summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
AgeCommit message (Expand)AuthorFilesLines
2015-03-26Add FSCommand and seekSegmentTime to evil HTML attributes listAndrey Andreev1-1/+1
2015-02-17Fix #3572: CI_Security::_remove_evil_attributes()Andrey Andreev1-21/+6
2015-02-09Fix #3579Andrey Andreev1-2/+2
2015-01-29fix typo in commentsClaudio Galdiolo1-1/+1
2015-01-21Remove closing blocks at end of PHP filesvlakoff1-3/+0
2015-01-20[ci skip] Change some log messages' levelAndrey Andreev1-4/+3
2015-01-09Bulk (mostly documentation) updateAndrey Andreev1-3/+3
2015-01-09Fix E_WARNING in CI_Security::entity_decode() on PHP<5.3.4Andrey Andreev1-1/+6
2014-12-16Remove trailing newlineJason Taylor1-1/+1
2014-12-16Fix Issue #3417warpcode1-2/+2
2014-12-08Fix 'Array to string conversion' notice in CSRF validationAndrey Andreev1-2/+2
2014-10-27[ci skip] Switch to MIT license; close #3293Andrey Andreev1-14/+25
2014-10-06Update a config_item() use case for the new NULL return valueAndrey Andreev1-1/+1
2014-10-05config_item() to return NULL instead of FALSE for non-existing itemsAndrey Andreev1-3/+3
2014-10-02stream_set_chunk_size() requires PHP 5.4Andrey Andreev1-1/+2
2014-09-30Make sure we don't waste entropyAndrey Andreev1-0/+1
2014-09-28[ci skip] Remove references to 'PHP5' from commentsAndrey Andreev1-1/+1
2014-09-17Fix a defined() checkAndrey Andreev1-1/+1
2014-09-12Fix #3228Andrey Andreev1-2/+0
2014-08-28Fix CI_Security::get_random_bytes() length validationAndrey Andreev1-1/+1
2014-08-27Add CI_Security::get_random_bytes() for CSRF & XSS token generationAndrey Andreev1-7/+54
2014-08-18[ci skip] Polish changes from PR #3176Andrey Andreev1-6/+6
2014-08-18Alter Pull #3176 to follow discussioncaseyh1-4/+4
2014-08-11CSRF whitelist supports regexCasey Hancock1-4/+7
2014-08-05Fix #3123Andrey Andreev1-1/+1
2014-07-14Add changelog entry for CSRF status code; remove line at EOFKyle Valade1-1/+1
2014-07-06Return 403 instead of 500 if no CSRF token givenKyle Valade1-2/+2
2014-06-29Fixed eofGraham Campbell1-1/+1
2014-06-29Fixed typoGraham Campbell1-2/+2
2014-05-23Fix #3057Andrey Andreev1-66/+62
2014-05-06xss_clean is not protecting GET requests that &item=/startwithslashDocumentopia.com1-1/+1
2014-03-18More xss_clean() improvementsAndrey Andreev1-2/+2
2014-03-18Another xss_clean() improvementAndrey Andreev1-2/+2
2014-03-18xss_clean() improvementAndrey Andreev1-4/+4
2014-02-112013 > 2014darwinel1-1/+1
2014-02-10CI_Security: URL-decode until possibleAndrey Andreev1-1/+5
2014-02-10[ci skip] Fix a typoAndrey Andreev1-1/+1
2014-02-10CI_Security: Expect a backslash as a tag separatorAndrey Andreev1-2/+2
2014-02-10CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as ja...Andrey Andreev1-6/+10
2014-01-25Add <math> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-25Previous commit caused side effects ...Andrey Andreev1-2/+2
2014-01-25Fix CI_Security::_remove_evil_attributes() being way too aggressiveAndrey Andreev1-2/+2
2014-01-25Re-add 'on\w*' to evil attributes (rel #2667)Andrey Andreev1-2/+1
2014-01-25Partially fix #2667Andrey Andreev1-2/+8
2014-01-24CI_Security: Also add <svg> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-24CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ele...Andrey Andreev1-1/+1
2014-01-24Fix syntax errorsAndrey Andreev1-2/+2
2014-01-24CI_Security: Add 'form' and 'xlink:href' to evil attributesAndrey Andreev1-1/+1
2014-01-24Add &newline; and &tab; to CI_Security::Andrey Andreev1-1/+3
2014-01-22CI_Security::_decode_entity() to replace dangerous HTML5 entitiesAndrey Andreev1-1/+19