Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2015-10-31 | Use proper randomness when generating CAPTCHAs | Andrey Andreev | 1 | -2/+87 | |
2015-10-31 | Prevent Host header injections | Andrey Andreev | 3 | -38/+29 | |
2015-10-31 | Harden xss_clean() | Andrey Andreev | 2 | -42/+59 | |
2015-10-30 | Fix #4192 | Andrey Andreev | 2 | -5/+9 | |
2015-10-30 | [ci skip] Fix changelog entry from latest commit | Andrey Andreev | 1 | -1/+1 | |
#3201 is actually another issue, the bug fixed by a62aa820bdd3e642f44428b27f2c6cde1baf4adc was just reported in the comments there. | |||||
2015-10-30 | Fix #3201 | Andrey Andreev | 3 | -1/+12 | |
2015-10-23 | [ci skip] Link HackerOne page in the readme | Andrey Andreev | 1 | -1/+2 | |
2015-10-21 | Merge pull request #4167 from zhanghongyi/fix-pulldown | Instructor, Computer Systems Technology | 2 | -5/+46 | |
disable pulldown menu on mobile devices | |||||
2015-10-19 | Fix #4171 and a number of other transaction bugs | Andrey Andreev | 15 | -356/+170 | |
2015-10-19 | Fix #4173 | Andrey Andreev | 2 | -1/+8 | |
This reverts commit 7cc6cea2d421862726081a39e932dbceeefcc775 from PR #3968. At the time this seemed logical, but turns out it breaks the ability to create non-PRIMARY composite keys, so ... | |||||
2015-10-19 | [ci skip] Fix docs about QB caching | Andrey Andreev | 1 | -1/+1 | |
It doesn't support set() ... Related: #4175 | |||||
2015-10-18 | Fix #4179 | Andrey Andreev | 2 | -0/+5 | |
2015-10-13 | [ci skip] Fix #4170 | Andrey Andreev | 2 | -3/+3 | |
2015-10-13 | [ci skip] Correct version number in user guide conf | Andrey Andreev | 1 | -2/+2 | |
2015-10-12 | [ci skip] Correct download link for 3.0.3-dev | Andrey Andreev | 1 | -1/+1 | |
2015-10-12 | [ci skip] This is 3.0.3-dev | Andrey Andreev | 5 | -4/+20 | |
2015-10-12 | [ci skip] Add changelog entry for PR #4166 | Andrey Andreev | 1 | -0/+12 | |
2015-10-12 | Optimize csv_from_result speed. | Ahmad Anbar | 1 | -2/+3 | |
2015-10-12 | [ci skip] Add more info about security reporting to docs | Andrey Andreev | 2 | -4/+19 | |
2015-10-08 | [ci skip] Prepare 3.0.2 release | Andrey Andreev | 4 | -5/+9 | |
2015-10-08 | [ci skip] Fix broken links in user guide | Andrey Andreev | 2 | -2/+2 | |
2015-10-05 | Some more intrusive XSS cleaning | Andrey Andreev | 2 | -7/+18 | |
2015-10-05 | Close #4155 | Andrey Andreev | 1 | -1/+1 | |
2015-10-02 | [ci skip] Some consistency in the docs' theme CSS | Andrey Andreev | 1 | -37/+35 | |
2015-10-02 | Rearrange the TOC slightly, to support consistency between the side menu and ↵ | Master Yoda | 1 | -10/+10 | |
the sphonx toctree-derived pulldown menu. Signed-off-by:Master Yoda <jim_parry@bcit.ca> | |||||
2015-10-02 | Merge pull request #4148 from zhanghongyi/generate-pulldown | Andrey Andreev | 5 | -76/+121 | |
[ci skip] Generate docs pulldown menu using sphinx toctree | |||||
2015-10-02 | More XSS stuff | Andrey Andreev | 2 | -2/+7 | |
2015-09-29 | [ci skip] Add changelog message for PR #4126 | Andrey Andreev | 1 | -0/+1 | |
2015-09-29 | Merge pull request #4126 from zoaked/patch-1 | Andrey Andreev | 2 | -2/+1 | |
Persist config file rules when using FV reset_validation() | |||||
2015-09-28 | [ci skip] Explain per-directory logic for 404_override too | Andrey Andreev | 1 | -2/+4 | |
2015-09-28 | cal_cel_other | Дмитрий | 1 | -2/+2 | |
forget to close a tag cal_cel_other | |||||
2015-09-28 | [ci skip] Clarify docs about default_controller | Andrey Andreev | 2 | -14/+23 | |
2015-09-28 | Merge pull request #4125 from jim-parry/fix/lang_test | Andrey Andreev | 1 | -5/+17 | |
Improve CI_Lang tests | |||||
2015-09-24 | Fix #4137 | Andrey Andreev | 2 | -1/+2 | |
2015-09-23 | [ci skip] Cherry-pick docs pulldown nav fix from develop | Master Yoda | 1 | -85/+117 | |
2015-09-22 | [ci skip] Remove an example from DB docs | Andrey Andreev | 1 | -17/+0 | |
Users shouldn't be encouraged to use num_rows() that way ... We had already decided on this awhile ago, this example just slipped through. | |||||
2015-09-21 | More XSS stuff | Andrey Andreev | 2 | -3/+19 | |
2015-09-17 | Don't allow open-ended tags to pass through xss_clean() | Andrey Andreev | 2 | -4/+10 | |
This was a regression caused by the previous commit | |||||
2015-09-17 | Refactor 'evil attributes' sanitization logic | Andrey Andreev | 2 | -115/+100 | |
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes(). | |||||
2015-09-16 | [ci skip] Add missing changelog entry | Andrey Andreev | 1 | -0/+1 | |
2015-09-16 | Fix #4116 | Andrey Andreev | 2 | -6/+7 | |
Close #4117 | |||||
2015-09-16 | Fix typo | kenjis | 1 | -1/+1 | |
Signed-off-by: Kenji Suzuki <kenji.uui@gmail.com> | |||||
2015-09-16 | Fix #4120 | Andrey Andreev | 2 | -3/+14 | |
2015-09-15 | Missing character in the evil attributes pattern | Andrey Andreev | 1 | -1/+1 | |
2015-09-14 | Another addition to tag detection patterns in xss_clean() | Andrey Andreev | 2 | -1/+9 | |
2015-09-14 | Close #4098 | Andrey Andreev | 2 | -2/+19 | |
2015-09-14 | Fix #4032 | Andrey Andreev | 2 | -7/+10 | |
2015-09-14 | Fix #4044 | Andrey Andreev | 2 | -5/+6 | |
2015-09-14 | Fix #4109 | Andrey Andreev | 2 | -20/+23 | |
2015-09-14 | Add 'eval' to a JS blacklist in xss_clean() | Andrey Andreev | 1 | -7/+10 | |