diff options
| -rw-r--r-- | system/core/Security.php | 2 | ||||
| -rw-r--r-- | tests/codeigniter/core/Security_test.php | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index e4bd327b5..1bc228a11 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -787,7 +787,7 @@ class CI_Security { $count = $temp_count = 0; // replace occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count); + $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\5]*?)(\\5)/is', '<$1[removed]', $str, -1, $temp_count); $count += $temp_count; // find occurrences of illegal attribute strings without quotes diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 8e6d276fc..1958526ee 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -154,6 +154,11 @@ class Security_test extends CI_TestCase { '<foo bar=">" baz=\'>\' [removed]>', $this->security->remove_evil_attributes('<foo bar=">" baz=\'>\' onAfterGreaterThan=noQuotes>', FALSE) ); + + $this->assertEquals( + '<img src="x" [removed]> on=<svg> onerror=alert(1)>', + $this->security->remove_evil_attributes('<img src="x" on=""> on=<svg> onerror=alert(1)>', FALSE) + ); } // -------------------------------------------------------------------- |