From 5afba5a8c444d608712174665288aa10237e8b27 Mon Sep 17 00:00:00 2001 From: tianhe1986 Date: Sat, 23 Jul 2016 01:02:01 +0800 Subject: Replace url_encoded invisible characters case-insensitively. Signed-off-by: tianhe1986 --- system/core/Common.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Common.php') diff --git a/system/core/Common.php b/system/core/Common.php index b87ce4d62..e0d011db7 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -716,8 +716,8 @@ if ( ! function_exists('remove_invisible_characters')) // carriage return (dec 13) and horizontal tab (dec 09) if ($url_encoded) { - $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15 - $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31 + $non_displayables[] = '/%0[0-8bcef]/i'; // url encoded 00-08, 11, 12, 14, 15 + $non_displayables[] = '/%1[0-9a-f]/i'; // url encoded 16-31 } $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127 -- cgit v1.2.3-24-g4f1b