summaryrefslogtreecommitdiffstats
path: root/system/core
AgeCommit message (Collapse)AuthorFilesLines
2016-02-15Don't apply url_suffix, permitted_uri_chars to CLI requestsAndrey Andreev1-50/+68
Close #4085 Close #4460
2016-02-09Merge pull request #4323 from ↵Andrey Andreev1-3/+20
jspreddy/sai/log_line_formatting_extensibility_change Refactored CI_Log line formatting to allow extensibility
2016-02-08Doc block formatting change.Sai Phaninder Reddy Jonnala1-4/+3
2016-01-26Merge branch '3.0-stable' into developAndrey Andreev1-1/+1
2016-01-20[ci skip] Fix a documentation error on output cache timesAndrey Andreev1-1/+1
2016-01-15Code styling changes as suggested by narfbgSai Phaninder Reddy Jonnala1-8/+10
2016-01-13[ci skip] Mark the start of 3.0.5 developmentAndrey Andreev1-1/+1
2016-01-11[ci skip] Merge branch '3.0-stable' into developAndrey Andreev21-21/+21
2016-01-11[ci skip] Update ellislab.com links to https tooAndrey Andreev21-21/+21
2016-01-11Merge branch '3.0-stable' into developAndrey Andreev21-42/+42
2016-01-11[ci skip] Update codeigniter.com links to httpsAndrey Andreev21-42/+42
2016-01-11Merge branch '3.0-stable' into developAndrey Andreev21-42/+42
2016-01-11[ci skip] Bump year to 2016Andrey Andreev21-42/+42
2016-01-11Merge branch '3.0-stable' into developAndrey Andreev1-1/+31
Resolved conflicts: system/database/drivers/mysql/mysql_driver.php system/database/drivers/mysqli/mysqli_driver.php
2016-01-04Fix #4350Andrey Andreev1-1/+31
2015-12-21fixing my blatant mistakes in styling the codeSai Phaninder Reddy Jonnala1-6/+6
2015-12-21Refactoring the `CI_Log` line formattingSai Phaninder Reddy Jonnala1-1/+17
- Extracting the `CI_Log` line formatting into a protected function `_format_log_line()` so as to make it easy to change the log line format via extending the class and overriding the method.
2015-12-14Merge branch '3.0-stable' into developAndrey Andreev1-0/+16
2015-12-07Merge pull request #4291 from b-kaxa/fix-phpdocAndrey Andreev2-1/+2
[ci skip] phpdoc adjustments in CI_Router and CI_URI
2015-12-07replace spaces with tabsb-kaxa1-1/+1
2015-12-06fix phpdocb-kaxa2-1/+2
2015-11-24Use PHP7's random_bytes() when possibleAndrey Andreev1-0/+16
Close #4260
2015-11-09Merge pull request #4217 from natesilva/fix-ipv6-base_urlAndrey Andreev1-1/+10
Build base_url correctly if SERVER_ADDR is IPv6
2015-11-06Minor formatting: add empty line after else closeNate Silva1-0/+1
2015-11-06Tweak to match CI coding styleNate Silva1-1/+1
2015-11-06Simpler way to detect an IPv6 address (strpos)Nate Silva1-1/+1
2015-11-05Build base_url correctly if SERVER_ADDR is IPv6Nate Silva1-1/+9
2015-11-04Merge branch '3.0-stable' into developAndrey Andreev3-32/+47
2015-11-04[ci skip] Start of 3.0.4 developmentAndrey Andreev1-1/+1
2015-10-31[ci skip] Update changelog, version & upgrade instructionsAndrey Andreev1-1/+1
2015-10-31Prevent Host header injectionsAndrey Andreev1-4/+2
2015-10-31Harden xss_clean()Andrey Andreev1-27/+39
2015-10-30Fix #3201Andrey Andreev1-1/+6
2015-10-12Merge branch '3.0-stable' into developAndrey Andreev6-111/+163
2015-10-12[ci skip] This is 3.0.3-devAndrey Andreev1-1/+1
2015-10-08[ci skip] Prepare 3.0.2 releaseAndrey Andreev1-1/+1
2015-10-05Some more intrusive XSS cleaningAndrey Andreev1-5/+11
2015-10-02More XSS stuffAndrey Andreev1-1/+1
2015-09-24Fix #4137Andrey Andreev1-1/+1
2015-09-21More XSS stuffAndrey Andreev1-3/+3
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev1-4/+9
This was a regression caused by the previous commit
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev1-92/+66
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes().
2015-09-15Missing character in the evil attributes patternAndrey Andreev1-1/+1
2015-09-14Another addition to tag detection patterns in xss_clean()Andrey Andreev1-1/+4
2015-09-14Close #4098Andrey Andreev1-2/+18
2015-09-14Fix #4109Andrey Andreev1-20/+22
2015-09-14Add 'eval' to a JS blacklist in xss_clean()Andrey Andreev1-7/+10
2015-09-14Move _remove_evil_attributes() callAndrey Andreev1-4/+3
2015-09-11Harden xss_clean() moreAndrey Andreev1-5/+37
This time eliminate false positives for the 'naughty html' logic.
2015-09-11Improve on previous commitAndrey Andreev1-1/+1
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-07-13 07:07:57 +0200