summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-05-06 22:58:07 +0200
committerAndrey Andreev <narf@devilix.net>2014-05-06 22:58:07 +0200
commitc580968c38ef9246e6da48ad08be733f38759eca (patch)
treee06c394402a625750b332555165d1e081c026c2d /system/core/Security.php
parent4e4f2f596700e6892b31b8b6ce987b2511a3cd98 (diff)
parent945784173ea4dba58da528bebc53b3a24b82928f (diff)
Merge pull request #3037 from DevelopmentDocumentopia/xss_clean_patch
xss_clean is not protecting GET requests that &item=/startwithslash
Diffstat (limited to 'system/core/Security.php')
-rwxr-xr-x[-rw-r--r--]system/core/Security.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 17ba3bcd8..c9258b063 100644..100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -862,7 +862,7 @@ class CI_Security {
*/
// 901119URL5918AMP18930PROTECT8198
- $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash().'\\1=\\2', $str);
+ $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-/]+)|i', $this->xss_hash().'\\1=\\2', $str);
/*
* Validate standard character entities