summaryrefslogtreecommitdiffstats
path: root/system/libraries
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2008-07-03 22:50:21 +0200
committerDerek Jones <derek.jones@ellislab.com>2008-07-03 22:50:21 +0200
commit68d7bd62840b1154a4a6d9b5caa41cbdd73a851a (patch)
tree9161fc1e93c096a8ef87a482c721bb049f6d1225 /system/libraries
parente8e18fe1659c036c5419b674c7992fff24c0ea27 (diff)
changed link and image regex to be more precise in matching tags, reducing false positive matches
Diffstat (limited to 'system/libraries')
-rw-r--r--system/libraries/Input.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index ac6b864e9..7465021c6 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -680,12 +680,12 @@ class CI_Input {
if (preg_match("/<a/i", $str))
{
- $str = preg_replace_callback("#<a\s*([^>]*?)(>|$)#si", array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback("#<a\s+([^>]*?)(>|$)#si", array($this, '_js_link_removal'), $str);
}
if (preg_match("/<img/i", $str))
{
- $str = preg_replace_callback("#<img\s*([^>]*?)(>|$)#si", array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback("#<img\s+([^>]*?)(>|$)#si", array($this, '_js_img_removal'), $str);
}
if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str))
@@ -705,7 +705,7 @@ class CI_Input {
* but it's unlikely to be a problem.
*
*/
- $event_handlers = array('[^a-z]on\w*','xmlns');
+ $event_handlers = array('[^a-z_\-]on\w*','xmlns');
if ($is_image === TRUE)
{