diff options
| author | Derek Jones <derek.jones@ellislab.com> | 2008-07-03 22:50:21 +0200 |
|---|---|---|
| committer | Derek Jones <derek.jones@ellislab.com> | 2008-07-03 22:50:21 +0200 |
| commit | 68d7bd62840b1154a4a6d9b5caa41cbdd73a851a (patch) | |
| tree | 9161fc1e93c096a8ef87a482c721bb049f6d1225 /system | |
| parent | e8e18fe1659c036c5419b674c7992fff24c0ea27 (diff) | |
changed link and image regex to be more precise in matching tags, reducing false positive matches
Diffstat (limited to 'system')
| -rw-r--r-- | system/libraries/Input.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index ac6b864e9..7465021c6 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -680,12 +680,12 @@ class CI_Input { if (preg_match("/<a/i", $str))
{
- $str = preg_replace_callback("#<a\s*([^>]*?)(>|$)#si", array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback("#<a\s+([^>]*?)(>|$)#si", array($this, '_js_link_removal'), $str);
}
if (preg_match("/<img/i", $str))
{
- $str = preg_replace_callback("#<img\s*([^>]*?)(>|$)#si", array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback("#<img\s+([^>]*?)(>|$)#si", array($this, '_js_img_removal'), $str);
}
if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str))
@@ -705,7 +705,7 @@ class CI_Input { * but it's unlikely to be a problem.
*
*/
- $event_handlers = array('[^a-z]on\w*','xmlns');
+ $event_handlers = array('[^a-z_\-]on\w*','xmlns');
if ($is_image === TRUE)
{
|