summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
authorDavid Cox Jr <DaveMC08@gmail.com>2013-10-03 22:56:04 +0200
committerDavid Cox Jr <DaveMC08@gmail.com>2013-10-03 22:56:04 +0200
commit46e77e0d28cf6c057484df022a012e85de2f79b6 (patch)
tree6f2fffa81c314fa5b391459588db979d9f25a17b /system/core/Security.php
parent6eb6e8a12f477b9e10de9b907310f53a17d63358 (diff)
partial fix #2667
this fixes the ability to replace a space with a / and skip the XSS filtering
Diffstat (limited to 'system/core/Security.php')
-rw-r--r--system/core/Security.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 70cf3e013..368e17dc3 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -603,7 +603,7 @@ class CI_Security {
*/
public function strip_image_tags($str)
{
- return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ return preg_replace(array('#<img[\s/]+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img[\s/]+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
}
// ----------------------------------------------------------------