Added protection in xss_clean() for GET variables in URLs

http://codeigniter.com/bug_tracker/bug/4167/

1 files changed, 2 insertions, 0 deletions

diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index de579f1ac..c7e48d855 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -109,6 +109,7 @@ SVN Commit: not currently released</p>
 	<li>Other

 		Changes

 		<ul>

+			<li>Added ability for <a href="libraries/input.html">xss_clean()</a> to accept arrays.</li>

 			<li>Removed closing PHP tags from all PHP files to avoid accidental output and potential 'cannot modify headers' errors.</li>

 			<li>Added a <a href="general/reserved_names.html">Reserved Names</a> page to the userguide, and migrated reserved controller names into it.</li>

 			<li>Added a <a href="general/common_functions.html">Common Functions</a> page to the userguide for globally available functions.</li>

@@ -128,6 +129,7 @@ SVN Commit: not currently released</p>
 	<li>Fixed an AR_caching error where it wasn't tracking table aliases (#3463).</li>

 	<li>Fixed a bug in AR compiling, where select statements with arguments got incorrectly escaped (#3478).</li>

 	<li>Fixed an AR bug with or_where_not_in() (#4171).</li>

+	<li>Fixed a bug with <a href="libraries/input.html">xss_clean()</a> that would add semicolons to GET URI variable strings.</li>

 	<li>Fixed a bug in the FTP library where delete_dir() was not working recursively (#4215).</li>

 	<li>Fixed a Validation bug when set_rules() is used with a non-array field name and rule (#4220).</li>

 	<li>Fixed a bug in the Upload library that might output the same error twice (#4390).</li>