summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/Security.php2
-rw-r--r--tests/codeigniter/core/Security_test.php5
2 files changed, 6 insertions, 1 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index e4bd327b5..1bc228a11 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -787,7 +787,7 @@ class CI_Security {
$count = $temp_count = 0;
// replace occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count);
+ $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\5]*?)(\\5)/is', '<$1[removed]', $str, -1, $temp_count);
$count += $temp_count;
// find occurrences of illegal attribute strings without quotes
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 8e6d276fc..1958526ee 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -154,6 +154,11 @@ class Security_test extends CI_TestCase {
'<foo bar=">" baz=\'>\' [removed]>',
$this->security->remove_evil_attributes('<foo bar=">" baz=\'>\' onAfterGreaterThan=noQuotes>', FALSE)
);
+
+ $this->assertEquals(
+ '<img src="x" [removed]> on=<svg> onerror=alert(1)>',
+ $this->security->remove_evil_attributes('<img src="x" on=""> on=<svg> onerror=alert(1)>', FALSE)
+ );
}
// --------------------------------------------------------------------