summaryrefslogtreecommitdiffstats
path: root/system/libraries
AgeCommit message (Collapse)AuthorFilesLines
2008-05-21more complete protection against malformed link tags to protect against hex ↵Derek Jones1-13/+25
entities and href=data:url exploits
2008-05-21customizable query stringDerek Allard1-6/+21
2008-05-21Added support for query strings to the Pagination class, automatically ↵Derek Allard1-2/+11
detected or explicitly declared.
2008-05-20improved security in xss_clean(), added <audio> and <video> tags to naughty ↵Derek Jones1-22/+14
HTML tags, and the HTML5 event handlers onerror and onended
2008-05-16changed foreach() reindexing of segment arrays to array_unshift() - teensy ↵Derek Jones1-15/+2
tiny memory and speed improvement.
2008-05-16fixed regular expression in Image lib, CI bug #4542Derek Jones1-1/+1
2008-05-15addition xss protection against certain data urls, stripping of anything ↵Derek Jones1-2/+12
sent with utf-7 encoding
2008-05-15added ability to use xss_clean() to test images, and improved security for ↵Derek Jones1-37/+49
vectors particular to the Opera family of browsers
2008-05-14Set the mime type check in the Upload class to reference the global mimes ↵Derek Allard1-1/+3
variable.
2008-05-14force closing tag on eval() for servers not running short_open_tagsDerek Jones1-1/+1
2008-05-13Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). ↵Derek Jones1-21/+3
You're coming with me, pal!
2008-05-13increased security and performance of xss_clean(), added ↵Derek Jones1-24/+56
_sanitize_naughty_html() callback and removed "never allowed" items to a class property
2008-05-13The Zip class has undergone a substantial re-write for speed and clarityDerek Allard1-120/+101
2008-05-13Some sweeping syntax changes for consistency:Derek Jones32-360/+384
(! foo) changed to ( ! foo) || changed to OR changed newline standardization code in various places from preg_replace to str_replace
2008-05-13adjusted eval() statement in Loader to accommodate servers with ↵Derek Jones1-1/+1
short_open_tag disabled with the new change of removing closing PHP tags from files
2008-05-13minor source formattingDerek Allard2-22/+22
2008-05-13preg_split changed to explodeDerek Allard1-165/+165
2008-05-13substr checks swapped out with strncmpDerek Allard1-16/+72
{ braces } added around if and for statements
2008-05-12fixed a misspelling in the Input library of CDATADerek Allard1-1/+1
2008-05-12removed an ereg from configDerek Allard4-124/+125
added a qualifier to a str_replace for \t in Input changed substr to strncmp in Codeigniter.php and directory_map function added braces in an if statement of unit test Removed "scripts" from the auto-load search path. Scripts were deprecated in Version 1.4.1 (September 21, 2006). If you still need to use them for legacy reasons, they must now be manually loaded in each Controller.
2008-05-12Added protection in xss_clean() for GET variables in URLsDerek Jones1-3/+55
http://codeigniter.com/bug_tracker/bug/4167/
2008-05-12changed $xmlrpcDateTime property to all lowercase 'datetime.iso8601' so it ↵Derek Jones1-3/+3
can be recognized as a valid XML-RPC type http://codeigniter.com/bug_tracker/bug/4153/
2008-05-12fixed a bug that would lead to a PHP notice error of array to string ↵Derek Jones1-2/+4
conversion in prep_for_form() http://codeigniter.com/bug_tracker/bug/4425/
2008-05-12changed overlay_watermark() to check for an alpha value before applying the ↵Derek Jones1-6/+19
image to help support PNG-24s with alpha transparency http://codeigniter.com/bug_tracker/bug/4506/
2008-05-11Removed closing PHP tags, replaced with a comment block identifying the end ↵Derek Jones32-32/+96
of the file
2008-05-11Undoing change committed in r1115Derek Jones32-0/+32
2008-05-11removed closing PHP tag from all framework filesDerek Jones32-32/+0
2008-05-09added dot transformation to body of email when sending via SMTPDerek Jones1-2/+3
2008-05-08removed extraneous error message from Upload lib on failure of ↵Derek Jones1-1/+1
validate_upload_path() http://codeigniter.com/bug_tracker/bug/4390/
2008-05-08added 'object' key to the XML-RPCS config allowing the passing of a class ↵Derek Jones1-6/+18
object for method calls that aren't part of the CI super object
2008-05-08Fixed a bug where $data was not being converted to an array properly in ↵Derek Jones1-1/+1
set_rules() http://codeigniter.com/bug_tracker/bug/4220/
2008-05-08Fixed bug with recursive deletes in delete_dir()Derek Jones1-3/+3
http://codeigniter.com/bug_tracker/bug/4215/
2008-05-07removed SCRIPT_NAME from path provided by ORIG_PATH_INFO to remove the path ↵Derek Jones1-1/+2
and script name from the URI data (bug #3191)
2008-05-06Fixed a bug in the table library that could cause identically constructed ↵Derek Allard1-2/+1
rows to be dropped (#3459).
2008-05-06DB Forge is now assigned to any models that exist after loading (#3457).Derek Allard1-0/+2
2008-05-05tweak to the new fopen mode constant namesDerek Jones4-4/+4
2008-05-05implemented fopen mode constantsDerek Jones4-4/+4
2008-05-05Added get_dir_file_info(), get_file_info(), and get_mime_by_extension() to ↵Derek Allard31-251/+251
the File Helper. Changed ( ! condition) into (! condition) within the code
2008-05-01The Zip class now exits within download().Derek Allard1-1/+1
2008-04-29Added a valid_emails rule to the Validation class.Derek Allard1-0/+27
2008-04-26Unit Testing results are now colour coded, and a change was made to the ↵Derek Allard2-26/+38
default template of results.
2008-04-22Added the ability to set CRLF settings via config in the Email class.Derek Allard1-0/+20
Added SVN commit number to changelog Fixed more guide typos and examples
2008-04-14added check to make sure the URI path is not constructed entirely of slashes ↵Derek Jones1-4/+4
in URI::_fetch_uri_string()
2008-04-04added constants.php file and implemented constants for file system modesDerek Jones3-8/+8
2008-04-04include() vs include_once() allows for multiple views with the same nameDerek Allard1-1/+1
2008-03-18changed include into include_onceDerek Allard1-10/+10
2008-03-18added hashing to prevent client side data tampering to sessionsDerek Allard1-0/+20
2008-03-17added filename prepping in the Upload library to prevent files with multiple ↵Derek Jones1-1/+41
extensions to potentially be parsed as a script by Apache
2008-03-05restore a commentDerek Allard1-2/+8
2008-02-27added improved check for controller method access so that CI does not ↵Derek Jones1-2/+2
attempt to load private or protected controller methods added controller/method details to framework initiated 404 pages for logging