From ebb3aa0edde1efd4829a3ad8dbe0eeac970794cb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 18 Mar 2014 19:18:19 +0200 Subject: Another xss_clean() improvement Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37958136 --- system/core/Security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Security.php') diff --git a/system/core/Security.php b/system/core/Security.php index 1dfea18f8..a4d8c95ef 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -454,12 +454,12 @@ class CI_Security { if (preg_match('/]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); + $str = preg_replace_callback('#]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); } if (preg_match('/]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str); + $str = preg_replace_callback('#]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str); } if (preg_match('/script|xss/i', $str)) -- cgit v1.2.3-24-g4f1b