summaryrefslogtreecommitdiffstats
path: root/system/core
AgeCommit message (Collapse)AuthorFilesLines
2014-11-11Fixed return.Razican1-0/+2
Signed-off-by: Razican <admin@razican.com>
2014-11-11Remove URI filter for parenthesis and dollar symbols, as talked in #47.Razican1-7/+0
Signed-off-by: Razican <admin@razican.com>
2014-11-08Really fix #3318Andrey Andreev1-0/+2
2014-11-08Fix #3318Andrey Andreev1-1/+1
2014-11-07Simplify CI_Loader::lang() following #3316Andrey Andreev1-8/+1
2014-11-06Ability to pass array of language files to Language Library similar to ↵Gabriel Potkány1-0/+8
Loader Library
2014-11-04Fix #3310Andrey Andreev1-1/+1
Regression caused by 4b838af40d77684539dd40461bd92e6e453fe675 Quite possibly related to #3308
2014-10-28Add a real exception handlerAndrey Andreev3-9/+77
Close #1590 Close #3200
2014-10-28Close #3292Andrey Andreev1-1/+3
2014-10-27[ci skip] Switch to MIT license; close #3293Andrey Andreev21-294/+525
2014-10-10Fix #3270Andrey Andreev1-5/+2
Related: #3268, 4bdb66759c24c41fefec7952b12a0595a671eaa2
2014-10-07#3253Andrey Andreev1-1/+1
2014-10-07Attempt a better base_url auto-detectionAndrey Andreev1-3/+5
2014-10-06Update a config_item() use case for the new NULL return valueAndrey Andreev1-1/+1
2014-10-06Optimize the composer_autoload checkAndrey Andreev1-1/+1
2014-10-05config_item() to return NULL instead of FALSE for non-existing itemsAndrey Andreev4-11/+15
Close #3001 Close #3232 Related: #3244
2014-10-03fix doc block get_request_header()Adriano Rosa1-1/+1
This method does not return FALSE as said in doc block, the correct return is STRING or NULL.
2014-10-02stream_set_chunk_size() requires PHP 5.4Andrey Andreev2-2/+5
2014-09-30Make sure we don't waste entropyAndrey Andreev2-0/+2
2014-09-28[ci skip] Remove references to 'PHP5' from commentsAndrey Andreev1-1/+1
2014-09-17Fix a defined() checkAndrey Andreev1-1/+1
Close #3233
2014-09-17Don't assume that log_file_permissions existsAndrey Andreev1-1/+1
2014-09-12Fix #3228Andrey Andreev1-2/+0
2014-08-28Fix CI_Security::get_random_bytes() length validationAndrey Andreev1-1/+1
2014-08-27Fix #2963Andrey Andreev2-10/+22
Changed all file permissions settings throught the framework and the documentation. Also added configuration settings for CI_Log and CI_Image_lib
2014-08-27Add CI_Security::get_random_bytes() for CSRF & XSS token generationAndrey Andreev1-7/+54
2014-08-26Upgraded html_escape() - The simplest version.Ivan Tcholakov1-8/+1
2014-08-25Upgrading the function html_escape() - Readability Improvement 2.Ivan Tcholakov1-5/+11
2014-08-25Upgrading the function html_escape() - readability improvement.Ivan Tcholakov1-1/+3
2014-08-25Upgrading the function html_escape() - documentation corrections.Ivan Tcholakov1-4/+3
2014-08-25Upgrading the function html_escape(), escaping twice can be prevented by ↵Ivan Tcholakov1-4/+8
setting the second argument to FALSE.
2014-08-18[ci skip] Polish changes from PR #3176Andrey Andreev1-6/+6
2014-08-18Alter Pull #3176 to follow discussioncaseyh1-4/+4
2014-08-11CSRF whitelist supports regexCasey Hancock1-4/+7
Signed-off-by: Casey Hancock <crh431@gmail.com>
2014-08-05Fix #3123Andrey Andreev1-1/+1
2014-07-14Merge pull request #3134 from kdazzle/patch-1Andrey Andreev1-1/+1
Return 403 instead of 500 if no CSRF token given
2014-07-14Add changelog entry for CSRF status code; remove line at EOFKyle Valade1-1/+1
2014-07-11Add setting ['composer_autoload']Andrey Andreev1-0/+17
Supersedes PR #3132
2014-07-07Fix potential bugs in password_hash(), CI_EncryptionAndrey Andreev1-3/+6
strlen(), substr() are not byte-safe when mbstring.func_overload is enabled
2014-07-07Add a backport (compat) for quoted_printable_encode()Andrey Andreev1-2/+90
2014-07-07Fix a few typos and add a backport (compat) for hex2bin()Andrey Andreev2-3/+50
2014-07-06Return 403 instead of 500 if no CSRF token givenKyle Valade1-2/+2
Not supplying a CSRF token shouldn't return a 500 response because it isn't a server error. The response status code should definitely be in the 400's, because it's the client's fault. And it should be a 403 because the client is forbidden from making that request without the appropriate credential (the CSRF token), though the request may be otherwise valid. http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
2014-06-29Fixed eofGraham Campbell1-1/+1
2014-06-29Fixed typoGraham Campbell1-2/+2
2014-06-21Fix a _potential_ flaw in password_hash()Andrey Andreev1-1/+4
2014-06-12remove the empty line at the end of fileFu Xu1-1/+1
2014-06-12style changeFu Xu1-1/+1
2014-06-12config load bug fixFu Xu1-2/+3
2014-06-12Fix #3101Andrey Andreev1-1/+1
2014-05-31A fix about loading language files - ensuring suffix '_lang' presence properly.Ivan Tcholakov1-1/+1