summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/Security.php4
-rw-r--r--user_guide_src/source/changelog.rst1
2 files changed, 3 insertions, 2 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 6f5f5cb90..5c5c0efb6 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -553,9 +553,9 @@ class CI_Security {
{
$matches = $matches1 = 0;
+ $str = preg_replace('~(&#x0*[0-9a-f]{2,5});?~iS', $str, -1, $matches);
+ $str = preg_replace('~(&#\d{2,4});?~S', $str, -1, $matches1);
$str = html_entity_decode($str, ENT_COMPAT, $charset);
- $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches);
- $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1);
}
while ($matches OR $matches1);
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 8f5cffcb0..b5c00699a 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -618,6 +618,7 @@ Bug fixes for 3.0
- Fixed a bug (#2609) - :php:func:`get_config()` optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items.
- Fixed a bug in the 'postgre' :doc:`database <database/index>` driver where the connection ID wasn't passed to ``pg_escape_string()``.
- Fixed a bug (#33) - Script execution was terminated when an invalid cookie key was encountered.
+- Fixed a bug (#2681) - `CI_Security::entity_decode()` used the `PREG_REPLACE_EVAL` flag, which is deprecated since PHP 5.5.
Version 2.1.4
=============