summaryrefslogtreecommitdiffstats
path: root/system/libraries/Input.php
AgeCommit message (Expand)AuthorFilesLines
2008-10-07unset $Version, $Path, and $Domain cookie keys, to prevent Disallowed Key Cha...Derek Jones1-0/+8
2008-09-13(no commit message)Rick Ellis1-1/+1
2008-09-04removed random invisible character (ASCII 194) from HTML and PHP filesDerek Jones1-3/+3
2008-08-27added isindex to the list of naughty never allowed tags in xss_clean()Derek Jones1-1/+1
2008-08-27modified regex for image tag sanitization to retain trailing space and closin...Derek Jones1-1/+1
2008-08-15changed entity standardization to require at least two characters after an am...Derek Jones1-1/+1
2008-07-03re-included URL encoded characters within _remove_invisible_characters() whic...Derek Jones1-1/+3
2008-07-03changed link and image regex to be more precise in matching tags, reducing fa...Derek Jones1-3/+3
2008-07-01Changed regex for onfoo event handlers to prevent unwanted matching of text s...Derek Jones1-4/+4
2008-06-30whitespaceDerek Jones1-1/+0
2008-06-30simplified regex for _remove_invisible_characters() - since we rawurldecode()...Derek Jones1-5/+4
2008-06-25fixed accidental removal of $converted_string in xss_clean() for image compar...Derek Jones1-0/+5
2008-06-25added a bit of leeway for images to avoid the more common false-positives tha...Derek Jones1-2/+11
2008-06-25Further improvements to xss_clean()Derek Jones1-47/+83
2008-06-20Added get_post() to the Input class.Derek Allard1-0/+22
2008-06-04picky picky Jones adjusts some syntaxDerek Jones1-2/+1
2008-06-04a few tweaks for speedDerek Allard1-3/+4
2008-06-04simplified and refactored input filtering and retrievalDerek Jones1-97/+32
2008-06-04emendation to on* event handler removalDerek Jones1-3/+2
2008-05-30decided just to kill all on*= event handlers, rather than trying to keep up w...Derek Jones1-2/+2
2008-05-30moved word compacting to a callback for clarity, added a few js event handler...Derek Jones1-3/+20
2008-05-21more complete protection against malformed link tags to protect against hex e...Derek Jones1-13/+25
2008-05-20improved security in xss_clean(), added <audio> and <video> tags to naughty H...Derek Jones1-22/+14
2008-05-15addition xss protection against certain data urls, stripping of anything sent...Derek Jones1-2/+12
2008-05-15added ability to use xss_clean() to test images, and improved security for ve...Derek Jones1-37/+49
2008-05-13Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). You'...Derek Jones1-21/+3
2008-05-13increased security and performance of xss_clean(), added _sanitize_naughty_ht...Derek Jones1-24/+56
2008-05-13Some sweeping syntax changes for consistency:Derek Jones1-15/+21
2008-05-12fixed a misspelling in the Input library of CDATADerek Allard1-1/+1
2008-05-12removed an ereg from configDerek Allard1-110/+112
2008-05-12Added protection in xss_clean() for GET variables in URLsDerek Jones1-3/+55
2008-05-11Removed closing PHP tags, replaced with a comment block identifying the end o...Derek Jones1-1/+3
2008-05-11Undoing change committed in r1115Derek Jones1-0/+1
2008-05-11removed closing PHP tag from all framework filesDerek Jones1-1/+0
2008-05-05Added get_dir_file_info(), get_file_info(), and get_mime_by_extension() to th...Derek Allard1-11/+11
2008-02-05* Fixed a bug (#3396) where certain POST variables would cause a PHP warning.Derek Jones1-6/+15
2008-02-04changed URL decoding implementation of xss_clean() to use rawurldecode() to d...Derek Jones1-6/+3
2008-01-24added CI's global variables to the protected array in_sanitize_globals()Derek Jones1-3/+4
2008-01-21replaced www.codeigniter.com with codeigniter.comDerek Jones1-3/+3
2008-01-18ExpressionEngine Dev Team in creditDerek Allard1-2/+2
2007-10-04Fixed a typo in the docblock comments that had CodeIgniter spelled CodeIgnitor.Derek Allard1-1/+1
2007-07-16Switched from CI super object to $CFG to fetch charsetDerek Jones1-2/+2
2007-07-12added attribute and html entity decode callbacks to xss_clean()Derek Jones1-11/+69
2007-07-12further xss_clean() enhancementsDerek Jones1-30/+67
2007-06-28(no commit message)paulburdick1-1/+0
2007-06-28*Added filename_security() method to Input librarypaulburdick1-0/+50
2007-06-28(no commit message)paulburdick1-4/+13
2007-06-28Improved XSS clean to not allowing this:paulburdick1-4/+12
2007-06-26(no commit message)paulburdick1-1/+1
2007-06-26*Updated the XSS Filtering to take into account the IE expression() abilitypaulburdick1-1/+7