summaryrefslogtreecommitdiffstats
path: root/system/libraries
AgeCommit message (Collapse)AuthorFilesLines
2010-11-09Altered our mail() params to be inline with PHP documentation, fixes mailing ↵Brandon Jones1-64/+56
on some hosts
2010-10-07Automated merge with https://bitbucket.org/barrymieny/codeigniterDerek Jones3-5/+9
2010-10-07merging changesDerek Jones1-1/+1
2010-10-07modified the security helper to assist in preventing directory traversal ↵Derek Jones1-3/+7
when using sanitize_filename() for user input
2010-10-05fixed bug where sess_expire_on_close was not being set from a config file, ↵Derek Jones1-1/+1
fixes #173
2010-10-04Cleanup of stray spaces and tabsBarry Mieny26-1644/+1644
2010-10-04Fixed linkfesplugas1-1/+1
2010-10-01tweak to typography. Better aesthetic to placement of paragraph tagsDerek Jones1-3/+15
2010-09-15Fixed ↵Greg Aker1-1/+1
http://bitbucket.org/ellislab/codeigniter/issue/38/slight-bug-with-profilerphp Slight tweak to SQL query display in output profiler.
2010-09-15Updates to output profiler html validation. ↵Greg Aker1-6/+6
http://bitbucket.org/ellislab/codeigniter/issue/111/profiler-output-does-not-validate
2010-09-02fixed a spot where the encryption mode was still a hard coded constant ↵Derek Jones1-1/+1
instead of the fetched variable
2010-09-02Added a new config item to the Session class (sess_expire_on_close) to allow ↵Derek Jones1-2/+5
sessions to auto-expire when the browser window is closed.
2010-09-01fixes issue #109 where cc and bcc recipients were not reset when using the ↵Derek Jones1-0/+2
clear() method in the Email lib
2010-08-31Significant changes to the Encryption libraryDerek Jones1-6/+69
- Removed double-encoding with XOR scheme when Mcrypt is available. Additional obfuscation was not significantly aiding security, and came at a very high performance cost. - Changed the default encryption mode from ECB to CBC for much improved security - Added an encode_from_legacy() method to allow re-encoding of permanent data that was originally encoded with the older methods.
2010-08-31Automated merge with http://hg.ellislab.com/CodeIgniter2Derek Jones2-1/+6
2010-08-31fixed spelling error in Security class property for the CSRF cookieDerek Jones1-8/+8
2010-08-31changed key comparison to be loosely typed, so an error would be triggered ↵Derek Jones1-1/+1
when an empty string is attempted to be used as an encryption key
2010-08-31Added fatal error to Session class when no encryption key is set in the ↵Derek Jones1-0/+5
config file, for additional assurance that session manipulation can be prevented
2010-08-20Added ability in the Image Library to handle PNG transparency for resize ↵Derek Jones1-0/+7
operations when using the GD lib.
2010-08-11undoing mistaken changes in rev 8c54b3b0402fDerek Jones1-3/+0
2010-08-11removed redundant upload lang file, after lang name changs, it was blocking ↵Derek Jones1-0/+3
the CI lang file from loading. Fixes #473
2010-07-26separated the CSRF cookie name from the token, forced new token on ↵Derek Jones1-14/+15
successful POST
2010-07-22Adding CSRF into configDerek Allard1-5/+11
Adding CSRF token into form open()
2010-07-22Fixed a bug in the Upload class where a PHP error could occur when wildcards ↵Greg Aker1-2/+2
were used as the allowed_types.
2010-07-12201007 file upload bug fixDerek Jones1-85/+109
2010-07-05suppress page listDerek Allard1-16/+21
2010-07-05Added the ability to suppress first, previous, next and last links by ↵Derek Allard1-11/+17
setting their values to FALSE in the pagination library.
2010-06-09Fixed an undefined variable PHP error in the do_xss_clean() method of the ↵Greg Aker1-7/+7
Upload library.
2010-05-24Added $prefix, $suffix and $first_url properties to Pagination library.Robin Sowell1-6/+30
2010-05-21fixed a bug in the Parser where the regex would not correctly match pair ↵Derek Jones1-1/+1
variables, fixes #42
2010-05-13added htmlspecialchars to config item output, fixes #41Derek Jones1-2/+2
2010-05-11fixed whitespace, massaged Zip read_dir() docsDerek Jones1-2/+2
2010-05-11Added an option to remove the preceding trail of empty folders when creating ↵Phil Sturgeon1-14/+35
a Zip archive.
2010-04-29Changing order of available sections in the output profiler.Greg Aker1-4/+9
2010-04-26fixed errant syntax in changeset 53ace78c4b45, fixes #37Derek Jones1-1/+1
2010-04-26fixed errant syntax in changeset 53ace78c4b45, fixes #37Derek Jones3-8/+8
2010-04-23ensured the security lib was loaded in a few calls to xss_clean() in other ↵Derek Jones3-2/+22
libraries. Fixes #35
2010-04-22reapplied strtolower() to ->file_type from philsturgeon's changeset ↵Derek Jones1-1/+1
5fe3b04bdf44 to standardize input
2010-04-22Some mime types are wrapped with " which breaks file type checking. This ↵Phil Sturgeon1-1/+1
will remove any wrapping \ and "
2010-04-22tiny modification to whitespace from philsturgeon's bugfix to match CI style ↵Derek Jones1-1/+1
guidelines
2010-04-22Fixed Upload bug that would break when files and images were both included ↵Phil Sturgeon1-1/+1
on an allowed filetype list in the wrong order: http://codeigniter.com/bug_tracker/bug/11552/
2010-04-16Added class var xss_clean to the XML_RPC_Response class to prevent php ↵Robin Sowell1-0/+1
error. Not noted in changelog, as I figure it's covered by the original note about adding xss clean at all.
2010-04-15Update to File Upload library to return boolean on do_xss_clean().Greg Aker1-13/+48
2010-04-15Fixing a bug where odbc/mssql/oci8 db drivers would encounter a PHP error ↵Greg Aker1-40/+2
due to a function being moved from the input to security class. Moving remove_invisible_characters() to Common.php so the entire class does not need to be instantiated in those database drivers.
2010-04-15Removing deprecated Validation class.Greg Aker1-875/+0
Form_validation going forward! Removed references to the validation classes documentation page in the changelog as well.
2010-04-07Fixing typo in XMLRpc error message:Greg Aker1-1/+1
http://codeigniter.com/bug_tracker/bug/11556/
2010-04-01Fixing Validation error in output profilerGreg Aker1-4/+0
2010-03-30moved entity_decode() to the Security library to handle an issue with HTML ↵Derek Jones1-3/+52
in input when the global XSS filter is enabled
2010-03-29fixed a bug where a PHP error would result when passing objects as values to ↵Derek Jones1-4/+13
the Session class
2010-03-12Added FTP::download() and the accompanying lang line. This was first ↵Phil Sturgeon1-0/+42
proposed in 2007, can we add it now pleeeeease?