summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
authorbrian978 <dbrian89@yahoo.com>2012-12-11 19:24:12 +0100
committerbrian978 <dbrian89@yahoo.com>2012-12-11 19:24:12 +0100
commit07ccbe59cf9d78d944551f810a14064e979840a3 (patch)
treed1c0bde23546b1d50298a4a5defe2c4e6ffedea5 /system/core/Security.php
parent6caeaada6e4a1acc88c230e47f36ebcf8f0182ac (diff)
Modified regexp to match partial tags
Diffstat (limited to 'system/core/Security.php')
-rw-r--r--system/core/Security.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index c179c46ff..70e9e973c 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -329,7 +329,7 @@ class CI_Security {
* these are the ones that will pose security problems.
*/
$str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str);
- $str = preg_replace_callback('/<\w+.*?=.*?>/si', array($this, '_decode_entity'), $str);
+ $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str);
// Remove Invisible Characters Again!
$str = remove_invisible_characters($str);
@@ -529,7 +529,7 @@ class CI_Security {
do
{
$matches = $matches1 = 0;
-
+
$str = html_entity_decode($str, ENT_COMPAT, $charset);
$str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches);
$str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1);