summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/core/Security.php')
-rwxr-xr-xsystem/core/Security.php16
1 files changed, 9 insertions, 7 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 1cb0a1136..f953011eb 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -102,9 +102,11 @@ class CI_Security {
'Redirect\s+302',
"([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
);
-
+
/**
* Initialize security class
+ *
+ * @return void
*/
public function __construct()
{
@@ -201,11 +203,11 @@ class CI_Security {
}
setcookie(
- $this->_csrf_cookie_name,
- $this->_csrf_hash,
- $expire,
- config_item('cookie_path'),
- config_item('cookie_domain'),
+ $this->_csrf_cookie_name,
+ $this->_csrf_hash,
+ $expire,
+ config_item('cookie_path'),
+ config_item('cookie_domain'),
$secure_cookie,
config_item('cookie_httponly')
);
@@ -626,7 +628,7 @@ class CI_Security {
// replace illegal attribute strings that are inside an html tag
if (count($attribs) > 0)
{
- $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count);
+ $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><])([><]*)/i', '<$1 $3$5$6$7', $str, -1, $count);
}
} while ($count);