diff options
| author | brian978 <dbrian89@yahoo.com> | 2012-12-08 22:27:42 +0100 |
|---|---|---|
| committer | brian978 <dbrian89@yahoo.com> | 2012-12-08 22:27:42 +0100 |
| commit | d56eb54f0f7a058d9e1b253f8fb900680d6813e0 (patch) | |
| tree | 9a6977035670a2ad98fb48f6d8eafe0c6161fa9a | |
| parent | 160c7d16c4e0c92c030c0a41d1223f916a82089d (diff) | |
All the HEX code must be replaced or else some XSS attacks can be successful
| -rw-r--r-- | system/core/Security.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 4f2185db5..220188edc 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -526,9 +526,17 @@ class CI_Security { $charset = config_item('charset'); } - $str = html_entity_decode($str, ENT_COMPAT, $charset); - $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); - return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); + do + { + $matches = $matches1 = 0; + + $str = html_entity_decode($str, ENT_COMPAT, $charset); + $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches); + $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1); + } + while($matches || $matches1); + + return $str; } // -------------------------------------------------------------------- |