Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-01-05 | updated copyrights | Derek Jones | 1 | -1/+1 | |
2009-11-05 | added hyphens to allowed characters in GET keys and vals in submitted URLs ↵ | Derek Jones | 1 | -1/+1 | |
in xss_clean() | |||||
2009-07-10 | Fixed a case sensitive string replacement, simplified redundant string ↵ | Derek Jones | 1 | -2/+2 | |
replacement | |||||
2009-04-22 | updated copyrights to 2009 | Derek Jones | 1 | -1/+1 | |
2009-02-05 | ... replaced $CFG->item() with config_item() | Derek Jones | 1 | -4/+2 | |
2009-02-05 | replaced $this->config-> with $CFG-> in ip_address() | Derek Jones | 1 | -2/+4 | |
2009-02-04 | added proxy_ips config item to whitelist reverse proxy servers to use the ↵ | Derek Jones | 1 | -2/+9 | |
HTTP_X_FORWARDED_FOR header safely to determine the visitor's IP address | |||||
2009-02-04 | improvements to xss_clean() | Derek Jones | 1 | -5/+6 | |
2008-12-05 | fixed a bug where whitespace would be lost if a string was forced into a ↵ | Derek Jones | 1 | -1/+1 | |
character entity e.g. &foo you know? would become &foo;you know? instead of &foo; you know? | |||||
2008-11-13 | Changing EOL style to LF | Derek Allard | 1 | -1058/+1058 | |
2008-11-12 | Propset eol-style to CRLF | Derek Jones | 1 | -1058/+1058 | |
simplified paragraph tag cleanup regex | |||||
2008-11-05 | whitespace | Derek Allard | 1 | -1058/+1058 | |
2008-10-17 | syntax simplification for testing first character of string | Derek Jones | 1 | -1/+1 | |
if (substr($ip_segments[0], 0, 1) == '0') to if ($ip_segments[0][0] == '0') | |||||
2008-10-17 | added validation of IP segments to make sure they aren't empty, e.g. 127.0..1 | Derek Jones | 1 | -1/+1 | |
-Derek | |||||
2008-10-17 | removed a global | Rick Ellis | 1 | -1/+1 | |
2008-10-07 | syntax error | Derek Jones | 1 | -1/+1 | |
2008-10-07 | unset $Version, $Path, and $Domain cookie keys, to prevent Disallowed Key ↵ | Derek Jones | 1 | -0/+8 | |
Characters from halting app execution on environments which improperly set these as keys | |||||
2008-09-13 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2008-09-04 | removed random invisible character (ASCII 194) from HTML and PHP files | Derek Jones | 1 | -3/+3 | |
2008-08-27 | added isindex to the list of naughty never allowed tags in xss_clean() | Derek Jones | 1 | -1/+1 | |
2008-08-27 | modified regex for image tag sanitization to retain trailing space and ↵ | Derek Jones | 1 | -1/+1 | |
closing slash to remain valid XHTML | |||||
2008-08-15 | changed entity standardization to require at least two characters after an ↵ | Derek Jones | 1 | -1/+1 | |
ampersand before forcing a semi-colon | |||||
2008-07-03 | re-included URL encoded characters within _remove_invisible_characters() ↵ | Derek Jones | 1 | -1/+3 | |
which were mistakenly pulled out in a previous commit, not released | |||||
2008-07-03 | changed link and image regex to be more precise in matching tags, reducing ↵ | Derek Jones | 1 | -3/+3 | |
false positive matches | |||||
2008-07-01 | Changed regex for onfoo event handlers to prevent unwanted matching of text ↵ | Derek Jones | 1 | -4/+4 | |
such as locatiON, cONtent, etc. | |||||
2008-06-30 | whitespace | Derek Jones | 1 | -1/+0 | |
2008-06-30 | simplified regex for _remove_invisible_characters() - since we ↵ | Derek Jones | 1 | -5/+4 | |
rawurldecode() the string, there's no need to go looking for url encoded characters here | |||||
