added hyphens to allowed characters in GET keys and vals in submitted URLs in xss_clean()

commit: e24f61a2bb61c2445cb205777f897415e86fc10e [log] [tgz]
author: Derek Jones <derek.jones@ellislab.com> Thu Nov 05 15:06:31 2009 +0000
committer: Derek Jones <derek.jones@ellislab.com> Thu Nov 05 15:06:31 2009 +0000
tree: cd04430eaa0b13b9943a3ab7ab005a2d88267efa
parent: a3f47180e3885fca82599e90c95ce6e5c26072d6 [diff] [blame]
diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index e7bf727..98f2826 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php

@@ -554,7 +554,7 @@
 
 		// 901119URL5918AMP18930PROTECT8198
 
-		$str = preg_replace('|\&([a-z\_0-9]+)\=([a-z\_0-9]+)|i', $this->xss_hash()."\\1=\\2", $str);
+		$str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str);
 
 		/*
 		* Validate standard character entities
commit	e24f61a2bb61c2445cb205777f897415e86fc10e	[log] [tgz]
author	Derek Jones <derek.jones@ellislab.com>	Thu Nov 05 15:06:31 2009 +0000
committer	Derek Jones <derek.jones@ellislab.com>	Thu Nov 05 15:06:31 2009 +0000
tree	cd04430eaa0b13b9943a3ab7ab005a2d88267efa
parent	a3f47180e3885fca82599e90c95ce6e5c26072d6 [diff] [blame]