Part of the EllisLab Network

Bug Report

Mis-spelling which leads to invalid check
Date: 05/12/2008 Severity: Major
Status: Resolved Reporter: lemwn
Version: 1.6.1
Keywords: Libraries, Input and Security Class

Description

On line 638 an array of Illegal words are defined, one of which is ‘<!CDATA[’, which should be ‘<![CDATA[’ (with the extra bracket after the exclamation mark).

Missing this could be a vunerability

Code Sample

system/libraries/Input.php Line: 629 - 639 (array that highlights the problem)

$bad = array(
    '[removed]' => '[removed]',
    '[removed]'  => '[removed]',
    '[removed]'     => '[removed]',
    '[removed]'      => '[removed]',
    '[removed]' => '[removed]',
    '[removed]'    => '[removed]',
    '<!--'            => '<!--',
    '-->'             => '-->',
    '<!CDATA['        => '<![CDATA['
);

Expected Result

Actual Result

Comment on Bug Report

Page 1 of 1 pages
Posted by: Derek Allard on 12 May 2008 4:26pm
Derek Allard's avatar

Thanks lemwn.  Fixed up, and will be part of 1.6.2 released very shortly.

Name:

Email:

Location:

URL:

Remember my personal information

Notify me of follow-up comments?