diff options
| author | Derek Jones <derek.jones@ellislab.com> | 2009-11-05 16:06:31 +0100 |
|---|---|---|
| committer | Derek Jones <derek.jones@ellislab.com> | 2009-11-05 16:06:31 +0100 |
| commit | e24f61a2bb61c2445cb205777f897415e86fc10e (patch) | |
| tree | cd04430eaa0b13b9943a3ab7ab005a2d88267efa | |
| parent | a3f47180e3885fca82599e90c95ce6e5c26072d6 (diff) | |
added hyphens to allowed characters in GET keys and vals in submitted URLs in xss_clean()
| -rw-r--r-- | system/libraries/Input.php | 2 | ||||
| -rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index e7bf72779..98f28262f 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -554,7 +554,7 @@ class CI_Input { // 901119URL5918AMP18930PROTECT8198 - $str = preg_replace('|\&([a-z\_0-9]+)\=([a-z\_0-9]+)|i', $this->xss_hash()."\\1=\\2", $str); + $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str); /* * Validate standard character entities diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 89d779ebf..c8f16fac9 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -83,6 +83,7 @@ SVN Revision: </p> <li>Fixed a bug in the Form Validation library where fields passed as rule parameters were not being translated (#9132)</li> <li>Switched some DIR_WRITE_MODE constant uses to FILE_WRITE_MODE where files and not directories are being operated on.</li> <li>Modified inflector helper to properly pluralize words that end in 'ch' or 'sh'</li> + <li>Fixed a bug in xss_clean() that was not allowing hyphens in query strings of submitted URLs.</li> </ul> <h2>Version 1.7.2</h2> |