diff options
author | Andrey Andreev <narf@devilix.net> | 2015-09-15 16:07:40 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-09-15 16:07:40 +0200 |
commit | e079203e20506397104c2caed28395ebfa8cfc70 (patch) | |
tree | 4dff455bee003ac69b697925fa4222f98566f92c /system/core | |
parent | 1e6d4d611d80dc7f20566ecc125354d84deebd1c (diff) |
Missing character in the evil attributes pattern
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Security.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 9e5e72576..4b42ed448 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -819,7 +819,7 @@ class CI_Security { .'([\s\042\047/=]+' // non-attribute characters (we'll replace that with a single space), again excluding '>' .'('.implode('|', $evil_attributes).')' .'\s*=\s*' // attribute-value separator - .'(\042[^042]+\042|\047[^047]+\047|[^\s\042\047=><`]+)' // attribute value; single, double or non-quotes + .'(\042[^\042]+\042|\047[^\047]+\047|[^\s\042\047=><`]+)' // attribute value; single, double or non-quotes .')' // end evil attribute .'#isS'; |