summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2015-09-22Added optional parameter to reset_validation()zoaked1-4/+2
2015-09-22Added optional parameter to reset_validation() in form_validation libraryzoaked1-1/+1
2015-09-22Styling changeszoaked1-3/+5
2015-09-21Merge pull request #4130 from jim-parry/fix/pulldown-navAndrey Andreev1-85/+117
Fixed the pulldown menu in docs Close #4043
2015-09-21Removed mention of the fix in the changelog - not a framework issue.Master Yoda1-1/+0
Signed-off-by:Master Yoda <jim_parry@bcit.ca>
2015-09-21Changes suggested by AndreyMaster Yoda2-3/+4
Signed-off-by:Master Yoda <jim_parry@bcit.ca>
2015-09-21Fixed the pulldown navMaster Yoda2-85/+118
Signed-off-by:Master Yoda <jim_parry@bcit.ca>
2015-09-21More XSS stuffAndrey Andreev2-3/+19
2015-09-21Merge branch 'fix/lang_test' of https://github.com/jim-parry/CodeIgniter ↵Master Yoda2-4/+21
into fix/lang_test
2015-09-21Update form_validation.rstzoaked1-2/+5
2015-09-21Update changelog.rstzoaked1-0/+1
2015-09-21Switch from saving copy of config to reset method parameterzoaked1-4/+5
2015-09-20Persist config file settings when resetting form_validationzoaked1-2/+3
When checking multiple arrays using form_validation you have to call reset_validation between each separate check due to the instance of the library being a singleton. The issue comes in when the settings are loaded from a config file as they are initially loaded from a parameter in the constructor, but are set to an empty array when resetting the class. To get around this issue a copy of the config parameter is made and then the copy is used to reset the rules when clearing.
2015-09-20The Lang unit testing claimed to be testing for non-alpha idioms, but wasn't.Master Yoda1-94/+99
Setup a new test method to isolate this. Signed-off-by:Master Yoda <jim_parry@bcit.ca>
2015-09-20Revert "Revert "The Lang unit testing claimed to be testing for non-alpha ↵Master Yoda1-6/+12
idioms, but wasn't. Setup a new test method to isolate this. Signed-off-by:Master Yoda <jim_parry@bcit.ca>"" This reverts commit 5f8fa02b9e386dfc474d8a6f2302e32674f2b55a.
2015-09-20Revert "The Lang unit testing claimed to be testing for non-alpha idioms, ↵Master Yoda1-12/+6
but wasn't. Setup a new test method to isolate this. Signed-off-by:Master Yoda <jim_parry@bcit.ca>" This reverts commit 1adf834231dae85e55c1bf2d19f3f4b28324f356.
2015-09-20The Lang unit testing claimed to be testing for non-alpha idioms, but wasn't.Master Yoda1-6/+12
Setup a new test method to isolate this. Signed-off-by:Master Yoda <jim_parry@bcit.ca>
2015-09-20The Lang unit testing claimed to be testing for non-alpha idioms, but wasn't.Master Yoda1-84/+89
Setup a new test method to isolate this. Signed-off-by:Master Yoda <jim_parry@bcit.ca>
2015-09-20The Lang unit testing claimed to be testing for non-alpha idioms, but wasn't.Master Yoda1-0/+1
Setup a new test method to isolate this. Signed-off-by:Master Yoda <jim_parry@bcit.ca>
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev2-4/+10
This was a regression caused by the previous commit
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev2-115/+100
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes().
2015-09-16[ci skip] Add missing changelog entryAndrey Andreev1-0/+1
2015-09-16Fix #4116Andrey Andreev2-6/+7
Close #4117
2015-09-16Fix typokenjis1-1/+1
Signed-off-by: Kenji Suzuki <kenji.uui@gmail.com>
2015-09-16Fix #4120Andrey Andreev2-3/+14
2015-09-16Merge pull request #4119 from kenjis/fix-tutorialAndrey Andreev1-1/+1
[ci skip] Fix a typo in the tutorial
2015-09-16Fix typokenjis1-1/+1
Signed-off-by: Kenji Suzuki <kenji.uui@gmail.com>
2015-09-15Missing character in the evil attributes patternAndrey Andreev1-1/+1
2015-09-14Another addition to tag detection patterns in xss_clean()Andrey Andreev2-1/+9
2015-09-14Close #4098Andrey Andreev2-2/+19
2015-09-14Fix #4032Andrey Andreev2-7/+10
2015-09-14Fix #4044Andrey Andreev2-5/+6
2015-09-14Fix #4109Andrey Andreev2-20/+23
2015-09-14Add 'eval' to a JS blacklist in xss_clean()Andrey Andreev1-7/+10
2015-09-14Move _remove_evil_attributes() callAndrey Andreev2-4/+17
2015-09-11Harden xss_clean() moreAndrey Andreev2-7/+44
This time eliminate false positives for the 'naughty html' logic.
2015-09-11Improve on previous commitAndrey Andreev2-1/+6
2015-09-11Replace the latest XSS patchesAndrey Andreev2-10/+27
This one fixes yet another issue, is cleaner and faster.
2015-09-10Last commit didn't adjust a RE indexAndrey Andreev2-1/+6
2015-09-10Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev2-6/+6
2015-09-10Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-1/+1
2015-09-10[ci skip] Add changelog entry for #4105Andrey Andreev1-0/+1
2015-09-10Change form validation library to allow the pipe character within square ↵rich1-1/+1
brackets
2015-09-10Merge pull request #4105 from rjbrooksjr/developAndrey Andreev1-1/+1
FV library to allow the pipe character within brackets
2015-09-10Fix #4106Andrey Andreev2-2/+10
2015-09-09Change form validation library to allow the pipe character within square ↵rich1-1/+1
brackets
2015-09-07Remove unnecessary count() calls from _sanitize_globals()Andrey Andreev1-3/+3
foreach() just won't execute for an empty array, it does that check internally.
2015-09-07Move csrf_verify() call out of _sanitize_globals()Andrey Andreev1-6/+6
It doesn't belong in there.
2015-09-03Fix #4096Andrey Andreev2-1/+2
2015-09-02[ci skip] Improve FV language string instructionsAndrey Andreev1-1/+4
As suggested in #4095