index
:
Filebin
dev
dev-2.x
dev-parallel-tests
dev-text-paste-preview
hash-collision
master
no-ouput-if-error
release/1.x
The software behind paste.xinu.at
Florian Pritz
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
system
/
core
/
Security.php
Age
Commit message (
Expand
)
Author
Files
Lines
2014-09-12
Fix #3228
Andrey Andreev
1
-2
/
+0
2014-08-28
Fix CI_Security::get_random_bytes() length validation
Andrey Andreev
1
-1
/
+1
2014-08-27
Add CI_Security::get_random_bytes() for CSRF & XSS token generation
Andrey Andreev
1
-7
/
+54
2014-08-18
[ci skip] Polish changes from PR #3176
Andrey Andreev
1
-6
/
+6
2014-08-18
Alter Pull #3176 to follow discussion
caseyh
1
-4
/
+4
2014-08-11
CSRF whitelist supports regex
Casey Hancock
1
-4
/
+7
2014-08-05
Fix #3123
Andrey Andreev
1
-1
/
+1
2014-07-14
Add changelog entry for CSRF status code; remove line at EOF
Kyle Valade
1
-1
/
+1
2014-07-06
Return 403 instead of 500 if no CSRF token given
Kyle Valade
1
-2
/
+2
2014-06-29
Fixed eof
Graham Campbell
1
-1
/
+1
2014-06-29
Fixed typo
Graham Campbell
1
-2
/
+2
2014-05-23
Fix #3057
Andrey Andreev
1
-66
/
+62
2014-05-06
xss_clean is not protecting GET requests that &item=/startwithslash
Documentopia.com
1
-1
/
+1
2014-03-18
More xss_clean() improvements
Andrey Andreev
1
-2
/
+2
2014-03-18
Another xss_clean() improvement
Andrey Andreev
1
-2
/
+2
2014-03-18
xss_clean() improvement
Andrey Andreev
1
-4
/
+4
2014-02-11
2013 > 2014
darwinel
1
-1
/
+1
2014-02-10
CI_Security: URL-decode until possible
Andrey Andreev
1
-1
/
+5
2014-02-10
[ci skip] Fix a typo
Andrey Andreev
1
-1
/
+1
2014-02-10
CI_Security: Expect a backslash as a tag separator
Andrey Andreev
1
-2
/
+2
2014-02-10
CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as ja...
Andrey Andreev
1
-6
/
+10
2014-01-25
Add <math> to 'naughty' HTML elements
Andrey Andreev
1
-1
/
+1
2014-01-25
Previous commit caused side effects ...
Andrey Andreev
1
-2
/
+2
2014-01-25
Fix CI_Security::_remove_evil_attributes() being way too aggressive
Andrey Andreev
1
-2
/
+2
2014-01-25
Re-add 'on\w*' to evil attributes (rel #2667)
Andrey Andreev
1
-2
/
+1
2014-01-25
Partially fix #2667
Andrey Andreev
1
-2
/
+8
2014-01-24
CI_Security: Also add <svg> to 'naughty' HTML elements
Andrey Andreev
1
-1
/
+1
2014-01-24
CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ele...
Andrey Andreev
1
-1
/
+1
2014-01-24
Fix syntax errors
Andrey Andreev
1
-2
/
+2
2014-01-24
CI_Security: Add 'form' and 'xlink:href' to evil attributes
Andrey Andreev
1
-1
/
+1
2014-01-24
Add &newline; and &tab; to CI_Security::
Andrey Andreev
1
-1
/
+3
2014-01-22
CI_Security::_decode_entity() to replace dangerous HTML5 entities
Andrey Andreev
1
-1
/
+19
2014-01-21
Add <button> to the list of 'naugthy' html elements in CI_Security::xss_clean()
Andrey Andreev
1
-2
/
+2
2014-01-20
Fix #2729
Andrey Andreev
1
-2
/
+3
2014-01-18
Fix #2829
Andrey Andreev
1
-4
/
+4
2014-01-07
Fix #2268 (manually implementing PR #2269)
Andrey Andreev
1
-3
/
+3
2013-10-18
Eh ... preg_replace() needs a replacement
Andrey Andreev
1
-2
/
+2
2013-10-18
Fix issue #2681 (alternative to PR #2690)
Andrey Andreev
1
-2
/
+2
2013-10-17
Replace the last rand() with mt_rand()
vlakoff
1
-2
/
+2
2013-10-03
partial fix #2667
David Cox Jr
1
-1
/
+1
2013-08-04
Rename bad chars property to filename_bad_chars, remove the setter and add ch...
Hunter Wu
1
-15
/
+2
2013-08-03
Make the bad filename array public in Security library
Hunter Wu
1
-18
/
+38
2013-08-03
Revert "Add windows filename rule as an option for upload files"
Hunter Wu
1
-32
/
+19
2013-08-01
Add windows filename rule as an option for upload files
Hunter Wu
1
-19
/
+32
2013-03-30
Some cleanup related to mt_rand()
vlakoff
1
-2
/
+1
2013-01-29
Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename()
Andrey Andreev
1
-1
/
+9
2013-01-01
[ci skip] Happy new year
Andrey Andreev
1
-1
/
+1
2012-12-19
[ci skip] Some micro-optimizations and style changes
Andrey Andreev
1
-3
/
+3
2012-12-18
Replaced spaces with tabs for indentation and || with OR
brian978
1
-9
/
+9
2012-12-18
Merge remote-tracking branch 'upstream/develop' into develop
brian978
1
-2
/
+2
[next]