index
:
Filebin
dev
dev-2.x
dev-parallel-tests
dev-text-paste-preview
hash-collision
master
no-ouput-if-error
release/1.x
The software behind paste.xinu.at
Florian Pritz
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
system
/
core
/
Security.php
Age
Commit message (
Expand
)
Author
Files
Lines
2022-02-11
[ci skip] Merge pull request #6098 from totoprayogo1916/indent-whitespaces
Andrey Andreev
1
-1
/
+0
2022-01-05
Fix some minor PHP 8.1 deprecation warnings
Andrey Andreev
1
-1
/
+1
2021-03-24
[ci skip] Add SameSite=Strict to CSRF cookie
Andrey Andreev
1
-9
/
+29
2020-07-09
[ci skip] Merge pull request #5970 from sapics/fix/user-guide-url
Andrey Andreev
1
-1
/
+1
2019-08-02
[ci skip] Fix a CSRF-related bug
Andrey Andreev
1
-0
/
+1
2019-01-02
Merge pull request #5662 from jim-parry/copyright2019
Instructor, BCIT
1
-3
/
+3
2018-03-15
Merge pull request #5431 from CyberSecutor/develop
Andrey Andreev
1
-4
/
+6
2018-03-10
[ci skip] Fix #5420
Andrey Andreev
1
-2
/
+10
2018-01-09
[ci skip] Merge pull request #5376 from jim-parry/copyright-update
Andrey Andreev
1
-2
/
+2
2017-01-20
Don't use each()
Andrey Andreev
1
-2
/
+2
2017-01-17
[ci skip] Merge pull request #4986 from ka7/feature/spelling
Andrey Andreev
1
-1
/
+1
2017-01-04
[ci skip] Protect CSRF verification from timing side-channel attacks
Andrey Andreev
1
-6
/
+8
2017-01-04
Fix an XSS vulnerability
Andrey Andreev
1
-1
/
+1
2017-01-03
Update copyright data to 2017
Master Yoda
1
-2
/
+2
2016-10-28
[ci skip] xss_clean() hardening
Andrey Andreev
1
-10
/
+11
2016-10-26
Fix #4877
Andrey Andreev
1
-5
/
+29
2016-09-27
Fix entity_decode() issue
Andrey Andreev
1
-17
/
+22
2016-08-29
Merge pull request #4785 from guitarrist/develop
Andrey Andreev
1
-1
/
+1
2016-07-28
Remove dead code written for PHP 5.2
Andrey Andreev
1
-6
/
+1
2016-03-07
Fix #4475
Andrey Andreev
1
-1
/
+8
2016-01-11
[ci skip] Update ellislab.com links to https too
Andrey Andreev
1
-1
/
+1
2016-01-11
[ci skip] Update codeigniter.com links to https
Andrey Andreev
1
-2
/
+2
2016-01-11
[ci skip] Bump year to 2016
Andrey Andreev
1
-2
/
+2
2015-11-24
Use PHP7's random_bytes() when possible
Andrey Andreev
1
-0
/
+16
2015-10-31
Harden xss_clean()
Andrey Andreev
1
-27
/
+39
2015-10-05
Some more intrusive XSS cleaning
Andrey Andreev
1
-5
/
+11
2015-10-02
More XSS stuff
Andrey Andreev
1
-1
/
+1
2015-09-21
More XSS stuff
Andrey Andreev
1
-3
/
+3
2015-09-17
Don't allow open-ended tags to pass through xss_clean()
Andrey Andreev
1
-4
/
+9
2015-09-17
Refactor 'evil attributes' sanitization logic
Andrey Andreev
1
-92
/
+66
2015-09-15
Missing character in the evil attributes pattern
Andrey Andreev
1
-1
/
+1
2015-09-14
Another addition to tag detection patterns in xss_clean()
Andrey Andreev
1
-1
/
+4
2015-09-14
Add 'eval' to a JS blacklist in xss_clean()
Andrey Andreev
1
-7
/
+10
2015-09-14
Move _remove_evil_attributes() call
Andrey Andreev
1
-4
/
+3
2015-09-11
Harden xss_clean() more
Andrey Andreev
1
-5
/
+37
2015-09-11
Improve on previous commit
Andrey Andreev
1
-1
/
+1
2015-09-11
Replace the latest XSS patches
Andrey Andreev
1
-9
/
+21
2015-09-10
Last commit didn't adjust a RE index
Andrey Andreev
1
-1
/
+1
2015-09-10
Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4
Andrey Andreev
1
-2
/
+2
2015-09-10
Fix #4106
Andrey Andreev
1
-2
/
+2
2015-07-15
Fix a Typo
Mohammad Sadegh Dehghan Niri
1
-1
/
+1
2015-03-26
Minor fixes in CI_Security::entity_decode()
Andrey Andreev
1
-4
/
+4
2015-03-26
Add FSCommand and seekSegmentTime to evil HTML attributes list
Andrey Andreev
1
-1
/
+1
2015-02-17
Fix #3572: CI_Security::_remove_evil_attributes()
Andrey Andreev
1
-21
/
+6
2015-02-09
Fix #3579
Andrey Andreev
1
-2
/
+2
2015-01-29
fix typo in comments
Claudio Galdiolo
1
-1
/
+1
2015-01-21
Remove closing blocks at end of PHP files
vlakoff
1
-3
/
+0
2015-01-20
[ci skip] Change some log messages' level
Andrey Andreev
1
-4
/
+3
2015-01-09
Bulk (mostly documentation) update
Andrey Andreev
1
-3
/
+3
2015-01-09
Fix E_WARNING in CI_Security::entity_decode() on PHP<5.3.4
Andrey Andreev
1
-1
/
+6
[next]