summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-09-10 15:36:22 +0200
committerAndrey Andreev <narf@devilix.net>2015-09-10 15:36:22 +0200
commitabc6006884658acb4e2302460f87e2f89a5a7e80 (patch)
tree8e2e610d6be363c4dbf79286533441af15ab7716 /system/core/Security.php
parent72ebac4eed3f5de650a26ffbc34fc0aaaa49c7d4 (diff)
Diffstat (limited to 'system/core/Security.php')
-rw-r--r--system/core/Security.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 8ca66d297..e4bd327b5 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -787,11 +787,11 @@ class CI_Security {
$count = $temp_count = 0;
// replace occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- $str = preg_replace('/<([^>]+((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=047))*[^>]*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count);
+ $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count);
$count += $temp_count;
// find occurrences of illegal attribute strings without quotes
- $str = preg_replace('/<([^>]+((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=047))*[^>]*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', '<$1[removed]', $str, -1, $temp_count);
+ $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', '<$1[removed]', $str, -1, $temp_count);
$count += $temp_count;
}
while ($count);