index
:
Filebin
dev
dev-2.x
dev-parallel-tests
dev-text-paste-preview
hash-collision
master
no-ouput-if-error
release/1.x
The software behind paste.xinu.at
Florian Pritz
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
system
/
core
/
Security.php
Age
Commit message (
Expand
)
Author
Files
Lines
2015-01-09
Fix E_WARNING in CI_Security::entity_decode() on PHP<5.3.4
Andrey Andreev
1
-1
/
+6
2014-12-16
Remove trailing newline
Jason Taylor
1
-1
/
+1
2014-12-16
Fix Issue #3417
warpcode
1
-2
/
+2
2014-12-08
Fix 'Array to string conversion' notice in CSRF validation
Andrey Andreev
1
-2
/
+2
2014-10-27
[ci skip] Switch to MIT license; close #3293
Andrey Andreev
1
-14
/
+25
2014-10-06
Update a config_item() use case for the new NULL return value
Andrey Andreev
1
-1
/
+1
2014-10-05
config_item() to return NULL instead of FALSE for non-existing items
Andrey Andreev
1
-3
/
+3
2014-10-02
stream_set_chunk_size() requires PHP 5.4
Andrey Andreev
1
-1
/
+2
2014-09-30
Make sure we don't waste entropy
Andrey Andreev
1
-0
/
+1
2014-09-28
[ci skip] Remove references to 'PHP5' from comments
Andrey Andreev
1
-1
/
+1
2014-09-17
Fix a defined() check
Andrey Andreev
1
-1
/
+1
2014-09-12
Fix #3228
Andrey Andreev
1
-2
/
+0
2014-08-28
Fix CI_Security::get_random_bytes() length validation
Andrey Andreev
1
-1
/
+1
2014-08-27
Add CI_Security::get_random_bytes() for CSRF & XSS token generation
Andrey Andreev
1
-7
/
+54
2014-08-18
[ci skip] Polish changes from PR #3176
Andrey Andreev
1
-6
/
+6
2014-08-18
Alter Pull #3176 to follow discussion
caseyh
1
-4
/
+4
2014-08-11
CSRF whitelist supports regex
Casey Hancock
1
-4
/
+7
2014-08-05
Fix #3123
Andrey Andreev
1
-1
/
+1
2014-07-14
Add changelog entry for CSRF status code; remove line at EOF
Kyle Valade
1
-1
/
+1
2014-07-06
Return 403 instead of 500 if no CSRF token given
Kyle Valade
1
-2
/
+2
2014-06-29
Fixed eof
Graham Campbell
1
-1
/
+1
2014-06-29
Fixed typo
Graham Campbell
1
-2
/
+2
2014-05-23
Fix #3057
Andrey Andreev
1
-66
/
+62
2014-05-06
xss_clean is not protecting GET requests that &item=/startwithslash
Documentopia.com
1
-1
/
+1
2014-03-18
More xss_clean() improvements
Andrey Andreev
1
-2
/
+2
2014-03-18
Another xss_clean() improvement
Andrey Andreev
1
-2
/
+2
2014-03-18
xss_clean() improvement
Andrey Andreev
1
-4
/
+4
2014-02-11
2013 > 2014
darwinel
1
-1
/
+1
2014-02-10
CI_Security: URL-decode until possible
Andrey Andreev
1
-1
/
+5
2014-02-10
[ci skip] Fix a typo
Andrey Andreev
1
-1
/
+1
2014-02-10
CI_Security: Expect a backslash as a tag separator
Andrey Andreev
1
-2
/
+2
2014-02-10
CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as ja...
Andrey Andreev
1
-6
/
+10
2014-01-25
Add <math> to 'naughty' HTML elements
Andrey Andreev
1
-1
/
+1
2014-01-25
Previous commit caused side effects ...
Andrey Andreev
1
-2
/
+2
2014-01-25
Fix CI_Security::_remove_evil_attributes() being way too aggressive
Andrey Andreev
1
-2
/
+2
2014-01-25
Re-add 'on\w*' to evil attributes (rel #2667)
Andrey Andreev
1
-2
/
+1
2014-01-25
Partially fix #2667
Andrey Andreev
1
-2
/
+8
2014-01-24
CI_Security: Also add <svg> to 'naughty' HTML elements
Andrey Andreev
1
-1
/
+1
2014-01-24
CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ele...
Andrey Andreev
1
-1
/
+1
2014-01-24
Fix syntax errors
Andrey Andreev
1
-2
/
+2
2014-01-24
CI_Security: Add 'form' and 'xlink:href' to evil attributes
Andrey Andreev
1
-1
/
+1
2014-01-24
Add &newline; and &tab; to CI_Security::
Andrey Andreev
1
-1
/
+3
2014-01-22
CI_Security::_decode_entity() to replace dangerous HTML5 entities
Andrey Andreev
1
-1
/
+19
2014-01-21
Add <button> to the list of 'naugthy' html elements in CI_Security::xss_clean()
Andrey Andreev
1
-2
/
+2
2014-01-20
Fix #2729
Andrey Andreev
1
-2
/
+3
2014-01-18
Fix #2829
Andrey Andreev
1
-4
/
+4
2014-01-07
Fix #2268 (manually implementing PR #2269)
Andrey Andreev
1
-3
/
+3
2013-10-18
Eh ... preg_replace() needs a replacement
Andrey Andreev
1
-2
/
+2
2013-10-18
Fix issue #2681 (alternative to PR #2690)
Andrey Andreev
1
-2
/
+2
2013-10-17
Replace the last rand() with mt_rand()
vlakoff
1
-2
/
+2
[next]