summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
AgeCommit message (Expand)AuthorFilesLines
2017-01-17[ci skip] Merge pull request #4986 from ka7/feature/spellingAndrey Andreev1-1/+1
2017-01-04[ci skip] Protect CSRF verification from timing side-channel attacksAndrey Andreev1-6/+8
2017-01-04Fix an XSS vulnerabilityAndrey Andreev1-1/+1
2017-01-03Update copyright data to 2017Master Yoda1-2/+2
2016-10-28[ci skip] xss_clean() hardeningAndrey Andreev1-10/+11
2016-10-26Fix #4877Andrey Andreev1-5/+29
2016-09-27Fix entity_decode() issueAndrey Andreev1-17/+22
2016-08-29Merge pull request #4785 from guitarrist/developAndrey Andreev1-1/+1
2016-07-28Remove dead code written for PHP 5.2Andrey Andreev1-6/+1
2016-03-07Fix #4475Andrey Andreev1-1/+8
2016-01-11[ci skip] Update ellislab.com links to https tooAndrey Andreev1-1/+1
2016-01-11[ci skip] Update codeigniter.com links to httpsAndrey Andreev1-2/+2
2016-01-11[ci skip] Bump year to 2016Andrey Andreev1-2/+2
2015-11-24Use PHP7's random_bytes() when possibleAndrey Andreev1-0/+16
2015-10-31Harden xss_clean()Andrey Andreev1-27/+39
2015-10-05Some more intrusive XSS cleaningAndrey Andreev1-5/+11
2015-10-02More XSS stuffAndrey Andreev1-1/+1
2015-09-21More XSS stuffAndrey Andreev1-3/+3
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev1-4/+9
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev1-92/+66
2015-09-15Missing character in the evil attributes patternAndrey Andreev1-1/+1
2015-09-14Another addition to tag detection patterns in xss_clean()Andrey Andreev1-1/+4
2015-09-14Add 'eval' to a JS blacklist in xss_clean()Andrey Andreev1-7/+10
2015-09-14Move _remove_evil_attributes() callAndrey Andreev1-4/+3
2015-09-11Harden xss_clean() moreAndrey Andreev1-5/+37
2015-09-11Improve on previous commitAndrey Andreev1-1/+1
2015-09-11Replace the latest XSS patchesAndrey Andreev1-9/+21
2015-09-10Last commit didn't adjust a RE indexAndrey Andreev1-1/+1
2015-09-10Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-2/+2
2015-09-10Fix #4106Andrey Andreev1-2/+2
2015-07-15Fix a TypoMohammad Sadegh Dehghan Niri1-1/+1
2015-03-26Minor fixes in CI_Security::entity_decode()Andrey Andreev1-4/+4
2015-03-26Add FSCommand and seekSegmentTime to evil HTML attributes listAndrey Andreev1-1/+1
2015-02-17Fix #3572: CI_Security::_remove_evil_attributes()Andrey Andreev1-21/+6
2015-02-09Fix #3579Andrey Andreev1-2/+2
2015-01-29fix typo in commentsClaudio Galdiolo1-1/+1
2015-01-21Remove closing blocks at end of PHP filesvlakoff1-3/+0
2015-01-20[ci skip] Change some log messages' levelAndrey Andreev1-4/+3
2015-01-09Bulk (mostly documentation) updateAndrey Andreev1-3/+3
2015-01-09Fix E_WARNING in CI_Security::entity_decode() on PHP<5.3.4Andrey Andreev1-1/+6
2014-12-16Remove trailing newlineJason Taylor1-1/+1
2014-12-16Fix Issue #3417warpcode1-2/+2
2014-12-08Fix 'Array to string conversion' notice in CSRF validationAndrey Andreev1-2/+2
2014-10-27[ci skip] Switch to MIT license; close #3293Andrey Andreev1-14/+25
2014-10-06Update a config_item() use case for the new NULL return valueAndrey Andreev1-1/+1
2014-10-05config_item() to return NULL instead of FALSE for non-existing itemsAndrey Andreev1-3/+3
2014-10-02stream_set_chunk_size() requires PHP 5.4Andrey Andreev1-1/+2
2014-09-30Make sure we don't waste entropyAndrey Andreev1-0/+1
2014-09-28[ci skip] Remove references to 'PHP5' from commentsAndrey Andreev1-1/+1
2014-09-17Fix a defined() checkAndrey Andreev1-1/+1