Age | Commit message (Expand) | Author | Files | Lines |
2015-03-26 | Minor fixes in CI_Security::entity_decode() | Andrey Andreev | 1 | -4/+4 |
2015-03-26 | Add FSCommand and seekSegmentTime to evil HTML attributes list | Andrey Andreev | 1 | -1/+1 |
2015-02-17 | Fix #3572: CI_Security::_remove_evil_attributes() | Andrey Andreev | 1 | -21/+6 |
2015-02-09 | Fix #3579 | Andrey Andreev | 1 | -2/+2 |
2015-01-29 | fix typo in comments | Claudio Galdiolo | 1 | -1/+1 |
2015-01-21 | Remove closing blocks at end of PHP files | vlakoff | 1 | -3/+0 |
2015-01-20 | [ci skip] Change some log messages' level | Andrey Andreev | 1 | -4/+3 |
2015-01-09 | Bulk (mostly documentation) update | Andrey Andreev | 1 | -3/+3 |
2015-01-09 | Fix E_WARNING in CI_Security::entity_decode() on PHP<5.3.4 | Andrey Andreev | 1 | -1/+6 |
2014-12-16 | Remove trailing newline | Jason Taylor | 1 | -1/+1 |
2014-12-16 | Fix Issue #3417 | warpcode | 1 | -2/+2 |
2014-12-08 | Fix 'Array to string conversion' notice in CSRF validation | Andrey Andreev | 1 | -2/+2 |
2014-10-27 | [ci skip] Switch to MIT license; close #3293 | Andrey Andreev | 1 | -14/+25 |
2014-10-06 | Update a config_item() use case for the new NULL return value | Andrey Andreev | 1 | -1/+1 |
2014-10-05 | config_item() to return NULL instead of FALSE for non-existing items | Andrey Andreev | 1 | -3/+3 |
2014-10-02 | stream_set_chunk_size() requires PHP 5.4 | Andrey Andreev | 1 | -1/+2 |
2014-09-30 | Make sure we don't waste entropy | Andrey Andreev | 1 | -0/+1 |
2014-09-28 | [ci skip] Remove references to 'PHP5' from comments | Andrey Andreev | 1 | -1/+1 |
2014-09-17 | Fix a defined() check | Andrey Andreev | 1 | -1/+1 |
2014-09-12 | Fix #3228 | Andrey Andreev | 1 | -2/+0 |
2014-08-28 | Fix CI_Security::get_random_bytes() length validation | Andrey Andreev | 1 | -1/+1 |
2014-08-27 | Add CI_Security::get_random_bytes() for CSRF & XSS token generation | Andrey Andreev | 1 | -7/+54 |
2014-08-18 | [ci skip] Polish changes from PR #3176 | Andrey Andreev | 1 | -6/+6 |
2014-08-18 | Alter Pull #3176 to follow discussion | caseyh | 1 | -4/+4 |
2014-08-11 | CSRF whitelist supports regex | Casey Hancock | 1 | -4/+7 |
2014-08-05 | Fix #3123 | Andrey Andreev | 1 | -1/+1 |
2014-07-14 | Add changelog entry for CSRF status code; remove line at EOF | Kyle Valade | 1 | -1/+1 |
2014-07-06 | Return 403 instead of 500 if no CSRF token given | Kyle Valade | 1 | -2/+2 |
2014-06-29 | Fixed eof | Graham Campbell | 1 | -1/+1 |
2014-06-29 | Fixed typo | Graham Campbell | 1 | -2/+2 |
2014-05-23 | Fix #3057 | Andrey Andreev | 1 | -66/+62 |
2014-05-06 | xss_clean is not protecting GET requests that &item=/startwithslash | Documentopia.com | 1 | -1/+1 |
2014-03-18 | More xss_clean() improvements | Andrey Andreev | 1 | -2/+2 |
2014-03-18 | Another xss_clean() improvement | Andrey Andreev | 1 | -2/+2 |
2014-03-18 | xss_clean() improvement | Andrey Andreev | 1 | -4/+4 |
2014-02-11 | 2013 > 2014 | darwinel | 1 | -1/+1 |
2014-02-10 | CI_Security: URL-decode until possible | Andrey Andreev | 1 | -1/+5 |
2014-02-10 | [ci skip] Fix a typo | Andrey Andreev | 1 | -1/+1 |
2014-02-10 | CI_Security: Expect a backslash as a tag separator | Andrey Andreev | 1 | -2/+2 |
2014-02-10 | CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as ja... | Andrey Andreev | 1 | -6/+10 |
2014-01-25 | Add <math> to 'naughty' HTML elements | Andrey Andreev | 1 | -1/+1 |
2014-01-25 | Previous commit caused side effects ... | Andrey Andreev | 1 | -2/+2 |
2014-01-25 | Fix CI_Security::_remove_evil_attributes() being way too aggressive | Andrey Andreev | 1 | -2/+2 |
2014-01-25 | Re-add 'on\w*' to evil attributes (rel #2667) | Andrey Andreev | 1 | -2/+1 |
2014-01-25 | Partially fix #2667 | Andrey Andreev | 1 | -2/+8 |
2014-01-24 | CI_Security: Also add <svg> to 'naughty' HTML elements | Andrey Andreev | 1 | -1/+1 |
2014-01-24 | CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ele... | Andrey Andreev | 1 | -1/+1 |
2014-01-24 | Fix syntax errors | Andrey Andreev | 1 | -2/+2 |
2014-01-24 | CI_Security: Add 'form' and 'xlink:href' to evil attributes | Andrey Andreev | 1 | -1/+1 |
2014-01-24 | Add &newline; and &tab; to CI_Security:: | Andrey Andreev | 1 | -1/+3 |