Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2015-10-02 | More XSS stuff | Andrey Andreev | 2 | -2/+7 | |
2015-09-29 | [ci skip] Add changelog message for PR #4126 | Andrey Andreev | 1 | -0/+1 | |
2015-09-29 | Merge pull request #4126 from zoaked/patch-1 | Andrey Andreev | 2 | -2/+1 | |
Persist config file rules when using FV reset_validation() | |||||
2015-09-28 | [ci skip] Explain per-directory logic for 404_override too | Andrey Andreev | 1 | -2/+4 | |
2015-09-28 | cal_cel_other | Дмитрий | 1 | -2/+2 | |
forget to close a tag cal_cel_other | |||||
2015-09-28 | [ci skip] Clarify docs about default_controller | Andrey Andreev | 2 | -14/+23 | |
2015-09-28 | Merge pull request #4125 from jim-parry/fix/lang_test | Andrey Andreev | 1 | -5/+17 | |
Improve CI_Lang tests | |||||
2015-09-24 | Fix #4137 | Andrey Andreev | 2 | -1/+2 | |
2015-09-23 | [ci skip] Cherry-pick docs pulldown nav fix from develop | Master Yoda | 1 | -85/+117 | |
2015-09-22 | [ci skip] Remove an example from DB docs | Andrey Andreev | 1 | -17/+0 | |
Users shouldn't be encouraged to use num_rows() that way ... We had already decided on this awhile ago, this example just slipped through. | |||||
2015-09-21 | More XSS stuff | Andrey Andreev | 2 | -3/+19 | |
2015-09-17 | Don't allow open-ended tags to pass through xss_clean() | Andrey Andreev | 2 | -4/+10 | |
This was a regression caused by the previous commit | |||||
2015-09-17 | Refactor 'evil attributes' sanitization logic | Andrey Andreev | 2 | -115/+100 | |
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes(). | |||||
2015-09-16 | [ci skip] Add missing changelog entry | Andrey Andreev | 1 | -0/+1 | |
2015-09-16 | Fix #4116 | Andrey Andreev | 2 | -6/+7 | |
Close #4117 | |||||
2015-09-16 | Fix typo | kenjis | 1 | -1/+1 | |
Signed-off-by: Kenji Suzuki <kenji.uui@gmail.com> | |||||
2015-09-16 | Fix #4120 | Andrey Andreev | 2 | -3/+14 | |
2015-09-15 | Missing character in the evil attributes pattern | Andrey Andreev | 1 | -1/+1 | |
2015-09-14 | Another addition to tag detection patterns in xss_clean() | Andrey Andreev | 2 | -1/+9 | |
2015-09-14 | Close #4098 | Andrey Andreev | 2 | -2/+19 | |
2015-09-14 | Fix #4032 | Andrey Andreev | 2 | -7/+10 | |
2015-09-14 | Fix #4044 | Andrey Andreev | 2 | -5/+6 | |
2015-09-14 | Fix #4109 | Andrey Andreev | 2 | -20/+23 | |
2015-09-14 | Add 'eval' to a JS blacklist in xss_clean() | Andrey Andreev | 1 | -7/+10 | |
2015-09-14 | Move _remove_evil_attributes() call | Andrey Andreev | 2 | -4/+17 | |
2015-09-11 | Harden xss_clean() more | Andrey Andreev | 2 | -7/+44 | |
This time eliminate false positives for the 'naughty html' logic. | |||||
2015-09-11 | Improve on previous commit | Andrey Andreev | 2 | -1/+6 | |
2015-09-11 | Replace the latest XSS patches | Andrey Andreev | 2 | -10/+27 | |
This one fixes yet another issue, is cleaner and faster. | |||||
2015-09-10 | Last commit didn't adjust a RE index | Andrey Andreev | 2 | -1/+6 | |
2015-09-10 | Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 2 | -6/+6 | |
2015-09-10 | Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -1/+1 | |
2015-09-10 | [ci skip] Add changelog entry for #4105 | Andrey Andreev | 1 | -0/+1 | |
2015-09-10 | Change form validation library to allow the pipe character within square ↵ | rich | 1 | -1/+1 | |
brackets | |||||
2015-09-10 | Fix #4106 | Andrey Andreev | 2 | -2/+10 | |
2015-09-07 | Remove unnecessary count() calls from _sanitize_globals() | Andrey Andreev | 1 | -3/+3 | |
foreach() just won't execute for an empty array, it does that check internally. | |||||
2015-09-07 | Move csrf_verify() call out of _sanitize_globals() | Andrey Andreev | 1 | -6/+6 | |
It doesn't belong in there. | |||||
2015-09-03 | Fix #4096 | Andrey Andreev | 2 | -1/+2 | |
2015-09-02 | [ci skip] Improve FV language string instructions | Andrey Andreev | 1 | -1/+4 | |
As suggested in #4095 | |||||
2015-09-01 | Enable Travis builds for 3.0-stable branch | Andrey Andreev | 1 | -0/+1 | |
2015-09-01 | Fix #4093 | Andrey Andreev | 3 | -1/+10 | |
2015-09-01 | [ci skip] Correct session database setup docs | Andrey Andreev | 2 | -7/+15 | |
2015-09-01 | [ci skip] Reduce/improve wording of xss_clean() description | Andrey Andreev | 1 | -10/+5 | |
2015-09-01 | [ci skip] Remove a bad advice from the Security lib docs | Andrey Andreev | 1 | -4/+0 | |
2015-09-01 | Merge pull request #4092 from mpmont/3.0-stable | Andrey Andreev | 1 | -1/+1 | |
Remove an accidental = sign | |||||
2015-09-01 | There was an extra = sign in this file | Marco Monteiro | 1 | -1/+1 | |
2015-08-31 | [ci skip] Fix #4091 | Andrey Andreev | 2 | -1/+2 | |
2015-08-31 | Fix #4086 | Andrey Andreev | 2 | -13/+14 | |
2015-08-31 | [ci skip] Fix incorrect routing description | Andrey Andreev | 1 | -2/+1 | |
Close #4079 | |||||
2015-08-31 | Fix #4073 | Andrey Andreev | 2 | -7/+17 | |
2015-08-31 | Fix #4066 | Andrey Andreev | 3 | -18/+7 | |