summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2015-09-14Fix #4044Andrey Andreev2-5/+6
2015-09-14Fix #4109Andrey Andreev2-20/+23
2015-09-14Add 'eval' to a JS blacklist in xss_clean()Andrey Andreev1-7/+10
2015-09-14Move _remove_evil_attributes() callAndrey Andreev2-4/+17
2015-09-11Harden xss_clean() moreAndrey Andreev2-7/+44
This time eliminate false positives for the 'naughty html' logic.
2015-09-11Improve on previous commitAndrey Andreev2-1/+6
2015-09-11Replace the latest XSS patchesAndrey Andreev2-10/+27
This one fixes yet another issue, is cleaner and faster.
2015-09-10Last commit didn't adjust a RE indexAndrey Andreev2-1/+6
2015-09-10Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev2-6/+6
2015-09-10Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-1/+1
2015-09-10[ci skip] Add changelog entry for #4105Andrey Andreev1-0/+1
2015-09-10Change form validation library to allow the pipe character within square ↵rich1-1/+1
brackets
2015-09-10Fix #4106Andrey Andreev2-2/+10
2015-09-07Remove unnecessary count() calls from _sanitize_globals()Andrey Andreev1-3/+3
foreach() just won't execute for an empty array, it does that check internally.
2015-09-07Move csrf_verify() call out of _sanitize_globals()Andrey Andreev1-6/+6
It doesn't belong in there.
2015-09-03Fix #4096Andrey Andreev2-1/+2
2015-09-02[ci skip] Improve FV language string instructionsAndrey Andreev1-1/+4
As suggested in #4095
2015-09-01Enable Travis builds for 3.0-stable branchAndrey Andreev1-0/+1
2015-09-01Fix #4093Andrey Andreev3-1/+10
2015-09-01[ci skip] Correct session database setup docsAndrey Andreev2-7/+15
2015-09-01[ci skip] Reduce/improve wording of xss_clean() descriptionAndrey Andreev1-10/+5
2015-09-01[ci skip] Remove a bad advice from the Security lib docsAndrey Andreev1-4/+0
2015-09-01Merge pull request #4092 from mpmont/3.0-stableAndrey Andreev1-1/+1
Remove an accidental = sign
2015-09-01There was an extra = sign in this fileMarco Monteiro1-1/+1
2015-08-31[ci skip] Fix #4091Andrey Andreev2-1/+2
2015-08-31Fix #4086Andrey Andreev2-13/+14
2015-08-31[ci skip] Fix incorrect routing descriptionAndrey Andreev1-2/+1
Close #4079
2015-08-31Fix #4073Andrey Andreev2-7/+17
2015-08-31Fix #4066Andrey Andreev3-18/+7
2015-08-20Fix #4065Andrey Andreev2-1/+2
2015-08-19[ci skip] Fix 'sqlsrv' connect failure endless loopAndrey Andreev2-7/+9
Reported via the forums: http://forum.codeigniter.com/thread-61494.html
2015-08-17Allow capitals in the middle of model namesAndrey Andreev2-1/+2
Requested in #4059
2015-08-15Fix #4056Andrey Andreev2-1/+2
2015-08-15[ci skip] Fix a doc typoAndrey Andreev1-1/+1
2015-08-14[ci skip] Encryption doc fixAndrey Andreev1-1/+1
Close #4051
2015-08-14Fix #4052Andrey Andreev2-20/+1
The bug actually had two instances: - Callback routes with literal matches and HTTP verbs has never worked - The reported issue in #4052, which is a regression introduced in 3.0.1 with abc299b3a234eb7da1b7e3d257b7eba2da649219 Removed the literal matches logic altogether to avoid similar issues in the future and reduce code complexity. The same logic is performed with the regular expressions logic.
2015-08-13Fix typo in commentsClaudio Galdiolo1-1/+1
2015-08-13Update config/constants.php with defined() checksAndrey Andreev3-34/+48
Allows for easier override with an environment-based configs. Close #4045
2015-08-10Fix path for CLI error templates in upgrade docMat Whitney1-1/+1
2015-08-07[ci skip] Partial patch for #2284Andrey Andreev2-2/+9
The issue description is about update_string(), which I'm not sure if can be fixed at all. This patch only addresses protect_identifiers().
2015-08-07[ci skip] Add 3.0.2 upgrade instructions fileAndrey Andreev2-0/+15
2015-08-07[ci skip] Start of 3.0.2-devAndrey Andreev4-4/+11
2015-08-07[ci skip] Add 3.0.1 release date to changelogAndrey Andreev1-1/+1
2015-08-07[ci skip] Add a note about string helpersAndrey Andreev1-0/+3
2015-08-07Fix #4023Andrey Andreev2-1/+2
Close #4024
2015-08-07Fix ReDoS-bug in string_helper.phpKevin Morssink1-1/+1
Fix for ReDoS (Regular Expression Denial of Service) / Code Injection Risk
2015-08-05Fix #4026Andrey Andreev2-1/+5
2015-08-05Merge pull request #4028 from bjjay/patch-1Andrey Andreev1-6/+0
Remove a redundant piece of code from Profiler
2015-08-05Reduce once $config['query_toggle_count'] checkingbjjay1-6/+0
This checking can be done by calling set_sections method when initialize profiler .
2015-08-05Fix #4027Andrey Andreev2-8/+13