diff options
| author | Andrey Andreev <narf@devilix.net> | 2017-09-25 18:44:51 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2017-09-25 18:44:51 +0200 |
| commit | e76217041ddcae80f11b50b44a7d409b6722ad40 (patch) | |
| tree | 6f7dd444bfc5b4206a6e07169ad3c05b9b63fa4d /system/core/Security.php | |
| parent | 9c07c3697bab0bf43e10daf59068497dd3a0a9fd (diff) | |
| parent | cf728703b5852591c160cbd9566a0e508dd5759a (diff) | |
Merge branch '3.1-stable'
Diffstat (limited to 'system/core/Security.php')
| -rw-r--r-- | system/core/Security.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 585ed90ec..082ffa96b 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -354,9 +354,9 @@ class CI_Security { // Is the string an array? if (is_array($str)) { - while (list($key) = each($str)) + foreach ($str as $key => &$value) { - $str[$key] = $this->xss_clean($str[$key]); + $str[$key] = $this->xss_clean($value); } return $str; @@ -869,7 +869,7 @@ class CI_Security { // Each iteration filters a single attribute do { - // Strip any non-alpha characters that may preceed an attribute. + // Strip any non-alpha characters that may precede an attribute. // Browsers often parse these incorrectly and that has been a // of numerous XSS issues we've had. $matches['attributes'] = preg_replace('#^[^a-z]+#i', '', $matches['attributes']); |