diff options
| author | Andrey Andreev <narf@devilix.net> | 2014-08-05 10:46:57 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2014-08-05 10:46:57 +0200 |
| commit | 9b8286cf0320c8d8864ce4a5fc892c06787a9762 (patch) | |
| tree | dd977ae9c16675cc892e91ed3b8bd3122d5cbd2a /system/core/Security.php | |
| parent | 8382157530c57be540492aff686a060b5bff03d8 (diff) | |
Fix #3123
Diffstat (limited to 'system/core/Security.php')
| -rwxr-xr-x | system/core/Security.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 68e345c54..741ff229b 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -370,7 +370,7 @@ class CI_Security { * We only convert entities that are within tags since * these are the ones that will pose security problems. */ - $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); + $str = preg_replace_callback("/[^a-z0-9>]+[a-z0-9]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str); // Remove Invisible Characters Again! |