Welcome Guest, Not a member yet? Register   Sign In
XSS bad URL protection
#1

[eluser]Unknown[/eluser]
if field contains value such
'?auto_brand=1&auto;_model=&size=1'

xss_clean converts it to
'?auto_brand=1&auto;_model=&size=1'

and then shows 'Disallowed Key Characters.'

solved:

class Input

$str = preg_replace('|\&([a-z\_0-9]+)\=([a-z\_0-9]+)|i', $this->xss_hash()."\\1=\\2", $str);

change to
$str = preg_replace('|\&([a-z\_0-9]+)\=([a-z\_0-9]?)|i', $this->xss_hash()."\\1=\\2", $str);




Theme © iAndrew 2016 - Forum software by © MyBB