Skip to content
This repository

global_xss_filtering bug #1261

akbortoli opened this Issue April 16, 2012 · 4 comments

3 participants

Alysson Bortoli Andrey Andreev Roger Qiu
Alysson Bortoli

Line 285 - system/core/Security.php - $str = $this->_validate_entities($str);

Append a ";" to the end of the string, given string "$98dubrucHa7a&EC" becomes "$98dubrucHa7a&EC;", was checking the password it was not matching. The cause most be the &EC as it's not a valid entity but should be able to have invalid entities in a string.

Andrey Andreev
Andrey Andreev narfbg closed this November 12, 2012
Deleted user

The content you are editing has changed. Reload the page and try again.

@narfbg I see you closed this issue, but I am using the latest development branch and I am experiencing the same issue.

string(7) "@2$&7834;" // filtered
string(6) "@2$&7834"  // un-filtered
Sending Request…

Attach images by dragging & dropping or selecting them. Octocat-spinner-32 Uploading your images… Unfortunately, we don't support that file type. Try again with a PNG, GIF, or JPG. Yowza, that's a big file. Try again with an image file smaller than 10MB. This browser doesn't support image attachments. We recommend updating to the latest Internet Explorer, Google Chrome, or Firefox. Something went really wrong, and we can't process that image. Try again.

Andrey Andreev

@crypticmauler I closed it by referencing another, as a duplicate.

Roger Qiu

This is still affecting CI3.0. Has it been fixed? At least if its not going to be fixed. It needs to be in the documentation.

Jon Surrell sirreal referenced this issue in hermzz/gestorneo January 01, 2014

Tournament name error when using & #7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.