Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2013-03-30 | Some cleanup related to mt_rand() | vlakoff | 1 | -1/+0 | |
- min and max values are 0 and mt_getrandmax() by default - remove useless mt_srand() seed calls | |||||
2013-02-19 | Fix a code comment in Upload->_file_mime_type() | vlakoff | 1 | -2/+2 | |
Availability of dangerous functions is now tested using function_usable(). | |||||
2013-02-15 | Various cosmetic fixes | vlakoff | 1 | -2/+2 | |
2013-01-29 | Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename() | Andrey Andreev | 1 | -48/+2 | |
Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73. | |||||
2013-01-28 | Remove str_replace in return | gommarah | 1 | -1/+1 | |
2013-01-28 | Upload library, clean_file_name function: Fix xss bug. | gommarah | 1 | -0/+7 | |
For example: If you clear this string "%%3f3f" according to the $bad array will fail. The result will be "%3f" Because str_replace() replaces left to right. Signed-off-by: xeptor <servetozkan@live.com> | |||||
2013-01-01 | [ci skip] Happy new year | Andrey Andreev | 1 | -1/+1 | |
2012-12-03 | Add min_width and min_height options to the Upload class | Andrey Andreev | 1 | -0/+52 | |
(manually implementing outdated PR #636) | |||||
2012-12-03 | [ci skip] Cleaned some spaces | Andrey Andreev | 1 | -1/+0 | |
2012-11-07 | Added function_usable() to common functions | Andrey Andreev | 1 | -3/+3 | |
It is now used to check whether dangerous functions like eval() and exec() are available. It appears that the Suhosin extension (which is becoming popular) terminates script execution instead of returning e.g. FALSE when it has a function blacklisted. function_exists() checks are insufficient and our only option is to check the ini settings here. Filed an issue here: https://github.com/stefanesser/suhosin/issues/18 ... hopefully we'll be able to deal with this in a more elegant way in the future. (this commit supersedes PR #1809) | |||||
2012-11-01 | [ci skip] DocBlocks for Upload and Xmlrpc libraries | Andrey Andreev | 1 | -31/+203 | |
Partially fixes issue #1295 | |||||
2012-11-01 | Manually apply PR #1594 (fixing phpdoc page-level generation/warnings) | Andrey Andreev | 1 | -1/+2 | |
Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files. | |||||
2012-10-24 | [ci skip] style and phpdoc-related changes (rel #1295) | Andrey Andreev | 1 | -1/+3 | |
2012-06-16 | Add an option to disable MIME detection in the Upload library (issue #1494) | Andrey Andreev | 1 | -3/+13 | |
2012-06-11 | fixes | Michiel Vugteveen | 1 | -1/+1 | |
2012-06-11 | fixes | Michiel Vugteveen | 1 | -3/+3 | |
2012-06-11 | tab fixes | Michiel Vugteveen | 1 | -9/+9 | |
2012-06-11 | get upload data with index key | Michiel Vugteveen | 1 | -11/+19 | |
2012-06-07 | Remove some unnecessary function_exists() checks and some minor improvements | Andrey Andreev | 1 | -13/+7 | |
2012-06-05 | Added get_mimes() function to system/core/Commons.php.The MIMEs array from ↵ | Andrey Andreev | 1 | -19/+2 | |
config/mimes.php is used by multiple core classes, libraries and helpers and each of them has implemented an own way of getting it, which is not needed and is hard to maintain. This also fixes issue #1411 | |||||
2012-06-04 | Direct return from mimes config, instead of using global $mimes; | Phil Sturgeon | 1 | -4/+2 | |
Global variables are generally a terrible idea, especially for something as simple as this. The mimes.php now returns an array instead of just injecting a variable name into the global namespace. | |||||
2012-06-04 | Revert/optimize some changes from 773ccc318f2769c9b7579630569b5d8ba47b114b ↵ | Andrey Andreev | 1 | -2/+2 | |
and d261b1e89c3d4d5191036d5a5660ef6764e593a0 | |||||
2012-06-02 | Replaced `==` with `===` and `!=` with `!==` in /system/libraries | Alex Bilbie | 1 | -14/+14 | |
2012-05-24 | Fix issues #44 & #110 | Andrey Andreev | 1 | -0/+2 | |
2012-05-17 | Clean up the libraries | Andrey Andreev | 1 | -2/+2 | |
2012-05-11 | Fix issue #1349 | Andrey Andreev | 1 | -1/+1 | |
2012-05-05 | Added a return false if an image doesn't pass XSS cleaning to prevent ↵ | Wes Baker | 1 | -1/+5 | |
file_get_contents from returning a NULL and passing through unscathed. | |||||
2012-03-26 | Remove access description lines and cleanup the Upload library | Andrey Andreev | 1 | -182/+146 | |
2012-03-09 | Bumped CodeIgniter's PHP requirement to 5.2.4. | Phil Sturgeon | 1 | -1/+1 | |
Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway... | |||||
2012-03-04 | Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop | Phil Sturgeon | 1 | -10/+8 | |
2012-03-04 | Merged conflicts. | Phil Sturgeon | 1 | -1/+1 | |
2012-03-03 | Fixed a bug - CI_Upload::_file_mime_type() could've failed if popen() is ↵ | tubalmartin | 1 | -1/+1 | |
used for the detection. | |||||
2012-03-01 | Fix issue #153 (E_NOTICE generated by getimagesize()) | Andrey Andreev | 1 | -9/+7 | |
2012-02-29 | removed double slash | Michiel Vugteveen | 1 | -1/+1 | |
2012-02-29 | Merged in 2.1-stable changes. | Phil Sturgeon | 1 | -23/+80 | |
2012-01-02 | Updating copyright date to 2012 | Greg Aker | 1 | -1/+1 | |
2011-12-27 | Revert "Abstracting the loading of files in the config directory depending ↵ | Greg Aker | 1 | -5/+10 | |
on environments." This reverts commit 5c1aa631c5f5ec2f6b75ba1158178418e50ba11a. | |||||
2011-12-25 | Abstracting the loading of files in the config directory depending on ↵ | Greg Aker | 1 | -10/+5 | |
environments. | |||||
2011-12-21 | Also replace old-style 'var' with 'public' | Andrey Andreev | 1 | -2/+2 | |
2011-12-19 | Add method visibility declarations and optimize display_errors() method in ↵ | Andrey Andreev | 1 | -8/+2 | |
Image_lib, Trackback and Upload libraries | |||||
2011-12-13 | Tweak MIME regular expression check again | Andrey Andreev | 1 | -1/+1 | |
2011-12-11 | Fix regular expression for validating MIME type string | Andrey Andreev | 1 | -1/+1 | |
2011-12-09 | Improve CI_Upload::_file_mime_type() | Andrey Andreev | 1 | -24/+78 | |
2011-12-02 | Update a comment, just to be clearer | Andrey Andreev | 1 | -1/+1 | |
2011-12-02 | Hotfix for a file type detection bug in the Upload library | Andrey Andreev | 1 | -2/+5 | |
2011-11-23 | tmp_path does not exists, should be tmp_name | Michiel Vugteveen | 1 | -1/+1 | |
2011-11-22 | Merge master (2.1.0) and fixed conflicts. | Phil Sturgeon | 1 | -2/+2 | |
2011-10-27 | Change Windows OS detection approach | Andrey Andreev | 1 | -1/+1 | |
2011-10-27 | Fix an erroneus variable name and a typo in comments | Andrey Andreev | 1 | -2/+2 | |
2011-10-27 | Fix alignment with tabs instead of spaces | Andrey Andreev | 1 | -1/+1 | |