summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2013-01-29 14:38:33 +0100
committerAndrey Andreev <narf@bofh.bg>2013-01-29 14:38:33 +0100
commit7e5597782a589e4171ca08abdd9ce1a185542ff4 (patch)
treede46d9995631d11c83197a266c46116e6e1343c4 /user_guide_src/source
parentd911fccb3198ffb0629d9956115ae08244ce3e66 (diff)
Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename()
Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73.
Diffstat (limited to 'user_guide_src/source')
-rw-r--r--user_guide_src/source/changelog.rst2
1 files changed, 2 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 982ae22f4..daa1cfc7a 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -215,6 +215,7 @@ Release Date: Not Released
- Added **max_filename_increment** config setting.
- Added an **index** parameter to the ``data()`` method.
- Added the **min_width** and **min_height** options for images.
+ - Removed method ``clean_file_name()`` and its usage in favor of :doc:`Security Library <libraries/security>`'s ``sanitize_filename()``.
- :doc:`Cart library <libraries/cart>` changes include:
- ``insert()`` now auto-increments quantity for an item when inserted twice instead of resetting it, this is the default behaviour of large e-commerce sites.
- *Product Name* strictness can be disabled by switching the ``$product_name_safe`` property to FALSE.
@@ -478,6 +479,7 @@ Bug fixes for 3.0
- Fixed a bug (#2061) - :doc:`Routing Class <general/routing>` didn't properly sanitize directory, controller and function triggers with **enable_query_strings** set to TRUE.
- Fixed a bug - SQLSRV didn't support ``escape_like_str()`` or escaping an array of values.
- Fixed a bug - :doc:`DB result <database/results>` method ``list_fields()`` didn't reset its field pointer for the *mysql*, *mysqli* and *mssql* drivers.
+- Fixed a bug (#73) - :doc:`Security Library <libraries/security>` method ``sanitize_filename()`` could be tricked by an XSS attack.
Version 2.1.3
=============