diff options
Diffstat (limited to 'system/core')
| -rw-r--r--[-rwxr-xr-x] | system/core/Benchmark.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/CodeIgniter.php | 2 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Common.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Config.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Controller.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Exceptions.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Hooks.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Input.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Lang.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Loader.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Model.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Output.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Router.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Security.php | 13 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/URI.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Utf8.php | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/index.html | 0 |
17 files changed, 7 insertions, 8 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index a200727ab..a200727ab 100755..100644 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index c16c79c09..e0819c801 100755..100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,7 +33,7 @@ * @var string * */ - define('CI_VERSION', '2.1.3'); + define('CI_VERSION', '2.1.4'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) diff --git a/system/core/Common.php b/system/core/Common.php index f8d80b957..f8d80b957 100755..100644 --- a/system/core/Common.php +++ b/system/core/Common.php diff --git a/system/core/Config.php b/system/core/Config.php index 5dffbf3f2..5dffbf3f2 100755..100644 --- a/system/core/Config.php +++ b/system/core/Config.php diff --git a/system/core/Controller.php b/system/core/Controller.php index fddb81e19..fddb81e19 100755..100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index 869739a5a..869739a5a 100755..100644 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 33f1c034c..33f1c034c 100755..100644 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php diff --git a/system/core/Input.php b/system/core/Input.php index 0c1f2b08e..0c1f2b08e 100755..100644 --- a/system/core/Input.php +++ b/system/core/Input.php diff --git a/system/core/Lang.php b/system/core/Lang.php index 5ac671838..5ac671838 100755..100644 --- a/system/core/Lang.php +++ b/system/core/Lang.php diff --git a/system/core/Loader.php b/system/core/Loader.php index 6b7ee0c28..6b7ee0c28 100755..100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php diff --git a/system/core/Model.php b/system/core/Model.php index e15ffbebc..e15ffbebc 100755..100644 --- a/system/core/Model.php +++ b/system/core/Model.php diff --git a/system/core/Output.php b/system/core/Output.php index ccecafd2b..ccecafd2b 100755..100644 --- a/system/core/Output.php +++ b/system/core/Output.php diff --git a/system/core/Router.php b/system/core/Router.php index 6da667472..6da667472 100755..100644 --- a/system/core/Router.php +++ b/system/core/Router.php diff --git a/system/core/Security.php b/system/core/Security.php index 00089d765..b0d39b981 100755..100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -619,17 +619,16 @@ class CI_Security { $count = 0; $attribs = array(); - // find occurrences of illegal attribute strings without quotes - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { - $attribs[] = preg_quote($attr[0], '/'); } - // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER); + // find occurrences of illegal attribute strings without quotes + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -639,7 +638,7 @@ class CI_Security { // replace illegal attribute strings that are inside an html tag if (count($attribs) > 0) { - $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count); + $str = preg_replace('/(<?)(\/?[^><]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><]?)([><]*)/i', '$1$2 $4$6$7$8', $str, -1, $count); } } while ($count); @@ -873,4 +872,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */
\ No newline at end of file +/* Location: ./system/libraries/Security.php */ diff --git a/system/core/URI.php b/system/core/URI.php index d3c25070e..d3c25070e 100755..100644 --- a/system/core/URI.php +++ b/system/core/URI.php diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 2a27d1f35..2a27d1f35 100755..100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php diff --git a/system/core/index.html b/system/core/index.html index c942a79ce..c942a79ce 100755..100644 --- a/system/core/index.html +++ b/system/core/index.html |