summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorbrian978 <dbrian89@yahoo.com>2012-12-08 22:22:26 +0100
committerbrian978 <dbrian89@yahoo.com>2012-12-08 22:22:26 +0100
commitf50fc73cf63136b720c2bd247175f236d5b27eaa (patch)
treef7ecd946cdf2c4f66997d1f0677061a34afc6d0e /system
parent9a214e1b31cd2ff2433f8ed8df8585537d358ac7 (diff)
All the HEX code must be replaced or else some XSS attacks can be successful
Diffstat (limited to 'system')
-rw-r--r--system/core/Security.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 4f2185db5..220188edc 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -526,9 +526,17 @@ class CI_Security {
$charset = config_item('charset');
}
- $str = html_entity_decode($str, ENT_COMPAT, $charset);
- $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str);
- return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str);
+ do
+ {
+ $matches = $matches1 = 0;
+
+ $str = html_entity_decode($str, ENT_COMPAT, $charset);
+ $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches);
+ $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1);
+ }
+ while($matches || $matches1);
+
+ return $str;
}
// --------------------------------------------------------------------