From e7a2aa09df05547211776bf493adb6da476f3858 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 18 Mar 2014 18:44:53 +0200 Subject: xss_clean() improvement Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37819186 --- system/core/Security.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'system') diff --git a/system/core/Security.php b/system/core/Security.php index faa52d746..1dfea18f8 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -578,13 +578,13 @@ class CI_Security { do { - $m1 = $m2 = 0; + $str_compare = $str; - $str = preg_replace('/(�*[0-9a-f]{2,5})(?![0-9a-f;])/iS', '$1;', $str, -1, $m1); - $str = preg_replace('/(&#\d{2,4})(?![0-9;])/S', '$1;', $str, -1, $m2); + $str = preg_replace('/(�*[0-9a-f]{2,5})(?![0-9a-f;])/iS', '$1;', $str); + $str = preg_replace('/(&#\d{2,4})(?![0-9;])/S', '$1;', $str); $str = html_entity_decode($str, ENT_COMPAT, $charset); } - while ($m1 OR $m2); + while ($str_compare !== $str); return $str; } -- cgit v1.2.3-24-g4f1b