diff options
| -rw-r--r-- | system/core/Security.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 75c994ae1..beb7f56e0 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -359,7 +359,11 @@ class CI_Security { * * Note: Use rawurldecode() so it does not remove plus signs */ - $str = rawurldecode($str); + do + { + $str = rawurldecode($str); + } + while (preg_match('/%[0-9a-f]{2,}/i', $str)); /* * Convert character entities to ASCII |