From 46e77e0d28cf6c057484df022a012e85de2f79b6 Mon Sep 17 00:00:00 2001
From: David Cox Jr <DaveMC08@gmail.com>
Date: Thu, 3 Oct 2013 16:56:04 -0400
Subject: partial fix #2667 this fixes the ability to replace a space with a /
 and skip the XSS filtering

---
 system/core/Security.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/core/Security.php b/system/core/Security.php
index 70cf3e013..368e17dc3 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -603,7 +603,7 @@ class CI_Security {
 	 */
 	public function strip_image_tags($str)
 	{
-		return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+		return preg_replace(array('#<img[\s/]+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img[\s/]+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
 	}
 
 	// ----------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b