summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Input.php4
-rw-r--r--user_guide/changelog.html1
2 files changed, 3 insertions, 2 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 407990370..e7bf72779 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -656,11 +656,11 @@ class CI_Input {
{
// Images have a tendency to have the PHP short opening and closing tags every so often
// so we skip those and only do the long opening tags.
- $str = str_replace(array('<?php', '<?PHP'), array('&lt;?php', '&lt;?PHP'), $str);
+ $str = preg_replace('/<\?(php)/i', "&lt;?\\1", $str);
}
else
{
- $str = str_replace(array('<?php', '<?PHP', '<?', '?'.'>'), array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
+ $str = str_replace(array('<?', '?'.'>'), array('&lt;?', '?&gt;'), $str);
}
/*
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index d99a52f82..2cd5c68ea 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -99,6 +99,7 @@ SVN Revision: </p>
<li>Fixed a bug to prevent PHP errors when attempting to use sendmail on servers that have manually disabled the PHP popen() function.</li>
<li>Fixed a bug that would cause PHP errors in XML-RPC data if the PHP data type did not match the specified XML-RPC type.</li>
<li>Fixed a bug in the XML-RPC class with parsing dateTime.iso8601 data types.</li>
+ <li>Fixed a case sensitive string replacement in xss_clean()</li>
</ul>
<h2>Version 1.7.1</h2>