summaryrefslogtreecommitdiffstats
path: root/system/libraries/Input.php
AgeCommit message (Expand)AuthorFilesLines
2009-02-05... replaced $CFG->item() with config_item()Derek Jones1-4/+2
2009-02-05replaced $this->config-> with $CFG-> in ip_address()Derek Jones1-2/+4
2009-02-04added proxy_ips config item to whitelist reverse proxy servers to use the HTT...Derek Jones1-2/+9
2009-02-04improvements to xss_clean()Derek Jones1-5/+6
2008-12-05fixed a bug where whitespace would be lost if a string was forced into a char...Derek Jones1-1/+1
2008-11-13Changing EOL style to LFDerek Allard1-1058/+1058
2008-11-12Propset eol-style to CRLFDerek Jones1-1058/+1058
2008-11-05whitespaceDerek Allard1-1058/+1058
2008-10-17syntax simplification for testing first character of stringDerek Jones1-1/+1
2008-10-17added validation of IP segments to make sure they aren't empty, e.g. 127.0..1Derek Jones1-1/+1
2008-10-17removed a globalRick Ellis1-1/+1
2008-10-07syntax errorDerek Jones1-1/+1
2008-10-07unset $Version, $Path, and $Domain cookie keys, to prevent Disallowed Key Cha...Derek Jones1-0/+8
2008-09-13(no commit message)Rick Ellis1-1/+1
2008-09-04removed random invisible character (ASCII 194) from HTML and PHP filesDerek Jones1-3/+3
2008-08-27added isindex to the list of naughty never allowed tags in xss_clean()Derek Jones1-1/+1
2008-08-27modified regex for image tag sanitization to retain trailing space and closin...Derek Jones1-1/+1
2008-08-15changed entity standardization to require at least two characters after an am...Derek Jones1-1/+1
2008-07-03re-included URL encoded characters within _remove_invisible_characters() whic...Derek Jones1-1/+3
2008-07-03changed link and image regex to be more precise in matching tags, reducing fa...Derek Jones1-3/+3
2008-07-01Changed regex for onfoo event handlers to prevent unwanted matching of text s...Derek Jones1-4/+4
2008-06-30whitespaceDerek Jones1-1/+0
2008-06-30simplified regex for _remove_invisible_characters() - since we rawurldecode()...Derek Jones1-5/+4
2008-06-25fixed accidental removal of $converted_string in xss_clean() for image compar...Derek Jones1-0/+5
2008-06-25added a bit of leeway for images to avoid the more common false-positives tha...Derek Jones1-2/+11
2008-06-25Further improvements to xss_clean()Derek Jones1-47/+83
2008-06-20Added get_post() to the Input class.Derek Allard1-0/+22
2008-06-04picky picky Jones adjusts some syntaxDerek Jones1-2/+1
2008-06-04a few tweaks for speedDerek Allard1-3/+4
2008-06-04simplified and refactored input filtering and retrievalDerek Jones1-97/+32
2008-06-04emendation to on* event handler removalDerek Jones1-3/+2
2008-05-30decided just to kill all on*= event handlers, rather than trying to keep up w...Derek Jones1-2/+2
2008-05-30moved word compacting to a callback for clarity, added a few js event handler...Derek Jones1-3/+20
2008-05-21more complete protection against malformed link tags to protect against hex e...Derek Jones1-13/+25
2008-05-20improved security in xss_clean(), added <audio> and <video> tags to naughty H...Derek Jones1-22/+14
2008-05-15addition xss protection against certain data urls, stripping of anything sent...Derek Jones1-2/+12
2008-05-15added ability to use xss_clean() to test images, and improved security for ve...Derek Jones1-37/+49
2008-05-13Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). You'...Derek Jones1-21/+3
2008-05-13increased security and performance of xss_clean(), added _sanitize_naughty_ht...Derek Jones1-24/+56
2008-05-13Some sweeping syntax changes for consistency:Derek Jones1-15/+21
2008-05-12fixed a misspelling in the Input library of CDATADerek Allard1-1/+1
2008-05-12removed an ereg from configDerek Allard1-110/+112
2008-05-12Added protection in xss_clean() for GET variables in URLsDerek Jones1-3/+55
2008-05-11Removed closing PHP tags, replaced with a comment block identifying the end o...Derek Jones1-1/+3
2008-05-11Undoing change committed in r1115Derek Jones1-0/+1
2008-05-11removed closing PHP tag from all framework filesDerek Jones1-1/+0
2008-05-05Added get_dir_file_info(), get_file_info(), and get_mime_by_extension() to th...Derek Allard1-11/+11
2008-02-05* Fixed a bug (#3396) where certain POST variables would cause a PHP warning.Derek Jones1-6/+15
2008-02-04changed URL decoding implementation of xss_clean() to use rawurldecode() to d...Derek Jones1-6/+3
2008-01-24added CI's global variables to the protected array in_sanitize_globals()Derek Jones1-3/+4