Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2014-02-11 | 2013 > 2014 | darwinel | 1 | -1/+1 | |
Update copyright notices from 2013 to 2014. And update one calendar example in user_guide from year 2013/2014 to 2014/2015. | |||||
2014-02-10 | CI_Security: URL-decode until possible | Andrey Andreev | 1 | -1/+5 | |
2014-02-10 | [ci skip] Fix a typo | Andrey Andreev | 1 | -1/+1 | |
2014-02-10 | CI_Security: Expect a backslash as a tag separator | Andrey Andreev | 1 | -2/+2 | |
2014-02-10 | CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as ↵ | Andrey Andreev | 1 | -6/+10 | |
javascript, alert | |||||
2014-01-25 | Add <math> to 'naughty' HTML elements | Andrey Andreev | 1 | -1/+1 | |
2014-01-25 | Previous commit caused side effects ... | Andrey Andreev | 1 | -2/+2 | |
2014-01-25 | Fix CI_Security::_remove_evil_attributes() being way too aggressive | Andrey Andreev | 1 | -2/+2 | |
2014-01-25 | Re-add 'on\w*' to evil attributes (rel #2667) | Andrey Andreev | 1 | -2/+1 | |
2014-01-25 | Partially fix #2667 | Andrey Andreev | 1 | -2/+8 | |
2014-01-24 | CI_Security: Also add <svg> to 'naughty' HTML elements | Andrey Andreev | 1 | -1/+1 | |
2014-01-24 | CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ↵ | Andrey Andreev | 1 | -1/+1 | |
elements | |||||
2014-01-24 | Fix syntax errors | Andrey Andreev | 1 | -2/+2 | |
2014-01-24 | CI_Security: Add 'form' and 'xlink:href' to evil attributes | Andrey Andreev | 1 | -1/+1 | |
2014-01-24 | Add &newline; and &tab; to CI_Security:: | Andrey Andreev | 1 | -1/+3 | |
2014-01-22 | CI_Security::_decode_entity() to replace dangerous HTML5 entities | Andrey Andreev | 1 | -1/+19 | |
Related to issue #2771 | |||||
2014-01-21 | Add <button> to the list of 'naugthy' html elements in CI_Security::xss_clean() | Andrey Andreev | 1 | -2/+2 | |
2014-01-20 | Fix #2729 | Andrey Andreev | 1 | -2/+3 | |
2014-01-18 | Fix #2829 | Andrey Andreev | 1 | -4/+4 | |
2014-01-07 | Fix #2268 (manually implementing PR #2269) | Andrey Andreev | 1 | -3/+3 | |
2013-10-18 | Eh ... preg_replace() needs a replacement | Andrey Andreev | 1 | -2/+2 | |
2013-10-18 | Fix issue #2681 (alternative to PR #2690) | Andrey Andreev | 1 | -2/+2 | |
2013-10-17 | Replace the last rand() with mt_rand() | vlakoff | 1 | -2/+2 | |
Better entropy, faster. Also fixed a few "it's" typos. | |||||
2013-10-03 | partial fix #2667 | David Cox Jr | 1 | -1/+1 | |
this fixes the ability to replace a space with a / and skip the XSS filtering | |||||
2013-08-04 | Rename bad chars property to filename_bad_chars, remove the setter and add ↵ | Hunter Wu | 1 | -15/+2 | |
changelog entry | |||||
2013-08-03 | Make the bad filename array public in Security library | Hunter Wu | 1 | -18/+38 | |
2013-08-03 | Revert "Add windows filename rule as an option for upload files" | Hunter Wu | 1 | -32/+19 | |
This reverts commit 23719ab569c9c8d6b791f65d7861daba3895ddcb. | |||||
2013-08-01 | Add windows filename rule as an option for upload files | Hunter Wu | 1 | -19/+32 | |
2013-03-30 | Some cleanup related to mt_rand() | vlakoff | 1 | -2/+1 | |
- min and max values are 0 and mt_getrandmax() by default - remove useless mt_srand() seed calls | |||||
2013-01-29 | Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename() | Andrey Andreev | 1 | -1/+9 | |
Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73. | |||||
2013-01-01 | [ci skip] Happy new year | Andrey Andreev | 1 | -1/+1 | |
2012-12-19 | [ci skip] Some micro-optimizations and style changes | Andrey Andreev | 1 | -3/+3 | |
(following PRs #2049, #2079) | |||||
2012-12-18 | Replaced spaces with tabs for indentation and || with OR | brian978 | 1 | -9/+9 | |
2012-12-18 | Merge remote-tracking branch 'upstream/develop' into develop | brian978 | 1 | -2/+2 | |
2012-12-17 | update for Issue #2064 (changed docblocks which return $this or only call a ↵ | Andrew Podner | 1 | -2/+2 | |
method that returns $this to @return CI_DB_class_name) | |||||
2012-12-11 | Modified regexp to match partial tags | brian978 | 1 | -2/+2 | |
2012-12-10 | Removed boundary from regexp | brian978 | 1 | -1/+1 | |
2012-12-10 | Fixed bug with regexp that matched tags | brian978 | 1 | -1/+1 | |
2012-12-08 | All the HEX code must be replaced or else some XSS attacks can be successful | brian978 | 1 | -3/+11 | |
2012-12-03 | Added small improvement to the _remove_evil_attributes function | brian978 | 1 | -6/+5 | |
Signed-off-by: brian978 <dbrian89@yahoo.com> | |||||
2012-12-03 | [ci skip] Cleaned some spaces | Andrey Andreev | 1 | -2/+1 | |
2012-11-01 | Manually apply PR #1594 (fixing phpdoc page-level generation/warnings) | Andrey Andreev | 1 | -1/+2 | |
Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files. | |||||
2012-10-28 | [ci skip] DocBlock improvements for Security library | Andrey Andreev | 1 | -77/+100 | |
2012-10-24 | [ci skip] Document get_csrf_token_name(), get_csrf_hash() (issue #715) | Andrey Andreev | 1 | -1/+1 | |
2012-10-22 | Add is_https() as a common function | Andrey Andreev | 1 | -1/+1 | |
2012-07-02 | Clean up regexes in Security->xss_clean() | vlakoff | 1 | -7/+7 | |
Removed some unneeded capturing groups (or made them non-capturing) and some unneeded escape characters | |||||
2012-06-26 | Fix issue #427 | Andrey Andreev | 1 | -0/+13 | |
2012-06-12 | Change file permissions for system/core/*.php and system/database/DB.php so ↵ | Andrey Andreev | 1 | -0/+0 | |
that they don't differ from the rest | |||||
2012-06-04 | Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d | Andrey Andreev | 1 | -1/+1 | |
2012-06-02 | Replaced `==` with `===` and `!=` with `!==` in /system/core | Alex Bilbie | 1 | -4/+4 | |