summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/Security.php4
-rw-r--r--tests/codeigniter/core/Security_test.php2
2 files changed, 3 insertions, 3 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index a4d8c95ef..17ba3bcd8 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -454,7 +454,7 @@ class CI_Security {
if (preg_match('/<a/i', $str))
{
- $str = preg_replace_callback('#<a[^a-z0-9]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback('#<a[^a-z0-9>]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
}
if (preg_match('/<img/i', $str))
@@ -581,7 +581,7 @@ class CI_Security {
$str_compare = $str;
$str = preg_replace('/(&#x0*[0-9a-f]{2,5})(?![0-9a-f;])/iS', '$1;', $str);
- $str = preg_replace('/(&#\d{2,4})(?![0-9;])/S', '$1;', $str);
+ $str = preg_replace('/(&#0*\d{2,4})(?![0-9;])/S', '$1;', $str);
$str = html_entity_decode($str, ENT_COMPAT, $charset);
}
while ($str_compare !== $str);
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 14e042ee2..d4d6be4b5 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -74,7 +74,7 @@ class Security_test extends CI_TestCase {
public function test_xss_clean_entity_double_encoded()
{
$input = '<a href="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38&#35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#49&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49&#38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#38&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere</a>';
- $this->assertEquals('<a 1>Clickhere</a>', $this->security->xss_clean($input));
+ $this->assertEquals('<a >Clickhere</a>', $this->security->xss_clean($input));
}
// --------------------------------------------------------------------