Fix issue #2681 (alternative to PR #2690)
diff --git a/system/core/Security.php b/system/core/Security.php
index 6f5f5cb..5c5c0ef 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -553,9 +553,9 @@
{
$matches = $matches1 = 0;
+ $str = preg_replace('~(�*[0-9a-f]{2,5});?~iS', $str, -1, $matches);
+ $str = preg_replace('~(&#\d{2,4});?~S', $str, -1, $matches1);
$str = html_entity_decode($str, ENT_COMPAT, $charset);
- $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches);
- $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1);
}
while ($matches OR $matches1);
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 8f5cffc..b5c0069 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -618,6 +618,7 @@
- Fixed a bug (#2609) - :php:func:`get_config()` optional argument was only effective on first function call. Also, it can now add items, in addition to updating existing items.
- Fixed a bug in the 'postgre' :doc:`database <database/index>` driver where the connection ID wasn't passed to ``pg_escape_string()``.
- Fixed a bug (#33) - Script execution was terminated when an invalid cookie key was encountered.
+- Fixed a bug (#2681) - `CI_Security::entity_decode()` used the `PREG_REPLACE_EVAL` flag, which is deprecated since PHP 5.5.
Version 2.1.4
=============