From 68d7bd62840b1154a4a6d9b5caa41cbdd73a851a Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 3 Jul 2008 20:50:21 +0000 Subject: changed link and image regex to be more precise in matching tags, reducing false positive matches --- system/libraries/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Input.php b/system/libraries/Input.php index ac6b864e9..7465021c6 100644 --- a/system/libraries/Input.php +++ b/system/libraries/Input.php @@ -680,12 +680,12 @@ class CI_Input { if (preg_match("/]*?)(>|$)#si", array($this, '_js_link_removal'), $str); + $str = preg_replace_callback("#]*?)(>|$)#si", array($this, '_js_link_removal'), $str); } if (preg_match("/]*?)(>|$)#si", array($this, '_js_img_removal'), $str); + $str = preg_replace_callback("#]*?)(>|$)#si", array($this, '_js_img_removal'), $str); } if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str)) @@ -705,7 +705,7 @@ class CI_Input { * but it's unlikely to be a problem. * */ - $event_handlers = array('[^a-z]on\w*','xmlns'); + $event_handlers = array('[^a-z_\-]on\w*','xmlns'); if ($is_image === TRUE) { -- cgit v1.2.3-24-g4f1b