summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
AgeCommit message (Expand)AuthorFilesLines
2014-08-28Fix CI_Security::get_random_bytes() length validationAndrey Andreev1-1/+1
2014-08-27Add CI_Security::get_random_bytes() for CSRF & XSS token generationAndrey Andreev1-7/+54
2014-08-18[ci skip] Polish changes from PR #3176Andrey Andreev1-6/+6
2014-08-18Alter Pull #3176 to follow discussioncaseyh1-4/+4
2014-08-11CSRF whitelist supports regexCasey Hancock1-4/+7
2014-08-05Fix #3123Andrey Andreev1-1/+1
2014-07-14Add changelog entry for CSRF status code; remove line at EOFKyle Valade1-1/+1
2014-07-06Return 403 instead of 500 if no CSRF token givenKyle Valade1-2/+2
2014-06-29Fixed eofGraham Campbell1-1/+1
2014-06-29Fixed typoGraham Campbell1-2/+2
2014-05-23Fix #3057Andrey Andreev1-66/+62
2014-05-06xss_clean is not protecting GET requests that &item=/startwithslashDocumentopia.com1-1/+1
2014-03-18More xss_clean() improvementsAndrey Andreev1-2/+2
2014-03-18Another xss_clean() improvementAndrey Andreev1-2/+2
2014-03-18xss_clean() improvementAndrey Andreev1-4/+4
2014-02-112013 > 2014darwinel1-1/+1
2014-02-10CI_Security: URL-decode until possibleAndrey Andreev1-1/+5
2014-02-10[ci skip] Fix a typoAndrey Andreev1-1/+1
2014-02-10CI_Security: Expect a backslash as a tag separatorAndrey Andreev1-2/+2
2014-02-10CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as ja...Andrey Andreev1-6/+10
2014-01-25Add <math> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-25Previous commit caused side effects ...Andrey Andreev1-2/+2
2014-01-25Fix CI_Security::_remove_evil_attributes() being way too aggressiveAndrey Andreev1-2/+2
2014-01-25Re-add 'on\w*' to evil attributes (rel #2667)Andrey Andreev1-2/+1
2014-01-25Partially fix #2667Andrey Andreev1-2/+8
2014-01-24CI_Security: Also add <svg> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-24CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ele...Andrey Andreev1-1/+1
2014-01-24Fix syntax errorsAndrey Andreev1-2/+2
2014-01-24CI_Security: Add 'form' and 'xlink:href' to evil attributesAndrey Andreev1-1/+1
2014-01-24Add &newline; and &tab; to CI_Security::Andrey Andreev1-1/+3
2014-01-22CI_Security::_decode_entity() to replace dangerous HTML5 entitiesAndrey Andreev1-1/+19
2014-01-21Add <button> to the list of 'naugthy' html elements in CI_Security::xss_clean()Andrey Andreev1-2/+2
2014-01-20Fix #2729Andrey Andreev1-2/+3
2014-01-18Fix #2829Andrey Andreev1-4/+4
2014-01-07Fix #2268 (manually implementing PR #2269)Andrey Andreev1-3/+3
2013-10-18Eh ... preg_replace() needs a replacementAndrey Andreev1-2/+2
2013-10-18Fix issue #2681 (alternative to PR #2690)Andrey Andreev1-2/+2
2013-10-17Replace the last rand() with mt_rand()vlakoff1-2/+2
2013-10-03partial fix #2667David Cox Jr1-1/+1
2013-08-04Rename bad chars property to filename_bad_chars, remove the setter and add ch...Hunter Wu1-15/+2
2013-08-03Make the bad filename array public in Security libraryHunter Wu1-18/+38
2013-08-03Revert "Add windows filename rule as an option for upload files"Hunter Wu1-32/+19
2013-08-01Add windows filename rule as an option for upload filesHunter Wu1-19/+32
2013-03-30Some cleanup related to mt_rand()vlakoff1-2/+1
2013-01-29Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename()Andrey Andreev1-1/+9
2013-01-01[ci skip] Happy new yearAndrey Andreev1-1/+1
2012-12-19[ci skip] Some micro-optimizations and style changesAndrey Andreev1-3/+3
2012-12-18Replaced spaces with tabs for indentation and || with ORbrian9781-9/+9
2012-12-18Merge remote-tracking branch 'upstream/develop' into developbrian9781-2/+2
2012-12-17update for Issue #2064 (changed docblocks which return $this or only call a m...Andrew Podner1-2/+2