From e8e18fe1659c036c5419b674c7992fff24c0ea27 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Mon, 30 Jun 2008 23:27:31 +0000
Subject: Changed regex for onfoo event handlers to prevent unwanted matching
 of text such as locatiON, cONtent, etc.

---
 system/libraries/Input.php | 8 ++++----
 user_guide/changelog.html  | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 4d2e9e298..ac6b864e9 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -705,7 +705,7 @@ class CI_Input {
 		 * but it's unlikely to be a problem.
 		 *
 		 */
-		$event_handlers = array('on\w*','xmlns');
+		$event_handlers = array('[^a-z]on\w*','xmlns');
 
 		if ($is_image === TRUE)
 		{
@@ -715,9 +715,9 @@ class CI_Input {
 			 */
 			unset($event_handlers[array_search('xmlns', $event_handlers)]);
 		}
-		
-		$str = preg_replace("#<([^><]+)(".implode('|', $event_handlers).")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
-		
+
+		$str = preg_replace("#<([^><]+?)(".implode('|', $event_handlers).")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
+
 		/*
 		 * Sanitize naughty HTML elements
 		 *
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 3e83cca16..076691158 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -77,7 +77,7 @@ SVN Revision: XXXX</p>
 
 <h3>Bug fixes for 1.6.4</h3>
 <ul>
-	<li>No bug fixes yet</li>
+	<li>Fixed bug in xss_clean() that could remove some desirable tag attributes.</li>
 </ul>
 
 <h2>Version 1.6.3</h2>
-- 
cgit v1.2.3-24-g4f1b