Skip to content

Commit

Permalink
Merge pull request #7 from DiederikvandenB/master
Browse files Browse the repository at this point in the history
Fixed bug #5.
  • Loading branch information
janhartigan committed Feb 11, 2014
2 parents 0b6c01e + 0bd4f51 commit 0e3ce1f
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions src/Frozennode/XssInput/Security.php
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,7 @@ public static function xss_clean($str, $is_image = FALSE)
$str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", function($match){
return str_replace(array('>', '<', '\\'), array('&gt;', '&lt;', '\\\\'), $match[0]);
}, $str);
$str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", function($match){
return self::entity_decode($match[0], 'UTF-8');
}, $str);
$str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", 'self::entity_decode' , $str);
/*
* Remove Invisible Characters Again!
*/
Expand Down Expand Up @@ -415,8 +413,9 @@ protected static function remove_evil_attributes($str, $is_image)
* @param string
* @return string
*/
protected static function entity_decode($str, $charset='UTF-8')
protected static function entity_decode($arr, $charset='UTF-8')
{
$str = $arr[0];
if (stristr($str, '&') === FALSE)
{
return $str;
Expand Down

0 comments on commit 0e3ce1f

Please sign in to comment.