diff options
| -rw-r--r-- | system/libraries/Input.php | 2 | ||||
| -rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 24c6c1967..ff1dd9b15 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -547,7 +547,7 @@ class CI_Input { * the conversion of entities to ASCII later.
*
*/
- $str = preg_replace('#(&\#?[0-9a-z]+)[\x00-\x20]*;?#i', "\\1;", $str);
+ $str = preg_replace('#(&\#?[0-9a-z]{2,})[\x00-\x20]*;?#i', "\\1;", $str);
/*
* Validate UTF16 two byte encoding (x00)
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index d317bbf81..b729c6a99 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -86,6 +86,7 @@ SVN Revision: XXXX</p> <li>Fixed assorted user guide typos or examples (#4840, #4862, #4864, #4899, #4930, #5006).</li>
<li>Fixed an edit from 1.6.3 that made the $robots array in user_agents.php go poof.</li>
<li>Fixed a bug in the Email library with quoted-printable encoding improperly encoding space and tab characters.</li>
+ <li>Modified XSS sanitization to no longer add semicolons after &[single letter], such as in M&M's, B&B, etc.</li>
</ul>
<h2>Version 1.6.3</h2>
|