Filebin - The software behind paste.xinu.at

Age	Commit message (Collapse)	Author	Files	Lines
2008-05-20	improved security in xss_clean(), added <audio> and <video> tags to naughty ↵	Derek Jones	1	-22/+14
	HTML tags, and the HTML5 event handlers onerror and onended
2008-05-15	addition xss protection against certain data urls, stripping of anything ↵	Derek Jones	1	-2/+12
	sent with utf-7 encoding
2008-05-15	added ability to use xss_clean() to test images, and improved security for ↵	Derek Jones	1	-37/+49
	vectors particular to the Opera family of browsers
2008-05-13	Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). ↵	Derek Jones	1	-21/+3
	You're coming with me, pal!
2008-05-13	increased security and performance of xss_clean(), added ↵	Derek Jones	1	-24/+56
	_sanitize_naughty_html() callback and removed "never allowed" items to a class property
2008-05-13	Some sweeping syntax changes for consistency:	Derek Jones	1	-15/+21
	(! foo) changed to ( ! foo) \|\| changed to OR changed newline standardization code in various places from preg_replace to str_replace
2008-05-12	fixed a misspelling in the Input library of CDATA	Derek Allard	1	-1/+1

2008-05-12	removed an ereg from config	Derek Allard	1	-110/+112
	added a qualifier to a str_replace for \t in Input changed substr to strncmp in Codeigniter.php and directory_map function added braces in an if statement of unit test Removed "scripts" from the auto-load search path. Scripts were deprecated in Version 1.4.1 (September 21, 2006). If you still need to use them for legacy reasons, they must now be manually loaded in each Controller.
2008-05-12	Added protection in xss_clean() for GET variables in URLs	Derek Jones	1	-3/+55
	http://codeigniter.com/bug_tracker/bug/4167/
2008-05-11	Removed closing PHP tags, replaced with a comment block identifying the end ↵	Derek Jones	1	-1/+3
	of the file
2008-05-11	Undoing change committed in r1115	Derek Jones	1	-0/+1

2008-05-11	removed closing PHP tag from all framework files	Derek Jones	1	-1/+0

2008-05-05	Added get_dir_file_info(), get_file_info(), and get_mime_by_extension() to ↵	Derek Allard	1	-11/+11
	the File Helper. Changed ( ! condition) into (! condition) within the code
2008-02-05	* Fixed a bug (#3396) where certain POST variables would cause a PHP warning.	Derek Jones	1	-6/+15
	* Added $_SERVER, $_FILES, $_ENV, and $_SESSION to sanitization of globals.
2008-02-04	changed URL decoding implementation of xss_clean() to use rawurldecode() to ↵	Derek Jones	1	-6/+3
	discontinue misconversion of characters to bad entities, and to continue avoidance of unwanted removal of + signs
2008-01-24	added CI's global variables to the protected array in_sanitize_globals()	Derek Jones	1	-3/+4

2008-01-21	replaced www.codeigniter.com with codeigniter.com	Derek Jones	1	-3/+3

2008-01-18	ExpressionEngine Dev Team in credit	Derek Allard	1	-2/+2

2007-10-04	Fixed a typo in the docblock comments that had CodeIgniter spelled CodeIgnitor.	Derek Allard	1	-1/+1

2007-07-16	Switched from CI super object to $CFG to fetch charset	Derek Jones	1	-2/+2

2007-07-12	added attribute and html entity decode callbacks to xss_clean()	Derek Jones	1	-11/+69

2007-07-12	further xss_clean() enhancements	Derek Jones	1	-30/+67

2007-06-28	(no commit message)	paulburdick	1	-1/+0

2007-06-28	*Added filename_security() method to Input library	paulburdick	1	-0/+50
	*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.
2007-06-28	(no commit message)	paulburdick	1	-4/+13

2007-06-28	Improved XSS clean to not allowing this:	paulburdick	1	-4/+12
	xss_clean("<x<xss>ss <scr<xss>ipt a='>'>alert/*/('!');///</script</script >>");
2007-06-26	(no commit message)	paulburdick	1	-1/+1

2007-06-26	*Updated the XSS Filtering to take into account the IE expression() ability	paulburdick	1	-1/+7

2007-06-12	(no commit message)	Rick Ellis	1	-1/+1

2007-06-12	(no commit message)	Rick Ellis	1	-1/+1

2007-06-12	(no commit message)	Rick Ellis	1	-1/+1

2007-06-11	(no commit message)	Rick Ellis	1	-19/+17

2007-06-09	(no commit message)	Rick Ellis	1	-7/+10

2007-05-04	Modified XSS Cleaning routine to be more performance friendly and compatible ↵	Derek Jones	1	-8/+47
	with PHP 5.2's new PCRE backtrack and recursion limits. - replaced link and image tag javascript sanitization preg_replace()'s with callback functions to avoid excessive backtracks on strings with many links / image tags.
2007-04-15	update pMachine to EllisLab	Derek Allard	1	-2/+2
	update copyright year update Code Igniter to CodeIgniter
2007-03-01	function post() duplicated, changed the second to function get()	Derek Allard	1	-1/+1

2007-02-26	(no commit message)	Rick Ellis	1	-1/+73

2007-02-01	removed unescaped variable that could be used in XSS	Derek Allard	1	-639/+639

2007-01-13	(no commit message)	paulburdick	1	-8/+26

2006-11-20	(no commit message)	Rick Ellis	1	-2/+4

2006-11-01	(no commit message)	admin	1	-1/+0

2006-10-21	(no commit message)	admin	1	-19/+19

2006-10-21	(no commit message)	admin	1	-6/+6

2006-10-10	(no commit message)	admin	1	-2/+3

2006-10-08	(no commit message)	admin	1	-14/+50

2006-10-03	(no commit message)	admin	1	-65/+51

2006-10-03	(no commit message)	admin	1	-2/+15

2006-09-28	(no commit message)	admin	1	-1/+1

2006-09-21	(no commit message)	admin	1	-1/+1

2006-08-25	Initial Import	admin	1	-0/+585