From 36bd3413be0807fe358d87856b3a2f42047764fd Mon Sep 17 00:00:00 2001
From: Kevin Morssink <contact@kevinmorssink.nl>
Date: Tue, 4 Aug 2015 19:05:46 +0200
Subject: Fix ReDoS-bug in string_helper.php

Fix for ReDoS (Regular Expression Denial of Service) / Code Injection
Risk
---
 system/helpers/string_helper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/helpers/string_helper.php')

diff --git a/system/helpers/string_helper.php b/system/helpers/string_helper.php
index 5860e15fb..28e6ab15f 100644
--- a/system/helpers/string_helper.php
+++ b/system/helpers/string_helper.php
@@ -253,7 +253,7 @@ if ( ! function_exists('increment_string'))
 	 */
 	function increment_string($str, $separator = '_', $first = 1)
 	{
-		preg_match('/(.+)'.$separator.'([0-9]+)$/', $str, $match);
+		preg_match('/(.+)' . preg_quote($separator) . '([0-9]+)$/', $str, $match);
 		return isset($match[2]) ? $match[1].$separator.($match[2] + 1) : $str.$separator.$first;
 	}
 }
-- 
cgit v1.2.3-24-g4f1b