Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / abc6006884658acb4e2302460f87e2f89a5a7e80^! / .
commitabc6006884658acb4e2302460f87e2f89a5a7e80[log] [tgz]
authorAndrey Andreev <narf@devilix.net>Thu Sep 10 16:36:22 2015 +0300
committerAndrey Andreev <narf@devilix.net>Thu Sep 10 16:36:22 2015 +0300
tree8e2e610d6be363c4dbf79286533441af15ab7716
parent72ebac4eed3f5de650a26ffbc34fc0aaaa49c7d4 [diff]
Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4

diff --git a/system/core/Security.php b/system/core/Security.php
index 8ca66d2..e4bd327 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php

@@ -787,11 +787,11 @@
 			$count = $temp_count = 0;
 
 			// replace occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
-			$str = preg_replace('/<([^>]+((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=047))*[^>]*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count);
+			$str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\4]*?)(\\4)/is', '<$1[removed]', $str, -1, $temp_count);
 			$count += $temp_count;
 
 			// find occurrences of illegal attribute strings without quotes
-			$str = preg_replace('/<([^>]+((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=047))*[^>]*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', '<$1[removed]', $str, -1, $temp_count);
+			$str = preg_replace('/<([^>]+(((?<=\042)[^\042]*(?=\042)|(?<=\047)[^\047]*(?=\047))[^>]*)*)(?<!\w)('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', '<$1[removed]', $str, -1, $temp_count);
 			$count += $temp_count;
 		}
 		while ($count);

diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 68b5224..8e6d276 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php

@@ -147,12 +147,12 @@
 		$this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo fscommand=case-insensitive>', FALSE));
 		$this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo seekSegmentTime=whatever>', FALSE));
 		$this->assertEquals(
-			'<foo bar=">" baz=\'\' [removed]>',
-			$this->security->remove_evil_attributes('<foo bar=">" baz=\'\' onAfterGreaterThan="quotes">', FALSE)
+			'<foo bar=">" baz=\'>\' [removed]>',
+			$this->security->remove_evil_attributes('<foo bar=">" baz=\'>\' onAfterGreaterThan="quotes">', FALSE)
 		);
 		$this->assertEquals(
-			'<foo bar=">" baz=\'\' [removed]>',
-			$this->security->remove_evil_attributes('<foo bar=">" baz=\'\' onAfterGreaterThan=noQuotes>', FALSE)
+			'<foo bar=">" baz=\'>\' [removed]>',
+			$this->security->remove_evil_attributes('<foo bar=">" baz=\'>\' onAfterGreaterThan=noQuotes>', FALSE)
 		);
 	}