From 3fa729d7092c814fe14e15d8d51789ce7907f2a8 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 18 Oct 2013 20:57:41 +0300
Subject: Fix issue #2681 (alternative to PR #2690)

---
 system/core/Security.php            | 4 ++--
 user_guide_src/source/changelog.rst | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/system/core/Security.php b/system/core/Security.php
index 6f5f5cb90..5c5c0efb6 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -553,9 +553,9 @@ class CI_Security {
 		{
 			$matches = $matches1 = 0;
 
+			$str = preg_replace('~(&#x0*[0-9a-f]{2,5});?~iS', $str, -1, $matches);
+			$str = preg_replace('~(&#\d{2,4});?~S', $str, -1, $matches1);
 			$str = html_entity_decode($str, ENT_COMPAT, $charset);
-			$str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches);
-			$str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1);
 		}
 		while ($matches OR $matches1);
 
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 8f5cffcb0..b5c00699a 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -618,6 +618,7 @@ Bug fixes for 3.0
 -  Fixed a bug (#2609) - :php:func:`get_config()` optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items.
 -  Fixed a bug in the 'postgre' :doc:`database <database/index>` driver where the connection ID wasn't passed to ``pg_escape_string()``.
 -  Fixed a bug (#33) - Script execution was terminated when an invalid cookie key was encountered.
+-  Fixed a bug (#2681) - `CI_Security::entity_decode()` used the `PREG_REPLACE_EVAL` flag, which is deprecated since PHP 5.5.
 
 Version 2.1.4
 =============
-- 
cgit v1.2.3-24-g4f1b