diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-07-01 01:27:31 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-07-01 01:27:31 +0200 |
commit | e8e18fe1659c036c5419b674c7992fff24c0ea27 (patch) | |
tree | b7b5f59c350a1f921bedf43aa203b67606c7e18a | |
parent | 4759d1b7711ca1ba1d30b990bf909c5d822bca58 (diff) |
Changed regex for onfoo event handlers to prevent unwanted matching of text such as locatiON, cONtent, etc.
-rw-r--r-- | system/libraries/Input.php | 8 | ||||
-rw-r--r-- | user_guide/changelog.html | 2 |
2 files changed, 5 insertions, 5 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 4d2e9e298..ac6b864e9 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -705,7 +705,7 @@ class CI_Input { * but it's unlikely to be a problem.
*
*/
- $event_handlers = array('on\w*','xmlns');
+ $event_handlers = array('[^a-z]on\w*','xmlns');
if ($is_image === TRUE)
{
@@ -715,9 +715,9 @@ class CI_Input { */
unset($event_handlers[array_search('xmlns', $event_handlers)]);
}
-
- $str = preg_replace("#<([^><]+)(".implode('|', $event_handlers).")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
-
+
+ $str = preg_replace("#<([^><]+?)(".implode('|', $event_handlers).")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
+
/*
* Sanitize naughty HTML elements
*
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 3e83cca16..076691158 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -77,7 +77,7 @@ SVN Revision: XXXX</p> <h3>Bug fixes for 1.6.4</h3>
<ul>
- <li>No bug fixes yet</li>
+ <li>Fixed bug in xss_clean() that could remove some desirable tag attributes.</li>
</ul>
<h2>Version 1.6.3</h2>
|