[eluser]Unknown[/eluser]
Code sample:
function p3(){
/*
* this form is processed by xss_clean, so its mangled as well.
* Remove ; from test string before testing
*/
$test="Hen&qw;@P93a";
$test2 = $this->input->xss_clean($test);
echo "$test - $test2";
}
Result:
; is added to xss_cleaned variable, changing $test variable in a way thats not easily reverible (for use as password for example).