML
-rw-r--r--system/libraries/Input.php2
-rw-r--r--user_guide/changelog.html3
2 files changed, 3 insertions, 2 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index ff1dd9b15..dc5b5e5a9 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -685,7 +685,7 @@ class CI_Input {
if (preg_match("/<img/i", $str))
{
- $str = preg_replace_callback("#<img\s+([^>]*?)(>|$)#si", array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback("#<img\s+([^>]*?)(\s?/?>|$)#si", array($this, '_js_img_removal'), $str);
}
if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str))
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index ee3ff253d..b24b0810a 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -91,13 +91,14 @@ SVN Revision: XXXX</p>
</li>
</ul>
-<h3>Bug fixes for 1.6.4</h3>
+<h3>Bug fixes for 1.7.0</h3>
<ul>
<li>Fixed bug in xss_clean() that could remove some desirable tag attributes.</li>
<li>Fixed assorted user guide typos or examples (#4840, #4862, #4864, #4899, #4930, #5006, #5071).</li>
<li>Fixed an edit from 1.6.3 that made the $robots array in user_agents.php go poof.</li>
<li>Fixed a bug in the Email library with quoted-printable encoding improperly encoding space and tab characters.</li>
<li>Modified XSS sanitization to no longer add semicolons after &amp;[single letter], such as in M&amp;M's, B&amp;B, etc.</li>
+ <li>Modified XSS sanitization to no longer strip XHTML image tags of closing slashes.</li>
</ul>
<h2>Version 1.6.3</h2>