summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
AgeCommit message (Collapse)AuthorFilesLines
2012-07-02Clean up regexes in Security->xss_clean()vlakoff1-7/+7
Removed some unneeded capturing groups (or made them non-capturing) and some unneeded escape characters
2012-06-26Fix issue #427Andrey Andreev1-0/+13
2012-06-12Change file permissions for system/core/*.php and system/database/DB.php so ↵Andrey Andreev1-0/+0
that they don't differ from the rest
2012-06-04Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5dAndrey Andreev1-1/+1
2012-06-02Replaced `==` with `===` and `!=` with `!==` in /system/coreAlex Bilbie1-4/+4
2012-05-27Continuation for Security and Table code-coverage, add coverage report to travisTaufan Aditya1-0/+1
2012-05-17Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developPhil Sturgeon1-7/+9
2012-05-17Fixed conflicts from merging in 2.1.1.Phil Sturgeon1-1/+1
2012-05-17Cleanup the core classesAndrey Andreev1-8/+10
2012-05-17Check cookie against md5 regex.Alexander Hofstede1-1/+1
Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser.
2012-05-07Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developWes Baker1-48/+52
Conflicts: system/core/Security.php
2012-04-24Updating XSS cleaning to better handle base64 encoded attributes.Wes Baker1-6/+8
2012-04-23Use tabs to separate class propertiesTimothy Warren1-7/+7
2012-04-19Additional formatting fixesTimothy Warren1-42/+42
2012-04-19Normalize comments in core filesTimothy Warren1-4/+7
2012-03-18add support for httponly cookiesfreewil1-1/+9
2012-03-09Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developPhil Sturgeon1-2/+2
2012-03-09Bumped CodeIgniter's PHP requirement to 5.2.4.Phil Sturgeon1-1/+1
Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway...
2012-03-08Fix issue #940Andrey Andreev1-2/+2
2012-02-29Add strtolower to the HTTPS checkAndrey Andreev1-1/+1
2012-02-27Do not create a CSRF cookie if CSRF protection is not enabledAndrey Andreev1-19/+20
2012-01-09Some more stuff ...Andrey Andreev1-17/+6
2012-01-08Remove some tabsAndrey Andreev1-1/+1
2012-01-08Merge remote-tracking branch 'upstream/develop' into develop-core-securityAndrey Andreev1-3/+8
2012-01-08Merge pull request #850 from RS71/developPhil Sturgeon1-3/+8
CSRF optional token regeneration
2012-01-07Improve the core Security libraryAndrey Andreev1-155/+99
2012-01-02Updating copyright date to 2012Greg Aker1-1/+1
2011-12-31Update system/core/Security.phpRS711-3/+8
2011-12-25Fixing soft tabs in a few files.Greg Aker1-1/+1
2011-11-22Merge master (2.1.0) and fixed conflicts.Phil Sturgeon1-25/+39
2011-11-14Tweaking the xss filter for IE <comment> tags, parameter injection, and ↵Pascal Kriete1-50/+41
weird html5 attributes.
2011-10-20adding new license file (OSL 3.0) and updating readme to ReSTDerek Jones1-4/+16
added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change
2011-10-05Fix location file Security Class to core folderpurwandi1-1/+1
2011-10-04Clean up core Security classAndrey Andreev1-50/+19
2011-09-25Fix #484 - Hash is never set to the cookieChris Berthe1-1/+2
2011-09-23fixed issue #192Rommel Castro A1-0/+1
2011-08-28always use charset config itemfreewil1-2/+9
2011-08-28always use charset config itemfreewil1-1/+2
2011-08-25Merge remote-tracking branch 'alexbilbie/csrf-override' into feature/csrf-verifyEric Barnes1-6/+20
Conflicts: system/core/Security.php
2011-08-21Added new config parameter "csrf_exclude_uris" which allows for URIs to be ↵Alex Bilbie1-1/+11
whitelisted from CSRF verification. Fixes #149
2011-08-15Added some docs to CI core filesDavid Behler1-44/+87
2011-07-02backed out 648b42a75739, which was a NON-trivial whitespace commit. It ↵Derek Jones1-52/+52
broke the Typography class's string replacements, for instance
2011-07-02backed out 648b42a75739, which was a NON-trivial whitespace commit. It ↵Derek Jones1-52/+52
broke the Typography class's string replacements, for instance
2011-04-25Fixed double-space typo.Razican1-52/+52
2011-04-20Change in core/Security.php to match coding standards.Greg Aker1-1/+2
2011-04-11Fix: codeigniter-reactor/199 cookie name was overwritten with token namepatwork1-2/+4
2011-04-09Fix: codeigniter-reactor/199 CSRF config in Security class is no longer ignoredpatwork1-1/+10
2011-04-05Moving security to core.Pascal Kriete1-0/+820