Age | Commit message (Expand) | Author | Files | Lines |
2008-10-07 | unset $Version, $Path, and $Domain cookie keys, to prevent Disallowed Key Cha... | Derek Jones | 1 | -0/+8 |
2008-09-13 | (no commit message) | Rick Ellis | 1 | -1/+1 |
2008-09-04 | removed random invisible character (ASCII 194) from HTML and PHP files | Derek Jones | 1 | -3/+3 |
2008-08-27 | added isindex to the list of naughty never allowed tags in xss_clean() | Derek Jones | 1 | -1/+1 |
2008-08-27 | modified regex for image tag sanitization to retain trailing space and closin... | Derek Jones | 1 | -1/+1 |
2008-08-15 | changed entity standardization to require at least two characters after an am... | Derek Jones | 1 | -1/+1 |
2008-07-03 | re-included URL encoded characters within _remove_invisible_characters() whic... | Derek Jones | 1 | -1/+3 |
2008-07-03 | changed link and image regex to be more precise in matching tags, reducing fa... | Derek Jones | 1 | -3/+3 |
2008-07-01 | Changed regex for onfoo event handlers to prevent unwanted matching of text s... | Derek Jones | 1 | -4/+4 |
2008-06-30 | whitespace | Derek Jones | 1 | -1/+0 |
2008-06-30 | simplified regex for _remove_invisible_characters() - since we rawurldecode()... | Derek Jones | 1 | -5/+4 |
2008-06-25 | fixed accidental removal of $converted_string in xss_clean() for image compar... | Derek Jones | 1 | -0/+5 |
2008-06-25 | added a bit of leeway for images to avoid the more common false-positives tha... | Derek Jones | 1 | -2/+11 |
2008-06-25 | Further improvements to xss_clean() | Derek Jones | 1 | -47/+83 |
2008-06-20 | Added get_post() to the Input class. | Derek Allard | 1 | -0/+22 |
2008-06-04 | picky picky Jones adjusts some syntax | Derek Jones | 1 | -2/+1 |
2008-06-04 | a few tweaks for speed | Derek Allard | 1 | -3/+4 |
2008-06-04 | simplified and refactored input filtering and retrieval | Derek Jones | 1 | -97/+32 |
2008-06-04 | emendation to on* event handler removal | Derek Jones | 1 | -3/+2 |
2008-05-30 | decided just to kill all on*= event handlers, rather than trying to keep up w... | Derek Jones | 1 | -2/+2 |
2008-05-30 | moved word compacting to a callback for clarity, added a few js event handler... | Derek Jones | 1 | -3/+20 |
2008-05-21 | more complete protection against malformed link tags to protect against hex e... | Derek Jones | 1 | -13/+25 |
2008-05-20 | improved security in xss_clean(), added <audio> and <video> tags to naughty H... | Derek Jones | 1 | -22/+14 |
2008-05-15 | addition xss protection against certain data urls, stripping of anything sent... | Derek Jones | 1 | -2/+12 |
2008-05-15 | added ability to use xss_clean() to test images, and improved security for ve... | Derek Jones | 1 | -37/+49 |
2008-05-13 | Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). You'... | Derek Jones | 1 | -21/+3 |
2008-05-13 | increased security and performance of xss_clean(), added _sanitize_naughty_ht... | Derek Jones | 1 | -24/+56 |
2008-05-13 | Some sweeping syntax changes for consistency: | Derek Jones | 1 | -15/+21 |
2008-05-12 | fixed a misspelling in the Input library of CDATA | Derek Allard | 1 | -1/+1 |
2008-05-12 | removed an ereg from config | Derek Allard | 1 | -110/+112 |
2008-05-12 | Added protection in xss_clean() for GET variables in URLs | Derek Jones | 1 | -3/+55 |
2008-05-11 | Removed closing PHP tags, replaced with a comment block identifying the end o... | Derek Jones | 1 | -1/+3 |
2008-05-11 | Undoing change committed in r1115 | Derek Jones | 1 | -0/+1 |
2008-05-11 | removed closing PHP tag from all framework files | Derek Jones | 1 | -1/+0 |
2008-05-05 | Added get_dir_file_info(), get_file_info(), and get_mime_by_extension() to th... | Derek Allard | 1 | -11/+11 |
2008-02-05 | * Fixed a bug (#3396) where certain POST variables would cause a PHP warning. | Derek Jones | 1 | -6/+15 |
2008-02-04 | changed URL decoding implementation of xss_clean() to use rawurldecode() to d... | Derek Jones | 1 | -6/+3 |
2008-01-24 | added CI's global variables to the protected array in_sanitize_globals() | Derek Jones | 1 | -3/+4 |
2008-01-21 | replaced www.codeigniter.com with codeigniter.com | Derek Jones | 1 | -3/+3 |
2008-01-18 | ExpressionEngine Dev Team in credit | Derek Allard | 1 | -2/+2 |
2007-10-04 | Fixed a typo in the docblock comments that had CodeIgniter spelled CodeIgnitor. | Derek Allard | 1 | -1/+1 |
2007-07-16 | Switched from CI super object to $CFG to fetch charset | Derek Jones | 1 | -2/+2 |
2007-07-12 | added attribute and html entity decode callbacks to xss_clean() | Derek Jones | 1 | -11/+69 |
2007-07-12 | further xss_clean() enhancements | Derek Jones | 1 | -30/+67 |
2007-06-28 | (no commit message) | paulburdick | 1 | -1/+0 |
2007-06-28 | *Added filename_security() method to Input library | paulburdick | 1 | -0/+50 |
2007-06-28 | (no commit message) | paulburdick | 1 | -4/+13 |
2007-06-28 | Improved XSS clean to not allowing this: | paulburdick | 1 | -4/+12 |
2007-06-26 | (no commit message) | paulburdick | 1 | -1/+1 |
2007-06-26 | *Updated the XSS Filtering to take into account the IE expression() ability | paulburdick | 1 | -1/+7 |