xss_clean() improvement Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37819186

commit: e7a2aa09df05547211776bf493adb6da476f3858 [log] [tgz]
author: Andrey Andreev <narf@devilix.net> Tue Mar 18 18:44:53 2014 +0200
committer: Andrey Andreev <narf@devilix.net> Tue Mar 18 18:44:53 2014 +0200
tree: 84f104c1e2079a22fb5409a517986ae44d4ee4f3
parent: 1394304472f1c917b8f6680c57bf50c780744f2d [diff] [blame]
diff --git a/system/core/Security.php b/system/core/Security.php
index faa52d7..1dfea18 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php

@@ -578,13 +578,13 @@
 
 		do
 		{
-			$m1 = $m2 = 0;
+			$str_compare = $str;
 
-			$str = preg_replace('/(&#x0*[0-9a-f]{2,5})(?![0-9a-f;])/iS', '$1;', $str, -1, $m1);
-			$str = preg_replace('/(&#\d{2,4})(?![0-9;])/S', '$1;', $str, -1, $m2);
+			$str = preg_replace('/(&#x0*[0-9a-f]{2,5})(?![0-9a-f;])/iS', '$1;', $str);
+			$str = preg_replace('/(&#\d{2,4})(?![0-9;])/S', '$1;', $str);
 			$str = html_entity_decode($str, ENT_COMPAT, $charset);
 		}
-		while ($m1 OR $m2);
+		while ($str_compare !== $str);
 
 		return $str;
 	}
commit	e7a2aa09df05547211776bf493adb6da476f3858	[log] [tgz]
author	Andrey Andreev <narf@devilix.net>	Tue Mar 18 18:44:53 2014 +0200
committer	Andrey Andreev <narf@devilix.net>	Tue Mar 18 18:44:53 2014 +0200
tree	84f104c1e2079a22fb5409a517986ae44d4ee4f3
parent	1394304472f1c917b8f6680c57bf50c780744f2d [diff] [blame]