xss_clean() improvement
Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37819186
diff --git a/system/core/Security.php b/system/core/Security.php
index faa52d7..1dfea18 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -578,13 +578,13 @@
do
{
- $m1 = $m2 = 0;
+ $str_compare = $str;
- $str = preg_replace('/(�*[0-9a-f]{2,5})(?![0-9a-f;])/iS', '$1;', $str, -1, $m1);
- $str = preg_replace('/(&#\d{2,4})(?![0-9;])/S', '$1;', $str, -1, $m2);
+ $str = preg_replace('/(�*[0-9a-f]{2,5})(?![0-9a-f;])/iS', '$1;', $str);
+ $str = preg_replace('/(&#\d{2,4})(?![0-9;])/S', '$1;', $str);
$str = html_entity_decode($str, ENT_COMPAT, $charset);
}
- while ($m1 OR $m2);
+ while ($str_compare !== $str);
return $str;
}
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 433ad31..14e042e 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -71,6 +71,12 @@
$this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string);
}
+ public function test_xss_clean_entity_double_encoded()
+ {
+ $input = '<a href="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</a>';
+ $this->assertEquals('<a 1>Clickhere</a>', $this->security->xss_clean($input));
+ }
+
// --------------------------------------------------------------------
public function test_xss_hash()