index
:
Filebin
dev
dev-2.x
dev-parallel-tests
dev-text-paste-preview
hash-collision
master
no-ouput-if-error
release/1.x
The software behind paste.xinu.at
Florian Pritz
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
system
/
core
/
Security.php
Age
Commit message (
Expand
)
Author
Files
Lines
2015-09-14
Add 'eval' to a JS blacklist in xss_clean()
Andrey Andreev
1
-7
/
+10
2015-09-14
Move _remove_evil_attributes() call
Andrey Andreev
1
-4
/
+3
2015-09-11
Harden xss_clean() more
Andrey Andreev
1
-5
/
+37
2015-09-11
Improve on previous commit
Andrey Andreev
1
-1
/
+1
2015-09-11
Replace the latest XSS patches
Andrey Andreev
1
-9
/
+21
2015-09-10
Last commit didn't adjust a RE index
Andrey Andreev
1
-1
/
+1
2015-09-10
Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4
Andrey Andreev
1
-2
/
+2
2015-09-10
Fix #4106
Andrey Andreev
1
-2
/
+2
2015-07-15
Fix a Typo
Mohammad Sadegh Dehghan Niri
1
-1
/
+1
2015-03-26
Minor fixes in CI_Security::entity_decode()
Andrey Andreev
1
-4
/
+4
2015-03-26
Add FSCommand and seekSegmentTime to evil HTML attributes list
Andrey Andreev
1
-1
/
+1
2015-02-17
Fix #3572: CI_Security::_remove_evil_attributes()
Andrey Andreev
1
-21
/
+6
2015-02-09
Fix #3579
Andrey Andreev
1
-2
/
+2
2015-01-29
fix typo in comments
Claudio Galdiolo
1
-1
/
+1
2015-01-21
Remove closing blocks at end of PHP files
vlakoff
1
-3
/
+0
2015-01-20
[ci skip] Change some log messages' level
Andrey Andreev
1
-4
/
+3
2015-01-09
Bulk (mostly documentation) update
Andrey Andreev
1
-3
/
+3
2015-01-09
Fix E_WARNING in CI_Security::entity_decode() on PHP<5.3.4
Andrey Andreev
1
-1
/
+6
2014-12-16
Remove trailing newline
Jason Taylor
1
-1
/
+1
2014-12-16
Fix Issue #3417
warpcode
1
-2
/
+2
2014-12-08
Fix 'Array to string conversion' notice in CSRF validation
Andrey Andreev
1
-2
/
+2
2014-10-27
[ci skip] Switch to MIT license; close #3293
Andrey Andreev
1
-14
/
+25
2014-10-06
Update a config_item() use case for the new NULL return value
Andrey Andreev
1
-1
/
+1
2014-10-05
config_item() to return NULL instead of FALSE for non-existing items
Andrey Andreev
1
-3
/
+3
2014-10-02
stream_set_chunk_size() requires PHP 5.4
Andrey Andreev
1
-1
/
+2
2014-09-30
Make sure we don't waste entropy
Andrey Andreev
1
-0
/
+1
2014-09-28
[ci skip] Remove references to 'PHP5' from comments
Andrey Andreev
1
-1
/
+1
2014-09-17
Fix a defined() check
Andrey Andreev
1
-1
/
+1
2014-09-12
Fix #3228
Andrey Andreev
1
-2
/
+0
2014-08-28
Fix CI_Security::get_random_bytes() length validation
Andrey Andreev
1
-1
/
+1
2014-08-27
Add CI_Security::get_random_bytes() for CSRF & XSS token generation
Andrey Andreev
1
-7
/
+54
2014-08-18
[ci skip] Polish changes from PR #3176
Andrey Andreev
1
-6
/
+6
2014-08-18
Alter Pull #3176 to follow discussion
caseyh
1
-4
/
+4
2014-08-11
CSRF whitelist supports regex
Casey Hancock
1
-4
/
+7
2014-08-05
Fix #3123
Andrey Andreev
1
-1
/
+1
2014-07-14
Add changelog entry for CSRF status code; remove line at EOF
Kyle Valade
1
-1
/
+1
2014-07-06
Return 403 instead of 500 if no CSRF token given
Kyle Valade
1
-2
/
+2
2014-06-29
Fixed eof
Graham Campbell
1
-1
/
+1
2014-06-29
Fixed typo
Graham Campbell
1
-2
/
+2
2014-05-23
Fix #3057
Andrey Andreev
1
-66
/
+62
2014-05-06
xss_clean is not protecting GET requests that &item=/startwithslash
Documentopia.com
1
-1
/
+1
2014-03-18
More xss_clean() improvements
Andrey Andreev
1
-2
/
+2
2014-03-18
Another xss_clean() improvement
Andrey Andreev
1
-2
/
+2
2014-03-18
xss_clean() improvement
Andrey Andreev
1
-4
/
+4
2014-02-11
2013 > 2014
darwinel
1
-1
/
+1
2014-02-10
CI_Security: URL-decode until possible
Andrey Andreev
1
-1
/
+5
2014-02-10
[ci skip] Fix a typo
Andrey Andreev
1
-1
/
+1
2014-02-10
CI_Security: Expect a backslash as a tag separator
Andrey Andreev
1
-2
/
+2
2014-02-10
CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as ja...
Andrey Andreev
1
-6
/
+10
2014-01-25
Add <math> to 'naughty' HTML elements
Andrey Andreev
1
-1
/
+1
[next]