2008-06-25 | fixed accidental removal of $converted_string in xss_clean() for image ↵ | Derek Jones | 1 | -0/+5 | |
comparison | |||||
2008-06-25 | added a bit of leeway for images to avoid the more common false-positives ↵ | Derek Jones | 1 | -2/+11 | |
that using xss_clean() on image files might trigger | |||||
2008-06-25 | Further improvements to xss_clean() | Derek Jones | 1 | -47/+83 | |
2008-06-20 | Added get_post() to the Input class. | Derek Allard | 1 | -0/+22 | |
Documented get() in the Input class. | |||||
2008-06-04 | picky picky Jones adjusts some syntax | Derek Jones | 1 | -2/+1 | |
2008-06-04 | a few tweaks for speed | Derek Allard | 1 | -3/+4 | |
2008-06-04 | simplified and refactored input filtering and retrieval | Derek Jones | 1 | -97/+32 | |
2008-06-04 | emendation to on* event handler removal | Derek Jones | 1 | -3/+2 | |
2008-05-30 | decided just to kill all on*= event handlers, rather than trying to keep up ↵ | Derek Jones | 1 | -2/+2 | |
with (and require users to do the same) with a blacklist. | |||||
2008-05-30 | moved word compacting to a callback for clarity, added a few js event ↵ | Derek Jones | 1 | -3/+20 | |
handlers for removal | |||||
2008-05-21 | more complete protection against malformed link tags to protect against hex ↵ | Derek Jones | 1 | -13/+25 | |
entities and href=data:url exploits | |||||
2008-05-20 | improved security in xss_clean(), added <audio> and <video> tags to naughty ↵ | Derek Jones | 1 | -22/+14 | |
HTML tags, and the HTML5 event handlers onerror and onended | |||||
2008-05-15 | addition xss protection against certain data urls, stripping of anything ↵ | Derek Jones | 1 | -2/+12 | |
sent with utf-7 encoding | |||||
2008-05-15 | added ability to use xss_clean() to test images, and improved security for ↵ | Derek Jones | 1 | -37/+49 | |
vectors particular to the Opera family of browsers | |||||
2008-05-13 | Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). ↵ | Derek Jones | 1 | -21/+3 | |
You're coming with me, pal! | |||||
2008-05-13 | increased security and performance of xss_clean(), added ↵ | Derek Jones | 1 | -24/+56 | |
_sanitize_naughty_html() callback and removed "never allowed" items to a class property | |||||
2008-05-13 | Some sweeping syntax changes for consistency: | Derek Jones | 1 | -15/+21 | |
(! foo) changed to ( ! foo) || changed to OR changed newline standardization code in various places from preg_replace to str_replace | |||||
2008-05-12 | fixed a misspelling in the Input library of CDATA | Derek Allard | 1 | -1/+1 | |
2008-05-12 | removed an ereg from config | Derek Allard | 1 | -110/+112 | |
added a qualifier to a str_replace for \t in Input changed substr to strncmp in Codeigniter.php and directory_map function added braces in an if statement of unit test Removed "scripts" from the auto-load search path. Scripts were deprecated in Version 1.4.1 (September 21, 2006). If you still need to use them for legacy reasons, they must now be manually loaded in each Controller. | |||||
2008-05-12 | Added protection in xss_clean() for GET variables in URLs | Derek Jones | 1 | -3/+55 | |
http://codeigniter.com/bug_tracker/bug/4167/ | |||||
2008-05-11 | Removed closing PHP tags, replaced with a comment block identifying the end ↵ | Derek Jones | 1 | -1/+3 | |
of the file | |||||
2008-05-11 | Undoing change committed in r1115 | Derek Jones | 1 | -0/+1 | |
2008-05-11 | removed closing PHP tag from all framework files | Derek Jones | 1 | -1/+0 | |