summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2015-10-31Use proper randomness when generating CAPTCHAsAndrey Andreev1-2/+87
2015-10-31Prevent Host header injectionsAndrey Andreev3-38/+29
2015-10-31Harden xss_clean()Andrey Andreev2-42/+59
2015-10-30Fix #4192Andrey Andreev2-5/+9
2015-10-30[ci skip] Fix changelog entry from latest commitAndrey Andreev1-1/+1
#3201 is actually another issue, the bug fixed by a62aa820bdd3e642f44428b27f2c6cde1baf4adc was just reported in the comments there.
2015-10-30Fix #3201Andrey Andreev3-1/+12
2015-10-23[ci skip] Link HackerOne page in the readmeAndrey Andreev1-1/+2
2015-10-21Merge pull request #4167 from zhanghongyi/fix-pulldownInstructor, Computer Systems Technology2-5/+46
disable pulldown menu on mobile devices
2015-10-19Fix #4171 and a number of other transaction bugsAndrey Andreev15-356/+170
2015-10-19Fix #4173Andrey Andreev2-1/+8
This reverts commit 7cc6cea2d421862726081a39e932dbceeefcc775 from PR #3968. At the time this seemed logical, but turns out it breaks the ability to create non-PRIMARY composite keys, so ...
2015-10-19[ci skip] Fix docs about QB cachingAndrey Andreev1-1/+1
It doesn't support set() ... Related: #4175
2015-10-18Fix #4179Andrey Andreev2-0/+5
2015-10-13[ci skip] Fix #4170Andrey Andreev2-3/+3
2015-10-13[ci skip] Correct version number in user guide confAndrey Andreev1-2/+2
2015-10-12[ci skip] Correct download link for 3.0.3-devAndrey Andreev1-1/+1
2015-10-12[ci skip] This is 3.0.3-devAndrey Andreev5-4/+20
2015-10-12[ci skip] Add changelog entry for PR #4166Andrey Andreev1-0/+12
2015-10-12Optimize csv_from_result speed.Ahmad Anbar1-2/+3
2015-10-12[ci skip] Add more info about security reporting to docsAndrey Andreev2-4/+19
2015-10-08[ci skip] Prepare 3.0.2 releaseAndrey Andreev4-5/+9
2015-10-08[ci skip] Fix broken links in user guideAndrey Andreev2-2/+2
2015-10-05Some more intrusive XSS cleaningAndrey Andreev2-7/+18
2015-10-05Close #4155Andrey Andreev1-1/+1
2015-10-02[ci skip] Some consistency in the docs' theme CSSAndrey Andreev1-37/+35
2015-10-02Rearrange the TOC slightly, to support consistency between the side menu and ↵Master Yoda1-10/+10
the sphonx toctree-derived pulldown menu. Signed-off-by:Master Yoda <jim_parry@bcit.ca>
2015-10-02Merge pull request #4148 from zhanghongyi/generate-pulldownAndrey Andreev5-76/+121
[ci skip] Generate docs pulldown menu using sphinx toctree
2015-10-02More XSS stuffAndrey Andreev2-2/+7
2015-09-29[ci skip] Add changelog message for PR #4126Andrey Andreev1-0/+1
2015-09-29Merge pull request #4126 from zoaked/patch-1Andrey Andreev2-2/+1
Persist config file rules when using FV reset_validation()
2015-09-28[ci skip] Explain per-directory logic for 404_override tooAndrey Andreev1-2/+4
2015-09-28cal_cel_otherДмитрий1-2/+2
forget to close a tag cal_cel_other
2015-09-28[ci skip] Clarify docs about default_controllerAndrey Andreev2-14/+23
2015-09-28Merge pull request #4125 from jim-parry/fix/lang_testAndrey Andreev1-5/+17
Improve CI_Lang tests
2015-09-24Fix #4137Andrey Andreev2-1/+2
2015-09-23[ci skip] Cherry-pick docs pulldown nav fix from developMaster Yoda1-85/+117
2015-09-22[ci skip] Remove an example from DB docsAndrey Andreev1-17/+0
Users shouldn't be encouraged to use num_rows() that way ... We had already decided on this awhile ago, this example just slipped through.
2015-09-21More XSS stuffAndrey Andreev2-3/+19
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev2-4/+10
This was a regression caused by the previous commit
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev2-115/+100
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes().
2015-09-16[ci skip] Add missing changelog entryAndrey Andreev1-0/+1
2015-09-16Fix #4116Andrey Andreev2-6/+7
Close #4117
2015-09-16Fix typokenjis1-1/+1
Signed-off-by: Kenji Suzuki <kenji.uui@gmail.com>
2015-09-16Fix #4120Andrey Andreev2-3/+14
2015-09-15Missing character in the evil attributes patternAndrey Andreev1-1/+1
2015-09-14Another addition to tag detection patterns in xss_clean()Andrey Andreev2-1/+9
2015-09-14Close #4098Andrey Andreev2-2/+19
2015-09-14Fix #4032Andrey Andreev2-7/+10
2015-09-14Fix #4044Andrey Andreev2-5/+6
2015-09-14Fix #4109Andrey Andreev2-20/+23
2015-09-14Add 'eval' to a JS blacklist in xss_clean()Andrey Andreev1-7/+10