summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
AgeCommit message (Collapse)AuthorFilesLines
2014-01-07Fix #2268 (manually implementing PR #2269)Andrey Andreev1-3/+3
2013-10-18Eh ... preg_replace() needs a replacementAndrey Andreev1-2/+2
2013-10-18Fix issue #2681 (alternative to PR #2690)Andrey Andreev1-2/+2
2013-10-17Replace the last rand() with mt_rand()vlakoff1-2/+2
Better entropy, faster. Also fixed a few "it's" typos.
2013-10-03partial fix #2667David Cox Jr1-1/+1
this fixes the ability to replace a space with a / and skip the XSS filtering
2013-08-04Rename bad chars property to filename_bad_chars, remove the setter and add ↵Hunter Wu1-15/+2
changelog entry
2013-08-03Make the bad filename array public in Security libraryHunter Wu1-18/+38
2013-08-03Revert "Add windows filename rule as an option for upload files"Hunter Wu1-32/+19
This reverts commit 23719ab569c9c8d6b791f65d7861daba3895ddcb.
2013-08-01Add windows filename rule as an option for upload filesHunter Wu1-19/+32
2013-03-30Some cleanup related to mt_rand()vlakoff1-2/+1
- min and max values are 0 and mt_getrandmax() by default - remove useless mt_srand() seed calls
2013-01-29Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename()Andrey Andreev1-1/+9
Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73.
2013-01-01[ci skip] Happy new yearAndrey Andreev1-1/+1
2012-12-19[ci skip] Some micro-optimizations and style changesAndrey Andreev1-3/+3
(following PRs #2049, #2079)
2012-12-18Replaced spaces with tabs for indentation and || with ORbrian9781-9/+9
2012-12-18Merge remote-tracking branch 'upstream/develop' into developbrian9781-2/+2
2012-12-17update for Issue #2064 (changed docblocks which return $this or only call a ↵Andrew Podner1-2/+2
method that returns $this to @return CI_DB_class_name)
2012-12-11Modified regexp to match partial tagsbrian9781-2/+2
2012-12-10Removed boundary from regexpbrian9781-1/+1
2012-12-10Fixed bug with regexp that matched tagsbrian9781-1/+1
2012-12-08All the HEX code must be replaced or else some XSS attacks can be successfulbrian9781-3/+11
2012-12-03Added small improvement to the _remove_evil_attributes functionbrian9781-6/+5
Signed-off-by: brian978 <dbrian89@yahoo.com>
2012-12-03[ci skip] Cleaned some spacesAndrey Andreev1-2/+1
2012-11-01Manually apply PR #1594 (fixing phpdoc page-level generation/warnings)Andrey Andreev1-1/+2
Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files.
2012-10-28[ci skip] DocBlock improvements for Security libraryAndrey Andreev1-77/+100
2012-10-24[ci skip] Document get_csrf_token_name(), get_csrf_hash() (issue #715)Andrey Andreev1-1/+1
2012-10-22Add is_https() as a common functionAndrey Andreev1-1/+1
2012-07-02Clean up regexes in Security->xss_clean()vlakoff1-7/+7
Removed some unneeded capturing groups (or made them non-capturing) and some unneeded escape characters
2012-06-26Fix issue #427Andrey Andreev1-0/+13
2012-06-12Change file permissions for system/core/*.php and system/database/DB.php so ↵Andrey Andreev1-0/+0
that they don't differ from the rest
2012-06-04Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5dAndrey Andreev1-1/+1
2012-06-02Replaced `==` with `===` and `!=` with `!==` in /system/coreAlex Bilbie1-4/+4
2012-05-27Continuation for Security and Table code-coverage, add coverage report to travisTaufan Aditya1-0/+1
2012-05-17Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developPhil Sturgeon1-7/+9
2012-05-17Fixed conflicts from merging in 2.1.1.Phil Sturgeon1-1/+1
2012-05-17Cleanup the core classesAndrey Andreev1-8/+10
2012-05-17Check cookie against md5 regex.Alexander Hofstede1-1/+1
Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser.
2012-05-07Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developWes Baker1-48/+52
Conflicts: system/core/Security.php
2012-04-24Updating XSS cleaning to better handle base64 encoded attributes.Wes Baker1-6/+8
2012-04-23Use tabs to separate class propertiesTimothy Warren1-7/+7
2012-04-19Additional formatting fixesTimothy Warren1-42/+42
2012-04-19Normalize comments in core filesTimothy Warren1-4/+7
2012-03-18add support for httponly cookiesfreewil1-1/+9
2012-03-09Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developPhil Sturgeon1-2/+2
2012-03-09Bumped CodeIgniter's PHP requirement to 5.2.4.Phil Sturgeon1-1/+1
Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway...
2012-03-08Fix issue #940Andrey Andreev1-2/+2
2012-02-29Add strtolower to the HTTPS checkAndrey Andreev1-1/+1
2012-02-27Do not create a CSRF cookie if CSRF protection is not enabledAndrey Andreev1-19/+20
2012-01-09Some more stuff ...Andrey Andreev1-17/+6
2012-01-08Remove some tabsAndrey Andreev1-1/+1
2012-01-08Merge remote-tracking branch 'upstream/develop' into develop-core-securityAndrey Andreev1-3/+8