From 9dee6ec7bf77e15a1227785292e507f1a6126a8f Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Wed, 27 Aug 2008 14:58:12 +0000
Subject: modified regex for image tag sanitization to retain trailing space
 and closing slash to remain valid XHTML

---
 system/libraries/Input.php | 2 +-
 user_guide/changelog.html  | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index ff1dd9b15..dc5b5e5a9 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -685,7 +685,7 @@ class CI_Input {
 	
 			if (preg_match("/<img/i", $str))
 			{
-				$str = preg_replace_callback("#<img\s+([^>]*?)(>|$)#si", array($this, '_js_img_removal'), $str);
+				$str = preg_replace_callback("#<img\s+([^>]*?)(\s?/?>|$)#si", array($this, '_js_img_removal'), $str);
 			}
 	
 			if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str))
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index ee3ff253d..b24b0810a 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -91,13 +91,14 @@ SVN Revision: XXXX</p>
 	</li>
 </ul>
 
-<h3>Bug fixes for 1.6.4</h3>
+<h3>Bug fixes for 1.7.0</h3>
 <ul>
 	<li>Fixed bug in xss_clean() that could remove some desirable tag attributes.</li>
 	<li>Fixed assorted user guide typos or examples (#4840, #4862, #4864, #4899, #4930, #5006, #5071).</li>
 	<li>Fixed an edit from 1.6.3 that made the $robots array in user_agents.php go poof.</li>
 	<li>Fixed a bug in the Email library with quoted-printable encoding improperly encoding space and tab characters.</li>
 	<li>Modified XSS sanitization to no longer add semicolons after &amp;[single letter], such as in M&amp;M's, B&amp;B, etc.</li>
+	<li>Modified XSS sanitization to no longer strip XHTML image tags of closing slashes.</li>
 </ul>
 
 <h2>Version 1.6.3</h2>
-- 
cgit v1.2.3-24-g4f1b