Added a "^" in regular expression to avoid non variable text containing ... #1679

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants

dribes commented Aug 2, 2012

..."&" to be considered as an ASCII code

david ribes Added a "^" in regular expression to avoid non variable text containi…
…ng "&" to be considered as an ASCII code
2a78bcb

@dribes dribes commented on the diff Aug 2, 2012

system/core/Security.php
@@ -792,7 +794,7 @@ protected function _validate_entities($str)
* Add a semicolon if missing. We do this to enable
* the conversion of entities to ASCII later.
*/
- $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', '\\1;\\2', $str);
+ $str = preg_replace('#(^&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', '\\1;\\2', $str);
Contributor

narfbg commented Nov 5, 2012

That method is supposed to translate entities everywhere, not just at the beginning of a string.

narfbg closed this Nov 5, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment