From f1bd6fa78a3235ade2365a43bb5124ff72807c96 Mon Sep 17 00:00:00 2001
From: Pascal Kriete <pascal.kriete@ellislab.com>
Date: Tue, 5 Apr 2011 15:04:28 -0400
Subject: Fixed a bug in the Javascript Library where improperly escaped
 characters could result in arbitrary javascript execution.

---
 system/libraries/Javascript.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries/Javascript.php')

diff --git a/system/libraries/Javascript.php b/system/libraries/Javascript.php
index 167859abd..34e0d7001 100644
--- a/system/libraries/Javascript.php
+++ b/system/libraries/Javascript.php
@@ -855,7 +855,7 @@ class CI_Javascript {
 		}
 		elseif (is_string($result) OR $is_key)
 		{
-			return '"'.str_replace(array('\\', "\t", "\n", "\r", '"'), array('\\\\', '\\t', '\\n', "\\r", '\"'), $result).'"';
+			return '"'.str_replace(array('\\', "\t", "\n", "\r", '"', '/'), array('\\\\', '\\t', '\\n', "\\r", '\"', '\/'), $result).'"';			
 		}
 		elseif (is_scalar($result))
 		{
-- 
cgit v1.2.3-24-g4f1b


From 114ab0988e20ac6be39ad363ff897a1a3b85e565 Mon Sep 17 00:00:00 2001
From: Razican <devnull@localhost>
Date: Mon, 25 Apr 2011 17:26:45 +0200
Subject: Fixed double-space typo.

---
 system/libraries/Javascript.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'system/libraries/Javascript.php')

diff --git a/system/libraries/Javascript.php b/system/libraries/Javascript.php
index 34e0d7001..9e42a4385 100644
--- a/system/libraries/Javascript.php
+++ b/system/libraries/Javascript.php
@@ -1,4 +1,4 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
@@ -49,10 +49,10 @@ class CI_Javascript {
 		// make js to refer to current library
 		$this->js =& $this->CI->$js_library_driver;
 
-		log_message('debug', "Javascript Class Initialized and loaded.  Driver used: $js_library_driver");
+		log_message('debug', "Javascript Class Initialized and loaded. Driver used: $js_library_driver");
 	}
 
-	// --------------------------------------------------------------------	
+	// --------------------------------------------------------------------
 	// Event Code
 	// --------------------------------------------------------------------
 
@@ -378,7 +378,7 @@ class CI_Javascript {
 		return $this->js->_unload($element, $js);
 	}
 
-	// --------------------------------------------------------------------	
+	// --------------------------------------------------------------------
 	// Effects
 	// --------------------------------------------------------------------
 
@@ -685,7 +685,7 @@ class CI_Javascript {
 
 		return $str;
 	}
-	
+
 	// --------------------------------------------------------------------
 
 	/**
@@ -855,7 +855,7 @@ class CI_Javascript {
 		}
 		elseif (is_string($result) OR $is_key)
 		{
-			return '"'.str_replace(array('\\', "\t", "\n", "\r", '"', '/'), array('\\\\', '\\t', '\\n', "\\r", '\"', '\/'), $result).'"';			
+			return '"'.str_replace(array('\\', "\t", "\n", "\r", '"', '/'), array('\\\\', '\\t', '\\n', "\\r", '\"', '\/'), $result).'"';
 		}
 		elseif (is_scalar($result))
 		{
-- 
cgit v1.2.3-24-g4f1b