summaryrefslogtreecommitdiffstats
path: root/system/core
AgeCommit message (Collapse)AuthorFilesLines
2014-02-20CI_Utf8-related changesAndrey Andreev1-8/+8
- Give priority to mb_convert_encoding() over iconv() in clean_string() (partially fixes #261) - Add more proper unit tests
2014-02-20Don't use error suppression with ini_set()Andrey Andreev1-1/+1
2014-02-19Add compatibility layer for array_column(), array_replace(), ↵Andrey Andreev3-1/+248
array_replace_recursive()
2014-02-19Moved $_error load statement lower.Cristian Kocza1-3/+2
This prevents a possible recursion when an error is trigerred by one of the config file. Also since the variable is used only later in the code it makes sense to move it lower.
2014-02-18Don't load password hashing compat for HHVMAndrey Andreev1-1/+1
2014-02-18Add an ext/hash compatibility layer (just hash_pbkdf2(), for now)Andrey Andreev2-0/+145
2014-02-15[ci skip] Micro-optimizationAndrey Andreev1-1/+1
2014-02-15Rename CI_Utf8::_is_ascii() to is_ascii() and make it publicAndrey Andreev1-4/+2
No reason for it to be protected.
2014-02-13[ci skip] Add index.html to system/core/compat/Andrey Andreev1-0/+10
2014-02-13Fix syntax errorAndrey Andreev1-2/+2
2014-02-13Introducing compatibility layersAndrey Andreev3-0/+366
- Limited support for mbstring (mb_strlen(), mb_strpos(), mb_substr() only) via iconv. Falls back to regular strlen(), strpos(), substr() if iconv is not available. - Password hashing, dependant on CRYPT_BLOWFISH (2y version, available since PHP 5.3.7) availability.
2014-02-12Move mbstring/iconv configuration and MB_ENABLED, ICONV_ENABLED out of ↵Andrey Andreev2-38/+48
CI_Utf8::__construct() Also, use mb_substitute_character() instead of ini_set()
2014-02-11Utf8/iconv/mbstring-related changesAndrey Andreev1-6/+27
2014-02-112013 > 2014darwinel17-17/+17
Update copyright notices from 2013 to 2014. And update one calendar example in user_guide from year 2013/2014 to 2014/2015.
2014-02-10CI_Security: URL-decode until possibleAndrey Andreev1-1/+5
2014-02-10[ci skip] Fix a typoAndrey Andreev1-1/+1
2014-02-10CI_Security: Expect a backslash as a tag separatorAndrey Andreev1-2/+2
2014-02-10CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as ↵Andrey Andreev1-6/+10
javascript, alert
2014-02-08Deprecate CI_Config::system_url()Andrey Andreev1-0/+1
2014-02-08CI_Input tweaksAndrey Andreev1-65/+20
- Make get_post(), post_get() and server()'s parameter mandatory. - Change default value of parameter to NULL for cookie(), input_stream() and _fetch_from_array() (for consistency with get(), post()). - Delegate Array-vs-single and parameter detection to _fetch_from_array() to overall simplify the code.
2014-02-03[ci skip] Update info on function_usableAndrey Andreev1-0/+5
2014-01-30Previous 2 commits were just dumbAndrey Andreev1-2/+2
2014-01-25Add <math> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-25Previous commit caused side effects ...Andrey Andreev1-2/+2
2014-01-25Fix CI_Security::_remove_evil_attributes() being way too aggressiveAndrey Andreev1-2/+2
2014-01-25Re-add 'on\w*' to evil attributes (rel #2667)Andrey Andreev1-2/+1
2014-01-25Partially fix #2667Andrey Andreev1-2/+8
2014-01-24[ci skip] Add a link to PHP bug 54709 in is_really_writable()'s docblockAndrey Andreev1-0/+1
2014-01-24CI_Security: Also add <svg> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-24CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ↵Andrey Andreev1-1/+1
elements
2014-01-24Fix syntax errorsAndrey Andreev1-2/+2
2014-01-24CI_Security: Add 'form' and 'xlink:href' to evil attributesAndrey Andreev1-1/+1
2014-01-24Add &newline; and &tab; to CI_Security::Andrey Andreev1-1/+3
2014-01-22CI_Security::_decode_entity() to replace dangerous HTML5 entitiesAndrey Andreev1-1/+19
Related to issue #2771
2014-01-21Add <button> to the list of 'naugthy' html elements in CI_Security::xss_clean()Andrey Andreev1-2/+2
2014-01-20Fix #2729Andrey Andreev1-2/+3
2014-01-20Merge branch 'develop' into feature/output_compressed_cacheAndrey Andreev1-4/+4
2014-01-18Fix #2829Andrey Andreev1-4/+4
2014-01-18Merge branch 'develop' into feature/output_compressed_cacheAndrey Andreev1-1/+1
2014-01-18Fix 2 Router-related errorsAndrey Andreev1-1/+1
2014-01-18Merge branch 'develop' into feature/output_compressed_cacheAndrey Andreev1-0/+3
2014-01-18Fix CI_URI:: not being properly indexedAndrey Andreev1-0/+3
2014-01-18Merge branch 'develop' into feature/output_compressed_cacheAndrey Andreev5-355/+293
2014-01-18Fix #2827Andrey Andreev1-1/+1
2014-01-17Merge branch 'feature/uri_routing_overhaul' into 'develop'Andrey Andreev3-352/+283
2014-01-17Add autoloading library aliasing support (supersedes PR #2824)Andrey Andreev1-2/+9
2014-01-16URI Routing overhaulAndrey Andreev3-352/+283
- Allow multiple levels of controller directories (supersedes PRs #390, #2439) - Add support for per-directory 'defaul_controller' and '404_override' (resolves issue #2611; supersedes PR #939) - Fixed a bug where default_controller was called instead of triggering 404 if the current route is inside a directory - Removed a few calls from CI_Router to CI_URI that made a necessity for otherwise internal CI_URI methods to be public: - Removed CI_URI::_fetch_uri_string() and moved its logic into CI_URI::__construct() - Removed CI_URI::_remove_url_suffix, CI_URI::_explode_segments() and moved their logic into CI_URI::_set_uri_string() - Removed CI_URI::_reindex_segments() altogether ( doesn't need further manipulation, while is public anyway and can be properly (and more effectively) replaced on the spot)
2014-01-15Fix #2799 by adding conditional PCRE UTF-8 support to CI_URI::filter_uri()Andrey Andreev2-2/+2
Also did a tiny micro-optimization in the Utf8 class.
2014-01-15Merge changes from developAndrey Andreev5-61/+82
2014-01-15Fix #2822: Incorrect usage of fwrite()Andrey Andreev2-15/+41
We only used to check (and not always) if the return value of fwrite() is boolean FALSE, while it is possible that the otherwise returned bytecount is less than the length of data that we're trying to write. This allowed incomplete writes over network streams and possibly a few other edge cases.