Merge branch 'develop' into feature/user-guide-cleanup
diff --git a/system/core/Common.php b/system/core/Common.php
index 00e3030..cfc63c2 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -76,6 +76,7 @@
* the file, based on the read-only attribute. is_writable() is also unreliable
* on Unix servers if safe_mode is on.
*
+ * @link https://bugs.php.net/bug.php?id=54709
* @param string
* @return void
*/
diff --git a/system/core/Security.php b/system/core/Security.php
index d6356f8..49e5ab4 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -69,7 +69,9 @@
public $html5_entities = array(
':' => ':',
'(' => '(',
- ')' => ')'
+ ')' => ')',
+ '&newline;' => "\n",
+ '&tab;' => "\t"
);
/**
@@ -467,7 +469,7 @@
* So this: <blink>
* Becomes: <blink>
*/
- $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+ $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|button|select|isindex|layer|link|meta|keygen|object|plaintext|style|script|textarea|title|video|svg|xml|xss';
$str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
/*
@@ -660,7 +662,7 @@
protected function _remove_evil_attributes($str, $is_image)
{
// Formaction, style, and xmlns
- $evil_attributes = array('style', 'xmlns', 'formaction');
+ $evil_attributes = array('style', 'xmlns', 'formaction', 'form', 'xlink:href');
if ($is_image === TRUE)
{