From c67c3fbb8e16b1ffb79c72bb91db04fcb005b2b1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 22 Jan 2014 13:26:00 +0200 Subject: CI_Security::_decode_entity() to replace dangerous HTML5 entities Related to issue #2771 --- user_guide_src/source/changelog.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index ae2900761..513050159 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -685,7 +685,8 @@ Bug fixes for 3.0 - Fixed a bug where :doc:`User Agent Library ` methods ``accept_charset()`` and ``accept_lang()`` didn't properly parse HTTP headers that contain spaces. - Fixed a bug where *default_controller* was called instad of triggering a 404 error if the current route is in a controller directory. - Fixed a bug (#2737) - :doc:`XML-RPC Library ` used objects as array keys, which triggered E_NOTICE messages. -- Fixed a bug (#2729) - ``CI_Securty::_validate_entities()`` used overly-intrusive ``preg_replace()`` patterns that produced false-positives. +- Fixed a bug (#2729) - ``CI_Security::_validate_entities()`` used overly-intrusive ``preg_replace()`` patterns that produced false-positives. +- Fixed a bug (#2771) - ``CI_Security::xss_clean()`` didn't take into account HTML5 entities. Version 2.1.4 ============= -- cgit v1.2.3-24-g4f1b