From 1e6d4d611d80dc7f20566ecc125354d84deebd1c Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Mon, 14 Sep 2015 16:06:37 +0300
Subject: Another addition to tag detection patterns in xss_clean()

---
 system/core/Security.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/core/Security.php b/system/core/Security.php
index 3142f7da2..9e5e72576 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -493,6 +493,7 @@ class CI_Security {
 		 */
 		$pattern = '#'
 			.'<((/*\s*)([a-z0-9]+)(?=[^a-z0-9])' // tag start and name, followed by a non-tag character
+			.'[^>a-z0-9]*' // a valid attribute character immediately after the tag would count as a separator
 			// optional attributes
 			.'([\s\042\047/=]+' // non-attribute characters, excluding > (tag close) for obvious reasons
 			.'[^\s\042\047>/=]+' // attribute characters
@@ -804,6 +805,7 @@ class CI_Security {
 
 		$pattern = '#(' // catch everything in the tag preceeding the evil attribute
 			.'<[a-z0-9]+(?=[^>a-z0-9])' // tag start and name, followed by a non-tag character
+			.'[^>a-z0-9]*' // a valid attribute character immediately after the tag would count as a separator
 			// optional attributes
 			.'([\s\042\047/=]+' // non-attribute characters, excluding > (tag close) for obvious reasons
 			.'[^\s\042\047>/=]+' // attribute characters
@@ -821,7 +823,8 @@ class CI_Security {
 			.')' // end evil attribute
 			.'#isS';
 
-		do {
+		do
+		{
 			$count = 0;
 			$str = preg_replace($pattern, '$1 [removed]', $str, -1, $count);
 		}
-- 
cgit v1.2.3-24-g4f1b