diff options
author | Andrey Andreev <narf@devilix.net> | 2014-03-18 22:08:59 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-03-18 22:08:59 +0100 |
commit | 46d2072e5ce0c13f3be2bd909d76eba37964740f (patch) | |
tree | 6a022cbd743aa08c9fb79a5fcca9de371f41b574 | |
parent | ebb3aa0edde1efd4829a3ad8dbe0eeac970794cb (diff) |
More xss_clean() improvements
Issue described in https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37980030
+ a false positive
-rw-r--r-- | system/core/Security.php | 4 | ||||
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index a4d8c95ef..17ba3bcd8 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -454,7 +454,7 @@ class CI_Security { if (preg_match('/<a/i', $str)) { - $str = preg_replace_callback('#<a[^a-z0-9]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); + $str = preg_replace_callback('#<a[^a-z0-9>]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); } if (preg_match('/<img/i', $str)) @@ -581,7 +581,7 @@ class CI_Security { $str_compare = $str; $str = preg_replace('/(�*[0-9a-f]{2,5})(?![0-9a-f;])/iS', '$1;', $str); - $str = preg_replace('/(&#\d{2,4})(?![0-9;])/S', '$1;', $str); + $str = preg_replace('/(�*\d{2,4})(?![0-9;])/S', '$1;', $str); $str = html_entity_decode($str, ENT_COMPAT, $charset); } while ($str_compare !== $str); diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 14e042ee2..d4d6be4b5 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -74,7 +74,7 @@ class Security_test extends CI_TestCase { public function test_xss_clean_entity_double_encoded() { $input = '<a href="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</a>'; - $this->assertEquals('<a 1>Clickhere</a>', $this->security->xss_clean($input)); + $this->assertEquals('<a >Clickhere</a>', $this->security->xss_clean($input)); } // -------------------------------------------------------------------- |