diff options
| author | Derek Jones <derek.jones@ellislab.com> | 2009-02-10 20:08:56 +0100 |
|---|---|---|
| committer | Derek Jones <derek.jones@ellislab.com> | 2009-02-10 20:08:56 +0100 |
| commit | 63eeae3357b94edfdd5b652fd97fe878403be9f8 (patch) | |
| tree | a02daec6f2111d8ce605bbc00655f7bba0bc1a6d /user_guide | |
| parent | 0b2145f96b6c05aefb51cccb643d203b83a0d761 (diff) | |
Changed the algorithm used in _reset_post_array() to no longer rely on eval(), plugging an arbitrary script execution hole
http://codeigniter.com/bug_tracker/bug/6068/
Diffstat (limited to 'user_guide')
| -rw-r--r-- | user_guide/changelog.html | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 457db56a1..63eb75ccd 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -64,6 +64,7 @@ SVN Revision: </p> <ul> <li>Libraries <ul> + <li>Fixed an arbitrary script execution security flaw (#6068) in the Form Validation library (thanks to hkk)</li> <li>Changed default current page indicator in the Pagination library to use <strong> instead of <b></li> <li>A "HTTP/1.1 400 Bad Request" header is now sent when disallowed characters are encountered.</li> <li>Added <big>, <small>, <q>, and <tt> to the Typography parser's inline elements.</li> |