diff options
author | Andrey Andreev <narf@devilix.net> | 2015-09-14 15:06:37 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-09-14 15:06:37 +0200 |
commit | 1e6d4d611d80dc7f20566ecc125354d84deebd1c (patch) | |
tree | 8891f690a863c091130c1a62990fc79c9f834932 /system | |
parent | 392f8da2ebc22efeb1b688a75c49c1a52e12f0f2 (diff) |
Another addition to tag detection patterns in xss_clean()
Diffstat (limited to 'system')
-rw-r--r-- | system/core/Security.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 3142f7da2..9e5e72576 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -493,6 +493,7 @@ class CI_Security { */ $pattern = '#' .'<((/*\s*)([a-z0-9]+)(?=[^a-z0-9])' // tag start and name, followed by a non-tag character + .'[^>a-z0-9]*' // a valid attribute character immediately after the tag would count as a separator // optional attributes .'([\s\042\047/=]+' // non-attribute characters, excluding > (tag close) for obvious reasons .'[^\s\042\047>/=]+' // attribute characters @@ -804,6 +805,7 @@ class CI_Security { $pattern = '#(' // catch everything in the tag preceeding the evil attribute .'<[a-z0-9]+(?=[^>a-z0-9])' // tag start and name, followed by a non-tag character + .'[^>a-z0-9]*' // a valid attribute character immediately after the tag would count as a separator // optional attributes .'([\s\042\047/=]+' // non-attribute characters, excluding > (tag close) for obvious reasons .'[^\s\042\047>/=]+' // attribute characters @@ -821,7 +823,8 @@ class CI_Security { .')' // end evil attribute .'#isS'; - do { + do + { $count = 0; $str = preg_replace($pattern, '$1 [removed]', $str, -1, $count); } |