Merge pull request #3037 from DevelopmentDocumentopia/xss_clean_patch xss_clean is not protecting GET requests that &item=/startwithslash

commit: c580968c38ef9246e6da48ad08be733f38759eca [log] [tgz]
author: Andrey Andreev <narf@devilix.net> Tue May 06 23:58:07 2014 +0300
committer: Andrey Andreev <narf@devilix.net> Tue May 06 23:58:07 2014 +0300
tree: e06c394402a625750b332555165d1e081c026c2d
parent: 4e4f2f596700e6892b31b8b6ce987b2511a3cd98 [diff]
parent: 945784173ea4dba58da528bebc53b3a24b82928f [diff]
diff --git a/system/core/Security.php b/system/core/Security.php
old mode 100644
new mode 100755
index 17ba3bc..c9258b0
--- a/system/core/Security.php
+++ b/system/core/Security.php

@@ -862,7 +862,7 @@
 		 */
 
 		// 901119URL5918AMP18930PROTECT8198
-		$str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash().'\\1=\\2', $str);
+		$str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-/]+)|i', $this->xss_hash().'\\1=\\2', $str);
 
 		/*
 		 * Validate standard character entities
commit	c580968c38ef9246e6da48ad08be733f38759eca	[log] [tgz]
author	Andrey Andreev <narf@devilix.net>	Tue May 06 23:58:07 2014 +0300
committer	Andrey Andreev <narf@devilix.net>	Tue May 06 23:58:07 2014 +0300
tree	e06c394402a625750b332555165d1e081c026c2d
parent	4e4f2f596700e6892b31b8b6ce987b2511a3cd98 [diff]
parent	945784173ea4dba58da528bebc53b3a24b82928f [diff]