Age | Commit message (Expand) | Author | Files | Lines |
2016-03-07 | Fix #4475 | Andrey Andreev | 1 | -1/+8 |
2016-01-11 | [ci skip] Update ellislab.com links to https too | Andrey Andreev | 1 | -1/+1 |
2016-01-11 | [ci skip] Update codeigniter.com links to https | Andrey Andreev | 1 | -2/+2 |
2016-01-11 | [ci skip] Bump year to 2016 | Andrey Andreev | 1 | -2/+2 |
2015-11-24 | Use PHP7's random_bytes() when possible | Andrey Andreev | 1 | -0/+16 |
2015-10-31 | Harden xss_clean() | Andrey Andreev | 1 | -27/+39 |
2015-10-05 | Some more intrusive XSS cleaning | Andrey Andreev | 1 | -5/+11 |
2015-10-02 | More XSS stuff | Andrey Andreev | 1 | -1/+1 |
2015-09-21 | More XSS stuff | Andrey Andreev | 1 | -3/+3 |
2015-09-17 | Don't allow open-ended tags to pass through xss_clean() | Andrey Andreev | 1 | -4/+9 |
2015-09-17 | Refactor 'evil attributes' sanitization logic | Andrey Andreev | 1 | -92/+66 |
2015-09-15 | Missing character in the evil attributes pattern | Andrey Andreev | 1 | -1/+1 |
2015-09-14 | Another addition to tag detection patterns in xss_clean() | Andrey Andreev | 1 | -1/+4 |
2015-09-14 | Add 'eval' to a JS blacklist in xss_clean() | Andrey Andreev | 1 | -7/+10 |
2015-09-14 | Move _remove_evil_attributes() call | Andrey Andreev | 1 | -4/+3 |
2015-09-11 | Harden xss_clean() more | Andrey Andreev | 1 | -5/+37 |
2015-09-11 | Improve on previous commit | Andrey Andreev | 1 | -1/+1 |
2015-09-11 | Replace the latest XSS patches | Andrey Andreev | 1 | -9/+21 |
2015-09-10 | Last commit didn't adjust a RE index | Andrey Andreev | 1 | -1/+1 |
2015-09-10 | Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -2/+2 |
2015-09-10 | Fix #4106 | Andrey Andreev | 1 | -2/+2 |
2015-07-15 | Fix a Typo | Mohammad Sadegh Dehghan Niri | 1 | -1/+1 |
2015-03-26 | Minor fixes in CI_Security::entity_decode() | Andrey Andreev | 1 | -4/+4 |
2015-03-26 | Add FSCommand and seekSegmentTime to evil HTML attributes list | Andrey Andreev | 1 | -1/+1 |
2015-02-17 | Fix #3572: CI_Security::_remove_evil_attributes() | Andrey Andreev | 1 | -21/+6 |
2015-02-09 | Fix #3579 | Andrey Andreev | 1 | -2/+2 |
2015-01-29 | fix typo in comments | Claudio Galdiolo | 1 | -1/+1 |
2015-01-21 | Remove closing blocks at end of PHP files | vlakoff | 1 | -3/+0 |
2015-01-20 | [ci skip] Change some log messages' level | Andrey Andreev | 1 | -4/+3 |
2015-01-09 | Bulk (mostly documentation) update | Andrey Andreev | 1 | -3/+3 |
2015-01-09 | Fix E_WARNING in CI_Security::entity_decode() on PHP<5.3.4 | Andrey Andreev | 1 | -1/+6 |
2014-12-16 | Remove trailing newline | Jason Taylor | 1 | -1/+1 |
2014-12-16 | Fix Issue #3417 | warpcode | 1 | -2/+2 |
2014-12-08 | Fix 'Array to string conversion' notice in CSRF validation | Andrey Andreev | 1 | -2/+2 |
2014-10-27 | [ci skip] Switch to MIT license; close #3293 | Andrey Andreev | 1 | -14/+25 |
2014-10-06 | Update a config_item() use case for the new NULL return value | Andrey Andreev | 1 | -1/+1 |
2014-10-05 | config_item() to return NULL instead of FALSE for non-existing items | Andrey Andreev | 1 | -3/+3 |
2014-10-02 | stream_set_chunk_size() requires PHP 5.4 | Andrey Andreev | 1 | -1/+2 |
2014-09-30 | Make sure we don't waste entropy | Andrey Andreev | 1 | -0/+1 |
2014-09-28 | [ci skip] Remove references to 'PHP5' from comments | Andrey Andreev | 1 | -1/+1 |
2014-09-17 | Fix a defined() check | Andrey Andreev | 1 | -1/+1 |
2014-09-12 | Fix #3228 | Andrey Andreev | 1 | -2/+0 |
2014-08-28 | Fix CI_Security::get_random_bytes() length validation | Andrey Andreev | 1 | -1/+1 |
2014-08-27 | Add CI_Security::get_random_bytes() for CSRF & XSS token generation | Andrey Andreev | 1 | -7/+54 |
2014-08-18 | [ci skip] Polish changes from PR #3176 | Andrey Andreev | 1 | -6/+6 |
2014-08-18 | Alter Pull #3176 to follow discussion | caseyh | 1 | -4/+4 |
2014-08-11 | CSRF whitelist supports regex | Casey Hancock | 1 | -4/+7 |
2014-08-05 | Fix #3123 | Andrey Andreev | 1 | -1/+1 |
2014-07-14 | Add changelog entry for CSRF status code; remove line at EOF | Kyle Valade | 1 | -1/+1 |
2014-07-06 | Return 403 instead of 500 if no CSRF token given | Kyle Valade | 1 | -2/+2 |