diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-08-15 00:13:05 +0200 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-08-15 00:13:05 +0200 |
commit | cbde3f032de0f02fb28a5502a32c30626119716e (patch) | |
tree | 5cf606e4f488fefef7c6f668ab9915144fc3e6e6 | |
parent | 5f725870198dfa765ff455f212be97684a8f8cfb (diff) |
changed entity standardization to require at least two characters after an ampersand before forcing a semi-colon
-rw-r--r-- | system/libraries/Input.php | 2 | ||||
-rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 24c6c1967..ff1dd9b15 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -547,7 +547,7 @@ class CI_Input { * the conversion of entities to ASCII later.
*
*/
- $str = preg_replace('#(&\#?[0-9a-z]+)[\x00-\x20]*;?#i', "\\1;", $str);
+ $str = preg_replace('#(&\#?[0-9a-z]{2,})[\x00-\x20]*;?#i', "\\1;", $str);
/*
* Validate UTF16 two byte encoding (x00)
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index d317bbf81..b729c6a99 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -86,6 +86,7 @@ SVN Revision: XXXX</p> <li>Fixed assorted user guide typos or examples (#4840, #4862, #4864, #4899, #4930, #5006).</li>
<li>Fixed an edit from 1.6.3 that made the $robots array in user_agents.php go poof.</li>
<li>Fixed a bug in the Email library with quoted-printable encoding improperly encoding space and tab characters.</li>
+ <li>Modified XSS sanitization to no longer add semicolons after &[single letter], such as in M&M's, B&B, etc.</li>
</ul>
<h2>Version 1.6.3</h2>
|