[RESOLVED] Commas Disappearing

I have a function that prevents XSS attacks on a bulletin board.

Unfortunately it means that commas are removed from posts.

I've narrowed it down to the following section of the function

$val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);

However I've noticed that the \x2c is the value for a comma so wouldn't fit into any of the ranges.

Any ideas?

Yes, but a "," matches a comma, so remove the two "," characters within the character class. 😉

So how would I maintain the groups of hex characters as I don't want to remove all between x00 and x19

Would it be something like this:

$val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x19])/', '', $val);

It's simpler than you realize. You literally just need to remove the commas:

$val = preg_replace('/([\x00-\x08\x0b-\x0c\x0e-\x19])/', '', $val);