diff options
| author | brian978 <dbrian89@yahoo.com> | 2012-12-11 19:24:12 +0100 |
|---|---|---|
| committer | brian978 <dbrian89@yahoo.com> | 2012-12-11 19:24:12 +0100 |
| commit | 07ccbe59cf9d78d944551f810a14064e979840a3 (patch) | |
| tree | d1c0bde23546b1d50298a4a5defe2c4e6ffedea5 /system/core | |
| parent | 6caeaada6e4a1acc88c230e47f36ebcf8f0182ac (diff) | |
Modified regexp to match partial tags
Diffstat (limited to 'system/core')
| -rw-r--r-- | system/core/Security.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index c179c46ff..70e9e973c 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -329,7 +329,7 @@ class CI_Security { * these are the ones that will pose security problems. */ $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); - $str = preg_replace_callback('/<\w+.*?=.*?>/si', array($this, '_decode_entity'), $str); + $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str); // Remove Invisible Characters Again! $str = remove_invisible_characters($str); @@ -529,7 +529,7 @@ class CI_Security { do { $matches = $matches1 = 0; - + $str = html_entity_decode($str, ENT_COMPAT, $charset); $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches); $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1); |