summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2014-02-07Merge branch 'develop' into feature/encryptionAndrey Andreev3-4/+3
2014-02-07Use is_really_writable() in captcha helperAndrey Andreev1-1/+1
2014-02-07Fix conflictsAndrey Andreev0-0/+0
2014-02-07Use is_really_writable() in get_file_info()Andrey Andreev1-2/+1
2014-02-07Merge pull request #2859 from vivekdinesh/typo-fixAndrey Andreev1-1/+1
Typo Fix
2014-02-07Typo FixVivek Dinesh1-1/+1
Signed-off-by: Vivek Dinesh <vivekdinesh5@gmail.com>
2014-02-07CI_Encryption: Optimizations and test casesAndrey Andreev3-92/+324
2014-02-06Merge pull request #2857 from vivekdinesh/typo-fixAndrey Andreev1-1/+1
Typo Fix
2014-02-06Typo FixVivek Dinesh1-1/+1
Signed-off-by: Vivek Dinesh <vivekdinesh5@gmail.com>
2014-02-06Merge changes from developAndrey Andreev3-3/+12
2014-02-06Make CI_Session's HMAC comparison time-attack-safeAndrey Andreev1-1/+9
2014-02-06CI_Encryption: CAST-128/CAST5 and RC4/ARCFour compatibilityAndrey Andreev2-15/+73
2014-02-06CI_Encryption: Time-attack-safe HMAC verificationAndrey Andreev1-4/+18
2014-02-05Fix #2856Andrey Andreev2-2/+3
2014-02-05CI_Encryption: HMAC to not be derived from the encryption keyAndrey Andreev2-62/+62
2014-02-05More CI_Encryption improvementsAndrey Andreev2-49/+10
- Make OpenSSL the default driver if available (because MCrypt is stupid). - Require MCRYPT_DEV_URANDOM for the MCrypt availability check (because security; also, incidentally - it's faster that way ;)).
2014-02-05CI_Encryption: More MCrypt/OpenSSL compatibility and get rid of the ↵Andrey Andreev2-30/+115
MCRYPT_MODE_* constants
2014-02-05CI_Encryption: Add Blowfish to compatibility listAndrey Andreev2-12/+14
2014-02-05CI_Encryption: Work around MCrypt's dumb behavior in ECB modeAndrey Andreev1-49/+65
2014-02-05Merge branch 'develop' into feature/encryptionAndrey Andreev4-2/+22
2014-02-05Integrate CI_Encryption into the frameworkAndrey Andreev5-36/+61
TODO: Add documentation in user_guide_src/source/libraries/encryption.rst
2014-02-04CI_Encryption: Remove ARCFour from aliased ciphers due ...Andrey Andreev1-4/+2
Seems like there are some issues with it
2014-02-04CI_Encryption: Fix more errors and add a 'portability' test caseAndrey Andreev2-18/+67
2014-02-04Fix a logical error in CI_EncryptionAndrey Andreev1-3/+3
2014-02-04CI_Encryption: Fix some errors and add unit tests for hkdf()Andrey Andreev3-25/+129
2014-02-04CI_Encryption improvementsAndrey Andreev1-99/+199
- HMAC authentication by default. - HKDF support. - Reduce code repetition.
2014-02-03[ci skip] Update info on function_usableAndrey Andreev3-2/+12
2014-02-03Merge pull request #2852 from noskov/developAndrey Andreev1-0/+10
Add index.html to /application/language
2014-02-03Add index.html to /application/languageSerge Noskov1-0/+10
2014-02-03Introducing CI_Encryption (a CI_Encrypt replacement)Andrey Andreev1-0/+718
2014-01-30Previous 2 commits were just dumbAndrey Andreev2-3/+3
2014-01-30Fix a syntax error from last commitAndrey Andreev1-1/+1
2014-01-30Some fail-safe pdo_pgsql adjustmentsAndrey Andreev2-2/+7
2014-01-29[ci skip] Fix broken linksAndrey Andreev4-7/+7
2014-01-29[ci skip] Fix /readme.rst linksAndrey Andreev1-2/+2
2014-01-28Fix #2845Andrey Andreev1-1/+1
2014-01-28Fix #2844Andrey Andreev1-1/+1
2014-01-25Add <math> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-25Previous commit caused side effects ...Andrey Andreev1-2/+2
2014-01-25Fix CI_Security::_remove_evil_attributes() being way too aggressiveAndrey Andreev1-2/+2
2014-01-25Re-add 'on\w*' to evil attributes (rel #2667)Andrey Andreev1-2/+1
2014-01-25Partially fix #2667Andrey Andreev1-2/+8
2014-01-24[ci skip] Add a link to PHP bug 54709 in is_really_writable()'s docblockAndrey Andreev1-0/+1
2014-01-24CI_Security: Also add <svg> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-24CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ↵Andrey Andreev1-1/+1
elements
2014-01-24Fix syntax errorsAndrey Andreev1-2/+2
2014-01-24CI_Security: Add 'form' and 'xlink:href' to evil attributesAndrey Andreev1-1/+1
2014-01-24Add &newline; and &tab; to CI_Security::Andrey Andreev1-1/+3
2014-01-24Righting a wrong in the Session libraryAndrey Andreev6-69/+90
- Change userdata(), flashdata(), tempdata() to return all the respective data when no parameter is passed. - Revert the addition of all_flashdata(). - Deprecate all_userdata(). - Fix related changelog entries that were all inconsistent.
2014-01-24[ci skip] AND -> &&Andrey Andreev1-1/+1