summaryrefslogtreecommitdiffstats
path: root/system/core
AgeCommit message (Collapse)AuthorFilesLines
2014-10-06Optimize the composer_autoload checkAndrey Andreev1-1/+1
2014-10-05config_item() to return NULL instead of FALSE for non-existing itemsAndrey Andreev4-11/+15
Close #3001 Close #3232 Related: #3244
2014-10-03fix doc block get_request_header()Adriano Rosa1-1/+1
This method does not return FALSE as said in doc block, the correct return is STRING or NULL.
2014-10-02stream_set_chunk_size() requires PHP 5.4Andrey Andreev2-2/+5
2014-09-30Make sure we don't waste entropyAndrey Andreev2-0/+2
2014-09-28[ci skip] Remove references to 'PHP5' from commentsAndrey Andreev1-1/+1
2014-09-17Fix a defined() checkAndrey Andreev1-1/+1
Close #3233
2014-09-17Don't assume that log_file_permissions existsAndrey Andreev1-1/+1
2014-09-12Fix #3228Andrey Andreev1-2/+0
2014-08-28Fix CI_Security::get_random_bytes() length validationAndrey Andreev1-1/+1
2014-08-27Fix #2963Andrey Andreev2-10/+22
Changed all file permissions settings throught the framework and the documentation. Also added configuration settings for CI_Log and CI_Image_lib
2014-08-27Add CI_Security::get_random_bytes() for CSRF & XSS token generationAndrey Andreev1-7/+54
2014-08-26Upgraded html_escape() - The simplest version.Ivan Tcholakov1-8/+1
2014-08-25Upgrading the function html_escape() - Readability Improvement 2.Ivan Tcholakov1-5/+11
2014-08-25Upgrading the function html_escape() - readability improvement.Ivan Tcholakov1-1/+3
2014-08-25Upgrading the function html_escape() - documentation corrections.Ivan Tcholakov1-4/+3
2014-08-25Upgrading the function html_escape(), escaping twice can be prevented by ↵Ivan Tcholakov1-4/+8
setting the second argument to FALSE.
2014-08-18[ci skip] Polish changes from PR #3176Andrey Andreev1-6/+6
2014-08-18Alter Pull #3176 to follow discussioncaseyh1-4/+4
2014-08-11CSRF whitelist supports regexCasey Hancock1-4/+7
Signed-off-by: Casey Hancock <crh431@gmail.com>
2014-08-05Fix #3123Andrey Andreev1-1/+1
2014-07-14Merge pull request #3134 from kdazzle/patch-1Andrey Andreev1-1/+1
Return 403 instead of 500 if no CSRF token given
2014-07-14Add changelog entry for CSRF status code; remove line at EOFKyle Valade1-1/+1
2014-07-11Add setting ['composer_autoload']Andrey Andreev1-0/+17
Supersedes PR #3132
2014-07-07Fix potential bugs in password_hash(), CI_EncryptionAndrey Andreev1-3/+6
strlen(), substr() are not byte-safe when mbstring.func_overload is enabled
2014-07-07Add a backport (compat) for quoted_printable_encode()Andrey Andreev1-2/+90
2014-07-07Fix a few typos and add a backport (compat) for hex2bin()Andrey Andreev2-3/+50
2014-07-06Return 403 instead of 500 if no CSRF token givenKyle Valade1-2/+2
Not supplying a CSRF token shouldn't return a 500 response because it isn't a server error. The response status code should definitely be in the 400's, because it's the client's fault. And it should be a 403 because the client is forbidden from making that request without the appropriate credential (the CSRF token), though the request may be otherwise valid. http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
2014-06-29Fixed eofGraham Campbell1-1/+1
2014-06-29Fixed typoGraham Campbell1-2/+2
2014-06-21Fix a _potential_ flaw in password_hash()Andrey Andreev1-1/+4
2014-06-12remove the empty line at the end of fileFu Xu1-1/+1
2014-06-12style changeFu Xu1-1/+1
2014-06-12config load bug fixFu Xu1-2/+3
2014-06-12Fix #3101Andrey Andreev1-1/+1
2014-05-31A fix about loading language files - ensuring suffix '_lang' presence properly.Ivan Tcholakov1-1/+1
2014-05-27fix callable hooksMax1-1/+1
2014-05-27fix callable hooksMax1-1/+1
2014-05-23Fix #3057Andrey Andreev1-66/+62
2014-05-19Fix caching of MIME configvlakoff1-7/+14
* in get_mimes(): was missing isset() test * in Email->_mimes_types(): static cache of reference was noneffective refs 6ef498b49946ba74d610b3805fb908b163a7f03a
2014-05-19Merge pull request #3053 from vlakoff/get_configAndrey Andreev1-7/+4
Simplify code in get_config()
2014-05-19Simplify code in get_config()vlakoff1-7/+4
Exact same behavior. The reference was just redundant.
2014-05-18[ci skip] Add a note to CI_Model::__get() (issue #3046)Andrey Andreev1-0/+4
2014-05-18Adjust docblock of load_class()vlakoff1-1/+1
refs c26b9ebb00e29be2e972fece3bcf73d33249a64b
2014-05-09Suppress PHP 5.6 E_DEPRECATED warnings for mbstring.internal_encoding as wellAndrey Andreev1-1/+3
2014-05-09Add hash_equals() to ext/hash compat layerAndrey Andreev1-0/+46
Introduced in PHP 5.6 Beta 1 (unfortunately, still undocumented). RFC: https://wiki.php.net/rfc/timing_attack (Yes, I am aware that the RFC talks about hash_compare(), the function was later renamed in the implementation.)
2014-05-08[ci skip] Update a comment for CI_Input::input_stream()Andrey Andreev1-2/+2
2014-05-06Account for PHP 5.6 changes related to charsetsAndrey Andreev1-2/+10
2014-05-06xss_clean is not protecting GET requests that &item=/startwithslashDocumentopia.com1-1/+1
/webacd.do?isurlact=true&entactname=/webacd.do becomes /webacd.do?isurlact=true&entactname;=/webacd.do This commit adds / to the regex to it will escape those GET requests related to issue #3030
2014-05-01Fix a typoAndrey Andreev1-1/+1