Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2014-10-05 | config_item() to return NULL instead of FALSE for non-existing items | Andrey Andreev | 4 | -11/+15 | |
Close #3001 Close #3232 Related: #3244 | |||||
2014-10-03 | fix doc block get_request_header() | Adriano Rosa | 1 | -1/+1 | |
This method does not return FALSE as said in doc block, the correct return is STRING or NULL. | |||||
2014-10-02 | stream_set_chunk_size() requires PHP 5.4 | Andrey Andreev | 2 | -2/+5 | |
2014-09-30 | Make sure we don't waste entropy | Andrey Andreev | 2 | -0/+2 | |
2014-09-28 | [ci skip] Remove references to 'PHP5' from comments | Andrey Andreev | 1 | -1/+1 | |
2014-09-17 | Fix a defined() check | Andrey Andreev | 1 | -1/+1 | |
Close #3233 | |||||
2014-09-17 | Don't assume that log_file_permissions exists | Andrey Andreev | 1 | -1/+1 | |
2014-09-12 | Fix #3228 | Andrey Andreev | 1 | -2/+0 | |
2014-08-28 | Fix CI_Security::get_random_bytes() length validation | Andrey Andreev | 1 | -1/+1 | |
2014-08-27 | Fix #2963 | Andrey Andreev | 2 | -10/+22 | |
Changed all file permissions settings throught the framework and the documentation. Also added configuration settings for CI_Log and CI_Image_lib | |||||
2014-08-27 | Add CI_Security::get_random_bytes() for CSRF & XSS token generation | Andrey Andreev | 1 | -7/+54 | |
2014-08-26 | Upgraded html_escape() - The simplest version. | Ivan Tcholakov | 1 | -8/+1 | |
2014-08-25 | Upgrading the function html_escape() - Readability Improvement 2. | Ivan Tcholakov | 1 | -5/+11 | |
2014-08-25 | Upgrading the function html_escape() - readability improvement. | Ivan Tcholakov | 1 | -1/+3 | |
2014-08-25 | Upgrading the function html_escape() - documentation corrections. | Ivan Tcholakov | 1 | -4/+3 | |
2014-08-25 | Upgrading the function html_escape(), escaping twice can be prevented by ↵ | Ivan Tcholakov | 1 | -4/+8 | |
setting the second argument to FALSE. | |||||
2014-08-18 | [ci skip] Polish changes from PR #3176 | Andrey Andreev | 1 | -6/+6 | |
2014-08-18 | Alter Pull #3176 to follow discussion | caseyh | 1 | -4/+4 | |
2014-08-11 | CSRF whitelist supports regex | Casey Hancock | 1 | -4/+7 | |
Signed-off-by: Casey Hancock <crh431@gmail.com> | |||||
2014-08-05 | Fix #3123 | Andrey Andreev | 1 | -1/+1 | |
2014-07-14 | Merge pull request #3134 from kdazzle/patch-1 | Andrey Andreev | 1 | -1/+1 | |
Return 403 instead of 500 if no CSRF token given | |||||
2014-07-14 | Add changelog entry for CSRF status code; remove line at EOF | Kyle Valade | 1 | -1/+1 | |
2014-07-11 | Add setting ['composer_autoload'] | Andrey Andreev | 1 | -0/+17 | |
Supersedes PR #3132 | |||||
2014-07-07 | Fix potential bugs in password_hash(), CI_Encryption | Andrey Andreev | 1 | -3/+6 | |
strlen(), substr() are not byte-safe when mbstring.func_overload is enabled | |||||
2014-07-07 | Add a backport (compat) for quoted_printable_encode() | Andrey Andreev | 1 | -2/+90 | |
2014-07-07 | Fix a few typos and add a backport (compat) for hex2bin() | Andrey Andreev | 2 | -3/+50 | |
2014-07-06 | Return 403 instead of 500 if no CSRF token given | Kyle Valade | 1 | -2/+2 | |
Not supplying a CSRF token shouldn't return a 500 response because it isn't a server error. The response status code should definitely be in the 400's, because it's the client's fault. And it should be a 403 because the client is forbidden from making that request without the appropriate credential (the CSRF token), though the request may be otherwise valid. http://en.wikipedia.org/wiki/List_of_HTTP_status_codes | |||||
2014-06-29 | Fixed eof | Graham Campbell | 1 | -1/+1 | |
2014-06-29 | Fixed typo | Graham Campbell | 1 | -2/+2 | |
2014-06-21 | Fix a _potential_ flaw in password_hash() | Andrey Andreev | 1 | -1/+4 | |
2014-06-12 | remove the empty line at the end of file | Fu Xu | 1 | -1/+1 | |
2014-06-12 | style change | Fu Xu | 1 | -1/+1 | |
2014-06-12 | config load bug fix | Fu Xu | 1 | -2/+3 | |
2014-06-12 | Fix #3101 | Andrey Andreev | 1 | -1/+1 | |
2014-05-31 | A fix about loading language files - ensuring suffix '_lang' presence properly. | Ivan Tcholakov | 1 | -1/+1 | |
2014-05-27 | fix callable hooks | Max | 1 | -1/+1 | |
2014-05-27 | fix callable hooks | Max | 1 | -1/+1 | |
2014-05-23 | Fix #3057 | Andrey Andreev | 1 | -66/+62 | |
2014-05-19 | Fix caching of MIME config | vlakoff | 1 | -7/+14 | |
* in get_mimes(): was missing isset() test * in Email->_mimes_types(): static cache of reference was noneffective refs 6ef498b49946ba74d610b3805fb908b163a7f03a | |||||
2014-05-19 | Merge pull request #3053 from vlakoff/get_config | Andrey Andreev | 1 | -7/+4 | |
Simplify code in get_config() | |||||
2014-05-19 | Simplify code in get_config() | vlakoff | 1 | -7/+4 | |
Exact same behavior. The reference was just redundant. | |||||
2014-05-18 | [ci skip] Add a note to CI_Model::__get() (issue #3046) | Andrey Andreev | 1 | -0/+4 | |
2014-05-18 | Adjust docblock of load_class() | vlakoff | 1 | -1/+1 | |
refs c26b9ebb00e29be2e972fece3bcf73d33249a64b | |||||
2014-05-09 | Suppress PHP 5.6 E_DEPRECATED warnings for mbstring.internal_encoding as well | Andrey Andreev | 1 | -1/+3 | |
2014-05-09 | Add hash_equals() to ext/hash compat layer | Andrey Andreev | 1 | -0/+46 | |
Introduced in PHP 5.6 Beta 1 (unfortunately, still undocumented). RFC: https://wiki.php.net/rfc/timing_attack (Yes, I am aware that the RFC talks about hash_compare(), the function was later renamed in the implementation.) | |||||
2014-05-08 | [ci skip] Update a comment for CI_Input::input_stream() | Andrey Andreev | 1 | -2/+2 | |
2014-05-06 | Account for PHP 5.6 changes related to charsets | Andrey Andreev | 1 | -2/+10 | |
2014-05-06 | xss_clean is not protecting GET requests that &item=/startwithslash | Documentopia.com | 1 | -1/+1 | |
/webacd.do?isurlact=true&entactname=/webacd.do becomes /webacd.do?isurlact=true&entactname;=/webacd.do This commit adds / to the regex to it will escape those GET requests related to issue #3030 | |||||
2014-05-01 | Fix a typo | Andrey Andreev | 1 | -1/+1 | |
2014-05-01 | Optimization in CI_URI::_set_uri_string() | Andrey Andreev | 1 | -1/+1 | |