Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-07-02 | Clean up regexes in Security->xss_clean() | vlakoff | 1 | -7/+7 | |
Removed some unneeded capturing groups (or made them non-capturing) and some unneeded escape characters | |||||
2012-06-26 | Fix issue #427 | Andrey Andreev | 1 | -0/+13 | |
2012-06-12 | Change file permissions for system/core/*.php and system/database/DB.php so ↵ | Andrey Andreev | 1 | -0/+0 | |
that they don't differ from the rest | |||||
2012-06-04 | Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d | Andrey Andreev | 1 | -1/+1 | |
2012-06-02 | Replaced `==` with `===` and `!=` with `!==` in /system/core | Alex Bilbie | 1 | -4/+4 | |
2012-05-27 | Continuation for Security and Table code-coverage, add coverage report to travis | Taufan Aditya | 1 | -0/+1 | |
2012-05-17 | Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop | Phil Sturgeon | 1 | -7/+9 | |
2012-05-17 | Fixed conflicts from merging in 2.1.1. | Phil Sturgeon | 1 | -1/+1 | |
2012-05-17 | Cleanup the core classes | Andrey Andreev | 1 | -8/+10 | |
2012-05-17 | Check cookie against md5 regex. | Alexander Hofstede | 1 | -1/+1 | |
Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser. | |||||
2012-05-07 | Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop | Wes Baker | 1 | -48/+52 | |
Conflicts: system/core/Security.php | |||||
2012-04-24 | Updating XSS cleaning to better handle base64 encoded attributes. | Wes Baker | 1 | -6/+8 | |
2012-04-23 | Use tabs to separate class properties | Timothy Warren | 1 | -7/+7 | |
2012-04-19 | Additional formatting fixes | Timothy Warren | 1 | -42/+42 | |
2012-04-19 | Normalize comments in core files | Timothy Warren | 1 | -4/+7 | |
2012-03-18 | add support for httponly cookies | freewil | 1 | -1/+9 | |
2012-03-09 | Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop | Phil Sturgeon | 1 | -2/+2 | |
2012-03-09 | Bumped CodeIgniter's PHP requirement to 5.2.4. | Phil Sturgeon | 1 | -1/+1 | |
Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway... | |||||
2012-03-08 | Fix issue #940 | Andrey Andreev | 1 | -2/+2 | |
2012-02-29 | Add strtolower to the HTTPS check | Andrey Andreev | 1 | -1/+1 | |
2012-02-27 | Do not create a CSRF cookie if CSRF protection is not enabled | Andrey Andreev | 1 | -19/+20 | |
2012-01-09 | Some more stuff ... | Andrey Andreev | 1 | -17/+6 | |
2012-01-08 | Remove some tabs | Andrey Andreev | 1 | -1/+1 | |
2012-01-08 | Merge remote-tracking branch 'upstream/develop' into develop-core-security | Andrey Andreev | 1 | -3/+8 | |
2012-01-08 | Merge pull request #850 from RS71/develop | Phil Sturgeon | 1 | -3/+8 | |
CSRF optional token regeneration | |||||
2012-01-07 | Improve the core Security library | Andrey Andreev | 1 | -155/+99 | |
2012-01-02 | Updating copyright date to 2012 | Greg Aker | 1 | -1/+1 | |
2011-12-31 | Update system/core/Security.php | RS71 | 1 | -3/+8 | |
2011-12-25 | Fixing soft tabs in a few files. | Greg Aker | 1 | -1/+1 | |
2011-11-22 | Merge master (2.1.0) and fixed conflicts. | Phil Sturgeon | 1 | -25/+39 | |
2011-11-14 | Tweaking the xss filter for IE <comment> tags, parameter injection, and ↵ | Pascal Kriete | 1 | -50/+41 | |
weird html5 attributes. | |||||
2011-10-20 | adding new license file (OSL 3.0) and updating readme to ReST | Derek Jones | 1 | -4/+16 | |
added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change | |||||
2011-10-05 | Fix location file Security Class to core folder | purwandi | 1 | -1/+1 | |
2011-10-04 | Clean up core Security class | Andrey Andreev | 1 | -50/+19 | |
2011-09-25 | Fix #484 - Hash is never set to the cookie | Chris Berthe | 1 | -1/+2 | |
2011-09-23 | fixed issue #192 | Rommel Castro A | 1 | -0/+1 | |
2011-08-28 | always use charset config item | freewil | 1 | -2/+9 | |
2011-08-28 | always use charset config item | freewil | 1 | -1/+2 | |
2011-08-25 | Merge remote-tracking branch 'alexbilbie/csrf-override' into feature/csrf-verify | Eric Barnes | 1 | -6/+20 | |
Conflicts: system/core/Security.php | |||||
2011-08-21 | Added new config parameter "csrf_exclude_uris" which allows for URIs to be ↵ | Alex Bilbie | 1 | -1/+11 | |
whitelisted from CSRF verification. Fixes #149 | |||||
2011-08-15 | Added some docs to CI core files | David Behler | 1 | -44/+87 | |
2011-07-02 | backed out 648b42a75739, which was a NON-trivial whitespace commit. It ↵ | Derek Jones | 1 | -52/+52 | |
broke the Typography class's string replacements, for instance | |||||
2011-07-02 | backed out 648b42a75739, which was a NON-trivial whitespace commit. It ↵ | Derek Jones | 1 | -52/+52 | |
broke the Typography class's string replacements, for instance | |||||
2011-04-25 | Fixed double-space typo. | Razican | 1 | -52/+52 | |
2011-04-20 | Change in core/Security.php to match coding standards. | Greg Aker | 1 | -1/+2 | |
2011-04-11 | Fix: codeigniter-reactor/199 cookie name was overwritten with token name | patwork | 1 | -2/+4 | |
2011-04-09 | Fix: codeigniter-reactor/199 CSRF config in Security class is no longer ignored | patwork | 1 | -1/+10 | |
2011-04-05 | Moving security to core. | Pascal Kriete | 1 | -0/+820 | |