summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
AgeCommit message (Collapse)AuthorFilesLines
2013-03-30Some cleanup related to mt_rand()vlakoff1-2/+1
- min and max values are 0 and mt_getrandmax() by default - remove useless mt_srand() seed calls
2013-01-29Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename()Andrey Andreev1-1/+9
Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73.
2013-01-01[ci skip] Happy new yearAndrey Andreev1-1/+1
2012-12-19[ci skip] Some micro-optimizations and style changesAndrey Andreev1-3/+3
(following PRs #2049, #2079)
2012-12-18Replaced spaces with tabs for indentation and || with ORbrian9781-9/+9
2012-12-18Merge remote-tracking branch 'upstream/develop' into developbrian9781-2/+2
2012-12-17update for Issue #2064 (changed docblocks which return $this or only call a ↵Andrew Podner1-2/+2
method that returns $this to @return CI_DB_class_name)
2012-12-11Modified regexp to match partial tagsbrian9781-2/+2
2012-12-10Removed boundary from regexpbrian9781-1/+1
2012-12-10Fixed bug with regexp that matched tagsbrian9781-1/+1
2012-12-08All the HEX code must be replaced or else some XSS attacks can be successfulbrian9781-3/+11
2012-12-03Added small improvement to the _remove_evil_attributes functionbrian9781-6/+5
Signed-off-by: brian978 <dbrian89@yahoo.com>
2012-12-03[ci skip] Cleaned some spacesAndrey Andreev1-2/+1
2012-11-01Manually apply PR #1594 (fixing phpdoc page-level generation/warnings)Andrey Andreev1-1/+2
Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files.
2012-10-28[ci skip] DocBlock improvements for Security libraryAndrey Andreev1-77/+100
2012-10-24[ci skip] Document get_csrf_token_name(), get_csrf_hash() (issue #715)Andrey Andreev1-1/+1
2012-10-22Add is_https() as a common functionAndrey Andreev1-1/+1
2012-07-02Clean up regexes in Security->xss_clean()vlakoff1-7/+7
Removed some unneeded capturing groups (or made them non-capturing) and some unneeded escape characters
2012-06-26Fix issue #427Andrey Andreev1-0/+13
2012-06-12Change file permissions for system/core/*.php and system/database/DB.php so ↵Andrey Andreev1-0/+0
that they don't differ from the rest
2012-06-04Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5dAndrey Andreev1-1/+1
2012-06-02Replaced `==` with `===` and `!=` with `!==` in /system/coreAlex Bilbie1-4/+4
2012-05-27Continuation for Security and Table code-coverage, add coverage report to travisTaufan Aditya1-0/+1
2012-05-17Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developPhil Sturgeon1-7/+9
2012-05-17Fixed conflicts from merging in 2.1.1.Phil Sturgeon1-1/+1
2012-05-17Cleanup the core classesAndrey Andreev1-8/+10
2012-05-17Check cookie against md5 regex.Alexander Hofstede1-1/+1
Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser.
2012-05-07Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developWes Baker1-48/+52
Conflicts: system/core/Security.php
2012-04-24Updating XSS cleaning to better handle base64 encoded attributes.Wes Baker1-6/+8
2012-04-23Use tabs to separate class propertiesTimothy Warren1-7/+7
2012-04-19Additional formatting fixesTimothy Warren1-42/+42
2012-04-19Normalize comments in core filesTimothy Warren1-4/+7
2012-03-18add support for httponly cookiesfreewil1-1/+9
2012-03-09Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developPhil Sturgeon1-2/+2
2012-03-09Bumped CodeIgniter's PHP requirement to 5.2.4.Phil Sturgeon1-1/+1
Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway...
2012-03-08Fix issue #940Andrey Andreev1-2/+2
2012-02-29Add strtolower to the HTTPS checkAndrey Andreev1-1/+1
2012-02-27Do not create a CSRF cookie if CSRF protection is not enabledAndrey Andreev1-19/+20
2012-01-09Some more stuff ...Andrey Andreev1-17/+6
2012-01-08Remove some tabsAndrey Andreev1-1/+1
2012-01-08Merge remote-tracking branch 'upstream/develop' into develop-core-securityAndrey Andreev1-3/+8
2012-01-08Merge pull request #850 from RS71/developPhil Sturgeon1-3/+8
CSRF optional token regeneration
2012-01-07Improve the core Security libraryAndrey Andreev1-155/+99
2012-01-02Updating copyright date to 2012Greg Aker1-1/+1
2011-12-31Update system/core/Security.phpRS711-3/+8
2011-12-25Fixing soft tabs in a few files.Greg Aker1-1/+1
2011-11-22Merge master (2.1.0) and fixed conflicts.Phil Sturgeon1-25/+39
2011-11-14Tweaking the xss filter for IE <comment> tags, parameter injection, and ↵Pascal Kriete1-50/+41
weird html5 attributes.
2011-10-20adding new license file (OSL 3.0) and updating readme to ReSTDerek Jones1-4/+16
added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change
2011-10-05Fix location file Security Class to core folderpurwandi1-1/+1