From e24f61a2bb61c2445cb205777f897415e86fc10e Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Thu, 5 Nov 2009 15:06:31 +0000
Subject: added hyphens to allowed characters in GET keys and vals in submitted
 URLs in xss_clean()

---
 system/libraries/Input.php | 2 +-
 user_guide/changelog.html  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index e7bf72779..98f28262f 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -554,7 +554,7 @@ class CI_Input {
 
 		// 901119URL5918AMP18930PROTECT8198
 
-		$str = preg_replace('|\&([a-z\_0-9]+)\=([a-z\_0-9]+)|i', $this->xss_hash()."\\1=\\2", $str);
+		$str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str);
 
 		/*
 		* Validate standard character entities
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 89d779ebf..c8f16fac9 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -83,6 +83,7 @@ SVN Revision: </p>
 	<li>Fixed a bug in the Form Validation library where fields passed as rule parameters were not being translated (#9132)</li>
 	<li>Switched some DIR_WRITE_MODE constant uses to FILE_WRITE_MODE where files and not directories are being operated on.</li>
 	<li>Modified inflector helper to properly pluralize words that end in 'ch' or 'sh'</li>
+	<li>Fixed a bug in xss_clean() that was not allowing hyphens in query strings of submitted URLs.</li>
 </ul>
 
 <h2>Version 1.7.2</h2>
-- 
cgit v1.2.3-24-g4f1b