diff options
| author | Andrey Andreev <narf@devilix.net> | 2015-09-10 17:00:57 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2015-09-10 17:00:57 +0200 |
| commit | 12023a79b0c3b45f68cce0357e3009c5884da663 (patch) | |
| tree | 128cd868cbcdb318438d4ede40e9b63eb8f2061a /system/core | |
| parent | abc6006884658acb4e2302460f87e2f89a5a7e80 (diff) | |
Last commit didn't adjust a RE index
Diffstat (limited to 'system/core')
| -rw-r--r-- | system/core/Security.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index e4bd327b5..1bc228a11 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -787,7 +787,7 @@ class CI_Security { $count = $temp_count = 0; // replace occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count); + $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\5]*?)(\\5)/is', '<$1[removed]', $str, -1, $temp_count); $count += $temp_count; // find occurrences of illegal attribute strings without quotes |