fixed a bug where whitespace would be lost if a string was forced into a character entity e.g.
&foo you know?
would become
&foo;you know?
instead of
&foo; you know?
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index f26df75..347aac3 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -555,7 +555,7 @@
* the conversion of entities to ASCII later.
*
*/
- $str = preg_replace('#(&\#?[0-9a-z]{2,})[\x00-\x20]*;?#i', "\\1;", $str);
+ $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', "\\1;\\2", $str);
/*
* Validate UTF16 two byte encoding (x00)
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 48b1970..1968175 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -93,6 +93,7 @@
<li>Fixed some accuracy issues with curly quotes in Typography::format_characters()</li>
<li>Changed a few docblock comments to reflect actual return values.</li>
<li>Fixed a bug with high ascii characters in subject and from email headers.</li>
+ <li>Fixed a bug in xss_clean() where whitespace following a validated character entity would not be preserved.</li>
</ul>