diff options
| author | brian978 <dbrian89@yahoo.com> | 2012-12-10 12:05:06 +0100 |
|---|---|---|
| committer | brian978 <dbrian89@yahoo.com> | 2012-12-10 12:05:06 +0100 |
| commit | 0a83fcc748ef29e644bf9e8cac4d7dd9a7408d5f (patch) | |
| tree | 3116c48a385037159abb176b95153104588cd0d9 /system/core | |
| parent | f50fc73cf63136b720c2bd247175f236d5b27eaa (diff) | |
Fixed bug with regexp that matched tags
Diffstat (limited to 'system/core')
| -rw-r--r-- | system/core/Security.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 220188edc..635f9ff31 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -329,7 +329,7 @@ class CI_Security { * these are the ones that will pose security problems. */ $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); - $str = preg_replace_callback('/<\w+.*?(?=>|<|$)/si', array($this, '_decode_entity'), $str); + $str = preg_replace_callback('/<\w+.*?=.*?>\b/si', array($this, '_decode_entity'), $str); // Remove Invisible Characters Again! $str = remove_invisible_characters($str); |