Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2013-03-30 | Some cleanup related to mt_rand() | vlakoff | 1 | -2/+1 | |
- min and max values are 0 and mt_getrandmax() by default - remove useless mt_srand() seed calls | |||||
2013-01-29 | Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename() | Andrey Andreev | 1 | -1/+9 | |
Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73. | |||||
2013-01-01 | [ci skip] Happy new year | Andrey Andreev | 1 | -1/+1 | |
2012-12-19 | [ci skip] Some micro-optimizations and style changes | Andrey Andreev | 1 | -3/+3 | |
(following PRs #2049, #2079) | |||||
2012-12-18 | Replaced spaces with tabs for indentation and || with OR | brian978 | 1 | -9/+9 | |
2012-12-18 | Merge remote-tracking branch 'upstream/develop' into develop | brian978 | 1 | -2/+2 | |
2012-12-17 | update for Issue #2064 (changed docblocks which return $this or only call a ↵ | Andrew Podner | 1 | -2/+2 | |
method that returns $this to @return CI_DB_class_name) | |||||
2012-12-11 | Modified regexp to match partial tags | brian978 | 1 | -2/+2 | |
2012-12-10 | Removed boundary from regexp | brian978 | 1 | -1/+1 | |
2012-12-10 | Fixed bug with regexp that matched tags | brian978 | 1 | -1/+1 | |
2012-12-08 | All the HEX code must be replaced or else some XSS attacks can be successful | brian978 | 1 | -3/+11 | |
2012-12-03 | Added small improvement to the _remove_evil_attributes function | brian978 | 1 | -6/+5 | |
Signed-off-by: brian978 <dbrian89@yahoo.com> | |||||
2012-12-03 | [ci skip] Cleaned some spaces | Andrey Andreev | 1 | -2/+1 | |
2012-11-01 | Manually apply PR #1594 (fixing phpdoc page-level generation/warnings) | Andrey Andreev | 1 | -1/+2 | |
Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files. | |||||
2012-10-28 | [ci skip] DocBlock improvements for Security library | Andrey Andreev | 1 | -77/+100 | |
2012-10-24 | [ci skip] Document get_csrf_token_name(), get_csrf_hash() (issue #715) | Andrey Andreev | 1 | -1/+1 | |
2012-10-22 | Add is_https() as a common function | Andrey Andreev | 1 | -1/+1 | |
2012-07-02 | Clean up regexes in Security->xss_clean() | vlakoff | 1 | -7/+7 | |
Removed some unneeded capturing groups (or made them non-capturing) and some unneeded escape characters | |||||
2012-06-26 | Fix issue #427 | Andrey Andreev | 1 | -0/+13 | |
2012-06-12 | Change file permissions for system/core/*.php and system/database/DB.php so ↵ | Andrey Andreev | 1 | -0/+0 | |
that they don't differ from the rest | |||||
2012-06-04 | Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d | Andrey Andreev | 1 | -1/+1 | |
2012-06-02 | Replaced `==` with `===` and `!=` with `!==` in /system/core | Alex Bilbie | 1 | -4/+4 | |
2012-05-27 | Continuation for Security and Table code-coverage, add coverage report to travis | Taufan Aditya | 1 | -0/+1 | |
2012-05-17 | Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop | Phil Sturgeon | 1 | -7/+9 | |
2012-05-17 | Fixed conflicts from merging in 2.1.1. | Phil Sturgeon | 1 | -1/+1 | |
2012-05-17 | Cleanup the core classes | Andrey Andreev | 1 | -8/+10 | |
2012-05-17 | Check cookie against md5 regex. | Alexander Hofstede | 1 | -1/+1 | |
Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser. | |||||
2012-05-07 | Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop | Wes Baker | 1 | -48/+52 | |
Conflicts: system/core/Security.php | |||||
2012-04-24 | Updating XSS cleaning to better handle base64 encoded attributes. | Wes Baker | 1 | -6/+8 | |
2012-04-23 | Use tabs to separate class properties | Timothy Warren | 1 | -7/+7 | |
2012-04-19 | Additional formatting fixes | Timothy Warren | 1 | -42/+42 | |
2012-04-19 | Normalize comments in core files | Timothy Warren | 1 | -4/+7 | |
2012-03-18 | add support for httponly cookies | freewil | 1 | -1/+9 | |
2012-03-09 | Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop | Phil Sturgeon | 1 | -2/+2 | |
2012-03-09 | Bumped CodeIgniter's PHP requirement to 5.2.4. | Phil Sturgeon | 1 | -1/+1 | |
Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway... | |||||
2012-03-08 | Fix issue #940 | Andrey Andreev | 1 | -2/+2 | |
2012-02-29 | Add strtolower to the HTTPS check | Andrey Andreev | 1 | -1/+1 | |
2012-02-27 | Do not create a CSRF cookie if CSRF protection is not enabled | Andrey Andreev | 1 | -19/+20 | |
2012-01-09 | Some more stuff ... | Andrey Andreev | 1 | -17/+6 | |
2012-01-08 | Remove some tabs | Andrey Andreev | 1 | -1/+1 | |
2012-01-08 | Merge remote-tracking branch 'upstream/develop' into develop-core-security | Andrey Andreev | 1 | -3/+8 | |
2012-01-08 | Merge pull request #850 from RS71/develop | Phil Sturgeon | 1 | -3/+8 | |
CSRF optional token regeneration | |||||
2012-01-07 | Improve the core Security library | Andrey Andreev | 1 | -155/+99 | |
2012-01-02 | Updating copyright date to 2012 | Greg Aker | 1 | -1/+1 | |
2011-12-31 | Update system/core/Security.php | RS71 | 1 | -3/+8 | |
2011-12-25 | Fixing soft tabs in a few files. | Greg Aker | 1 | -1/+1 | |
2011-11-22 | Merge master (2.1.0) and fixed conflicts. | Phil Sturgeon | 1 | -25/+39 | |
2011-11-14 | Tweaking the xss filter for IE <comment> tags, parameter injection, and ↵ | Pascal Kriete | 1 | -50/+41 | |
weird html5 attributes. | |||||
2011-10-20 | adding new license file (OSL 3.0) and updating readme to ReST | Derek Jones | 1 | -4/+16 | |
added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change | |||||
2011-10-05 | Fix location file Security Class to core folder | purwandi | 1 | -1/+1 | |