summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-09-15 16:07:40 +0200
committerAndrey Andreev <narf@devilix.net>2015-09-15 16:07:40 +0200
commite079203e20506397104c2caed28395ebfa8cfc70 (patch)
tree4dff455bee003ac69b697925fa4222f98566f92c /system/core
parent1e6d4d611d80dc7f20566ecc125354d84deebd1c (diff)
Missing character in the evil attributes pattern
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Security.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 9e5e72576..4b42ed448 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -819,7 +819,7 @@ class CI_Security {
.'([\s\042\047/=]+' // non-attribute characters (we'll replace that with a single space), again excluding '>'
.'('.implode('|', $evil_attributes).')'
.'\s*=\s*' // attribute-value separator
- .'(\042[^042]+\042|\047[^047]+\047|[^\s\042\047=><`]+)' // attribute value; single, double or non-quotes
+ .'(\042[^\042]+\042|\047[^\047]+\047|[^\s\042\047=><`]+)' // attribute value; single, double or non-quotes
.')' // end evil attribute
.'#isS';