partial fix #2667
this fixes the ability to replace a space with a /
and skip the XSS filtering
diff --git a/system/core/Security.php b/system/core/Security.php
index 70cf3e0..368e17d 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -603,7 +603,7 @@
*/
public function strip_image_tags($str)
{
- return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ return preg_replace(array('#<img[\s/]+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img[\s/]+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
}
// ----------------------------------------------------------------