summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/Security.php4
-rw-r--r--tests/codeigniter/core/Security_test.php8
2 files changed, 6 insertions, 6 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 8ca66d297..e4bd327b5 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -787,11 +787,11 @@ class CI_Security {
$count = $temp_count = 0;
// replace occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- $str = preg_replace('/<([^>]+((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=047))*[^>]*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count);
+ $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count);
$count += $temp_count;
// find occurrences of illegal attribute strings without quotes
- $str = preg_replace('/<([^>]+((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=047))*[^>]*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', '<$1[removed]', $str, -1, $temp_count);
+ $str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', '<$1[removed]', $str, -1, $temp_count);
$count += $temp_count;
}
while ($count);
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 68b52247e..8e6d276fc 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -147,12 +147,12 @@ class Security_test extends CI_TestCase {
$this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo fscommand=case-insensitive>', FALSE));
$this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo seekSegmentTime=whatever>', FALSE));
$this->assertEquals(
- '<foo bar=">" baz=\'\' [removed]>',
- $this->security->remove_evil_attributes('<foo bar=">" baz=\'\' onAfterGreaterThan="quotes">', FALSE)
+ '<foo bar=">" baz=\'>\' [removed]>',
+ $this->security->remove_evil_attributes('<foo bar=">" baz=\'>\' onAfterGreaterThan="quotes">', FALSE)
);
$this->assertEquals(
- '<foo bar=">" baz=\'\' [removed]>',
- $this->security->remove_evil_attributes('<foo bar=">" baz=\'\' onAfterGreaterThan=noQuotes>', FALSE)
+ '<foo bar=">" baz=\'>\' [removed]>',
+ $this->security->remove_evil_attributes('<foo bar=">" baz=\'>\' onAfterGreaterThan=noQuotes>', FALSE)
);
}