diff options
-rw-r--r-- | system/libraries/Input.php | 4 | ||||
-rw-r--r-- | user_guide/changelog.html | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/system/libraries/Input.php b/system/libraries/Input.php index 7465021c6..24c6c1967 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -828,8 +828,10 @@ class CI_Input { if ( ! isset($non_displayables))
{
- // every control character except newline (10), carriage return (13), and horizontal tab (09),
+ // every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09),
$non_displayables = array(
+ '/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
+ '/%1[0-9a-f]/', // url encoded 16-31
'/[\x00-\x08]/', // 00-08
'/\x0b/', '/\x0c/', // 11, 12
'/[\x0e-\x1f]/' // 14-31
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 076691158..de8504c04 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -70,7 +70,7 @@ SVN Revision: XXXX</p> </li>
<li>Other changes
<ul>
- <li>Improved performance and accuracy of xss_clean() (no changes to security)</li>
+ <li>Improved performance and accuracy of xss_clean(), including reduction of false positives on image/file tests.</li>
</ul>
</li>
</ul>
|