summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-01-25 21:55:21 +0100
committerAndrey Andreev <narf@devilix.net>2014-01-25 21:55:21 +0100
commitdbd999f33374f6541f167e3d77a3e80a991b301a (patch)
tree8a79a4fa32e8c863a1cb46f763b6107fbe9e6b97 /system/core
parentb69103e8ab0c646d01f5e97ef6a255293de1e60e (diff)
Previous commit caused side effects ...
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Security.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 15cb37620..8acab01fc 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -683,7 +683,7 @@ class CI_Security {
$attribs = array();
// find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- preg_match_all('/\W('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
+ preg_match_all('/(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
@@ -691,7 +691,7 @@ class CI_Security {
}
// find occurrences of illegal attribute strings without quotes
- preg_match_all('/\W('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
+ preg_match_all('/(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{