summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-09-14 15:06:37 +0200
committerAndrey Andreev <narf@devilix.net>2015-09-14 15:06:37 +0200
commit1e6d4d611d80dc7f20566ecc125354d84deebd1c (patch)
tree8891f690a863c091130c1a62990fc79c9f834932 /system
parent392f8da2ebc22efeb1b688a75c49c1a52e12f0f2 (diff)
Another addition to tag detection patterns in xss_clean()
Diffstat (limited to 'system')
-rw-r--r--system/core/Security.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 3142f7da2..9e5e72576 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -493,6 +493,7 @@ class CI_Security {
*/
$pattern = '#'
.'<((/*\s*)([a-z0-9]+)(?=[^a-z0-9])' // tag start and name, followed by a non-tag character
+ .'[^>a-z0-9]*' // a valid attribute character immediately after the tag would count as a separator
// optional attributes
.'([\s\042\047/=]+' // non-attribute characters, excluding > (tag close) for obvious reasons
.'[^\s\042\047>/=]+' // attribute characters
@@ -804,6 +805,7 @@ class CI_Security {
$pattern = '#(' // catch everything in the tag preceeding the evil attribute
.'<[a-z0-9]+(?=[^>a-z0-9])' // tag start and name, followed by a non-tag character
+ .'[^>a-z0-9]*' // a valid attribute character immediately after the tag would count as a separator
// optional attributes
.'([\s\042\047/=]+' // non-attribute characters, excluding > (tag close) for obvious reasons
.'[^\s\042\047>/=]+' // attribute characters
@@ -821,7 +823,8 @@ class CI_Security {
.')' // end evil attribute
.'#isS';
- do {
+ do
+ {
$count = 0;
$str = preg_replace($pattern, '$1 [removed]', $str, -1, $count);
}