Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
- Allow multiple levels of controller directories (supersedes PRs #390, #2439)
- Add support for per-directory 'defaul_controller' and '404_override' (resolves issue #2611; supersedes PR #939)
- Fixed a bug where default_controller was called instead of triggering 404 if the current route is inside a directory
- Removed a few calls from CI_Router to CI_URI that made a necessity for otherwise internal CI_URI methods to be public:
- Removed CI_URI::_fetch_uri_string() and moved its logic into CI_URI::__construct()
- Removed CI_URI::_remove_url_suffix, CI_URI::_explode_segments() and moved their logic into CI_URI::_set_uri_string()
- Removed CI_URI::_reindex_segments() altogether ( doesn't need further manipulation, while is
public anyway and can be properly (and more effectively) replaced on the spot)
|
|
Also did a tiny micro-optimization in the Utf8 class.
|
|
We only used to check (and not always) if the return value of fwrite() is boolean FALSE,
while it is possible that the otherwise returned bytecount is less than the length of
data that we're trying to write. This allowed incomplete writes over network streams
and possibly a few other edge cases.
|
|
- Initialize and cache the value in the class constructor instead of searching for it every time
- Removed the preg_quote() call from _filter_uri() to allow more fine-tuning from configuration
- Renamed _filter_uri() to filter_uri() - it was public anyway and using it cannot break anything
Related: issue #2799
|
|
! fwrite() could trigger false-positives as it is possible for it to return 0
instead of boolean FALSE. (issue #2822)
Also removed an unnecessary log level check that caused an extra space to be inserted
for the INFO level. (proposed in PR #2821)
|
|
|
|
Added ['standardize_newlines']
Also altered the Session cookie driver, which experienced issues with this
feature due to it's HMAC verification failing after the Input class alters
newlines in non-encrypted session cookies.
Supersedes PR #2470
|
|
When ['global_xss_filtering'] was turned on, the , , &
superglobals were automatically overwritten. This resulted in one of the following problems:
- xss_clean() being called twice
- Inability to retrieve the original (not filtered) value
XSS filtering is now only applied on demand by the Input class, and the default value for
the parameter in CI_Input methods is changed to NULL. Unless a boolean value is
passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering']
value.
|
|
CI_Input::_clean_input_data() assumed that all input data is URL-encoded while sanitizing it.
However, PHP already performs URL-decoding on it, so this is either redudant or overly
intrusive as it resulted in many, many reports of data containing '%' followed by 1 numeric
characters being essentially destroyed.
Supersedes PR #1229
|
|
|
|
|
|
|
|
|
|
Requested in issue #2165
Supersedes PR #2319
|
|
|
|
parameters mandatory and fix a docblock
|
|
delete_cookie()'s first (name) parameter mandatory
|
|
|
|
|
|
|
|
|
|
|
|
require(APPPATH.'config/constants.php') should be in front of require(BASEPATH.'core/Common.php') because Common.php uses some constants defined in constants.php.
|
|
It was only relevant until we dropped support for PHP < 5.2
|
|
requests (issue #1743)
|
|
replace it
Calls to this function are often needed before the Input library is available
|
|
|
|
Enable HTTP Verb in Routing
|
|
Fix code style, removed (:any) rule in http verb to avoid confusion, and
add proposed documentation and changelog
|
|
Using array for HTTP Verb
e.g:
$route['(:any)']['POST'] = "controller/post_method";
$route['path']['GET'] = "controller/path_get_method";
$route['path']['(:any)'] = "controller/path_any_method";
Using (:any) or not will make same result
e.g: $route['path']['(:any)'] == $route['path']
So it won't break existing route
|
|
|
|
|
|
|
|
regexp patterns
|
|
Let's keep the implementation logic in one place.
Improves 2023c3d05b042cf1322286d69557c2b8bf3bd8d5.
|
|
|
|
|
|
|
|
|
|
Better entropy, faster.
Also fixed a few "it's" typos.
|
|
|
|
|
|
|
|
Add return type for view loader.
|
|
this fixes the ability to replace a space with a /
and skip the XSS filtering
|
|
delimiter used for regex bounds found in neg. lookahead
causes error using @ delimiter now for this expression
|
|
When _ci_return is TRUE.
|