summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
AgeCommit message (Expand)AuthorFilesLines
2022-01-05Merge branch '3.1-stable' into developAndrey Andreev1-9/+29
2022-01-05Fix some minor PHP 8.1 deprecation warningsAndrey Andreev1-1/+1
2021-03-24[ci skip] Add SameSite=Strict to CSRF cookieAndrey Andreev1-9/+29
2020-07-09[ci skip] Merge pull request #5970 from sapics/fix/user-guide-urlAndrey Andreev1-1/+1
2020-06-24Fix user guide urlsapics1-1/+1
2019-09-19Merge branch '3.1-stable' into developAndrey Andreev1-0/+1
2019-08-02[ci skip] Fix a CSRF-related bugAndrey Andreev1-0/+1
2019-01-02Merge pull request #5662 from jim-parry/copyright2019Instructor, BCIT1-3/+3
2018-12-27Update copyright date to 2019Jim Parry1-2/+2
2018-05-18http:// to https://Mehdi Bounya1-3/+3
2018-03-22Merge branch '3.1-stable' into developAndrey Andreev1-2/+10
2018-03-15Merge pull request #5431 from CyberSecutor/developAndrey Andreev1-4/+6
2018-03-10[ci skip] Fix #5420Andrey Andreev1-2/+10
2018-03-05Fixed typoRemko Silvis1-1/+1
2018-03-05Added parenthesis check around "document" elements and fixed non-existent doc...Remko Silvis1-3/+5
2018-01-09[ci skip] Merge pull request #5376 from jim-parry/copyright-updateAndrey Andreev1-2/+2
2018-01-09Annual copyright updateMaster Yoda1-2/+2
2017-03-24Merge branch '3.1-stable' into developAndrey Andreev1-2/+2
2017-01-20Don't use each()Andrey Andreev1-2/+2
2017-01-17[ci skip] Merge pull request #4986 from ka7/feature/spellingAndrey Andreev1-1/+1
2017-01-16spelling fixes(1)klemens1-1/+1
2017-01-16spelling fixesklemens1-1/+1
2017-01-10Merge branch '3.1-stable' into developAndrey Andreev1-7/+9
2017-01-04[ci skip] Protect CSRF verification from timing side-channel attacksAndrey Andreev1-6/+8
2017-01-04Fix an XSS vulnerabilityAndrey Andreev1-1/+1
2017-01-03Update copyright data to 2017Master Yoda1-2/+2
2016-12-31Update copyright data to 2017Master Yoda1-2/+2
2016-12-14Move csrf_verify() call out of CI_InputAndrey Andreev1-4/+5
2016-12-14Drop all PHP 5.3-related codeAndrey Andreev1-28/+4
2016-10-28[ci skip] xss_clean() hardeningAndrey Andreev1-10/+11
2016-10-26Fix #4877Andrey Andreev1-5/+29
2016-09-27Fix entity_decode() issueAndrey Andreev1-17/+22
2016-08-29Merge pull request #4785 from guitarrist/developAndrey Andreev1-1/+1
2016-07-28Remove dead code written for PHP 5.2Andrey Andreev1-6/+1
2016-03-07Fix #4475Andrey Andreev1-1/+8
2016-01-11[ci skip] Update ellislab.com links to https tooAndrey Andreev1-1/+1
2016-01-11[ci skip] Update codeigniter.com links to httpsAndrey Andreev1-2/+2
2016-01-11[ci skip] Bump year to 2016Andrey Andreev1-2/+2
2015-11-24Use PHP7's random_bytes() when possibleAndrey Andreev1-0/+16
2015-10-31Harden xss_clean()Andrey Andreev1-27/+39
2015-10-05Some more intrusive XSS cleaningAndrey Andreev1-5/+11
2015-10-02More XSS stuffAndrey Andreev1-1/+1
2015-09-21More XSS stuffAndrey Andreev1-3/+3
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev1-4/+9
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev1-92/+66
2015-09-15Missing character in the evil attributes patternAndrey Andreev1-1/+1
2015-09-14Another addition to tag detection patterns in xss_clean()Andrey Andreev1-1/+4
2015-09-14Add 'eval' to a JS blacklist in xss_clean()Andrey Andreev1-7/+10
2015-09-14Move _remove_evil_attributes() callAndrey Andreev1-4/+3
2015-09-11Harden xss_clean() moreAndrey Andreev1-5/+37