diff options
author | David Cox Jr <DaveMC08@gmail.com> | 2013-10-03 22:56:04 +0200 |
---|---|---|
committer | David Cox Jr <DaveMC08@gmail.com> | 2013-10-03 22:56:04 +0200 |
commit | 46e77e0d28cf6c057484df022a012e85de2f79b6 (patch) | |
tree | 6f2fffa81c314fa5b391459588db979d9f25a17b /system/core | |
parent | 6eb6e8a12f477b9e10de9b907310f53a17d63358 (diff) |
partial fix #2667
this fixes the ability to replace a space with a /
and skip the XSS filtering
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Security.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 70cf3e013..368e17dc3 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -603,7 +603,7 @@ class CI_Security { */ public function strip_image_tags($str) { - return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + return preg_replace(array('#<img[\s/]+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img[\s/]+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); } // ---------------------------------------------------------------- |