Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2008-08-15 | changed entity standardization to require at least two characters after an ↵ | Derek Jones | 1 | -1/+1 | |
ampersand before forcing a semi-colon | |||||
2008-08-12 | (no commit message) | Rick Ellis | 1 | -2/+2 | |
2008-08-12 | Added support for libraries in subdirectories | Rick Ellis | 1 | -2/+22 | |
2008-08-06 | added killing of nulls to _prep_quoted_printable() | Derek Jones | 1 | -1/+4 | |
2008-08-06 | fixed bug where dechex() was being fed the wrong variable for encoding space ↵ | Derek Jones | 1 | -1/+1 | |
and tab characters at the end of a line of quoted-printable encoded content | |||||
2008-07-13 | removed unnecessary foreach() loop for a str_replace() | Derek Jones | 1 | -4/+1 | |
2008-07-03 | re-included URL encoded characters within _remove_invisible_characters() ↵ | Derek Jones | 1 | -1/+3 | |
which were mistakenly pulled out in a previous commit, not released | |||||
2008-07-03 | changed link and image regex to be more precise in matching tags, reducing ↵ | Derek Jones | 1 | -3/+3 | |
false positive matches | |||||
2008-07-01 | Changed regex for onfoo event handlers to prevent unwanted matching of text ↵ | Derek Jones | 1 | -4/+4 | |
such as locatiON, cONtent, etc. | |||||
2008-06-30 | whitespace | Derek Jones | 1 | -1/+0 | |
2008-06-30 | simplified regex for _remove_invisible_characters() - since we ↵ | Derek Jones | 1 | -5/+4 | |
rawurldecode() the string, there's no need to go looking for url encoded characters here | |||||
2008-06-27 | Moved the <label> output ability from the language library to a language ↵ | Derek Jones | 1 | -8/+1 | |
helper (hotfix for 1.6.3) | |||||
2008-06-27 | Fixed a double opening <p> tag in the index pages of each system ↵ | Derek Allard | 1 | -8/+3 | |
directory. | |||||
2008-06-26 | changed your-site.com to example.com doc-wide | Derek Jones | 1 | -1/+1 | |
2008-06-25 | fixed accidental removal of $converted_string in xss_clean() for image ↵ | Derek Jones | 1 | -0/+5 | |
comparison | |||||
2008-06-25 | added a bit of leeway for images to avoid the more common false-positives ↵ | Derek Jones | 1 | -2/+11 | |
that using xss_clean() on image files might trigger | |||||
2008-06-25 | Further improvements to xss_clean() | Derek Jones | 1 | -47/+83 | |
2008-06-20 | Added the ability to automatically output language items as form labels in ↵ | Derek Allard | 1 | -3/+11 | |
the Language class. | |||||
2008-06-20 | Added get_post() to the Input class. | Derek Allard | 1 | -0/+22 | |
Documented get() in the Input class. | |||||
2008-06-16 | correcting some docblock comments | Derek Allard | 5 | -15/+15 | |
2008-06-06 | added quoted-printable headers when $this->send_multipart has been manually ↵ | Derek Jones | 1 | -1/+2 | |
changed to FALSE | |||||
2008-06-06 | Removed an unused Router reference in _display_cache(). | Derek Allard | 1 | -3/+1 | |
2008-06-04 | picky picky Jones adjusts some syntax | Derek Jones | 1 | -2/+1 | |
2008-06-04 | a few tweaks for speed | Derek Allard | 1 | -3/+4 | |
2008-06-04 | simplified and refactored input filtering and retrieval | Derek Jones | 1 | -97/+32 | |
2008-06-04 | emendation to on* event handler removal | Derek Jones | 1 | -3/+2 | |
2008-05-30 | decided just to kill all on*= event handlers, rather than trying to keep up ↵ | Derek Jones | 1 | -2/+2 | |
with (and require users to do the same) with a blacklist. | |||||
2008-05-30 | moved word compacting to a callback for clarity, added a few js event ↵ | Derek Jones | 1 | -3/+20 | |
handlers for removal | |||||
2008-05-22 | Fixed a bug (#4561) where orhaving() wasn't properly passing values. | Derek Allard | 2 | -2/+0 | |
Removed some unused variables from the code (#4563). Fixed a bug where having() was not adding an = into the statement (#4568). | |||||
2008-05-21 | more complete protection against malformed link tags to protect against hex ↵ | Derek Jones | 1 | -13/+25 | |
entities and href=data:url exploits | |||||
2008-05-21 | customizable query string | Derek Allard | 1 | -6/+21 | |
2008-05-21 | Added support for query strings to the Pagination class, automatically ↵ | Derek Allard | 1 | -2/+11 | |
detected or explicitly declared. | |||||
2008-05-20 | improved security in xss_clean(), added <audio> and <video> tags to naughty ↵ | Derek Jones | 1 | -22/+14 | |
HTML tags, and the HTML5 event handlers onerror and onended | |||||
2008-05-16 | changed foreach() reindexing of segment arrays to array_unshift() - teensy ↵ | Derek Jones | 1 | -15/+2 | |
tiny memory and speed improvement. | |||||
2008-05-16 | fixed regular expression in Image lib, CI bug #4542 | Derek Jones | 1 | -1/+1 | |
2008-05-15 | addition xss protection against certain data urls, stripping of anything ↵ | Derek Jones | 1 | -2/+12 | |
sent with utf-7 encoding | |||||
2008-05-15 | added ability to use xss_clean() to test images, and improved security for ↵ | Derek Jones | 1 | -37/+49 | |
vectors particular to the Opera family of browsers | |||||
2008-05-14 | Set the mime type check in the Upload class to reference the global mimes ↵ | Derek Allard | 1 | -1/+3 | |
variable. | |||||
2008-05-14 | force closing tag on eval() for servers not running short_open_tags | Derek Jones | 1 | -1/+1 | |
2008-05-13 | Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). ↵ | Derek Jones | 1 | -21/+3 | |
You're coming with me, pal! | |||||
2008-05-13 | increased security and performance of xss_clean(), added ↵ | Derek Jones | 1 | -24/+56 | |
_sanitize_naughty_html() callback and removed "never allowed" items to a class property | |||||
2008-05-13 | The Zip class has undergone a substantial re-write for speed and clarity | Derek Allard | 1 | -120/+101 | |
2008-05-13 | Some sweeping syntax changes for consistency: | Derek Jones | 32 | -360/+384 | |
(! foo) changed to ( ! foo) || changed to OR changed newline standardization code in various places from preg_replace to str_replace | |||||
2008-05-13 | adjusted eval() statement in Loader to accommodate servers with ↵ | Derek Jones | 1 | -1/+1 | |
short_open_tag disabled with the new change of removing closing PHP tags from files | |||||
2008-05-13 | minor source formatting | Derek Allard | 2 | -22/+22 | |
2008-05-13 | preg_split changed to explode | Derek Allard | 1 | -165/+165 | |
2008-05-13 | substr checks swapped out with strncmp | Derek Allard | 1 | -16/+72 | |
{ braces } added around if and for statements | |||||
2008-05-12 | fixed a misspelling in the Input library of CDATA | Derek Allard | 1 | -1/+1 | |
2008-05-12 | removed an ereg from config | Derek Allard | 4 | -124/+125 | |
added a qualifier to a str_replace for \t in Input changed substr to strncmp in Codeigniter.php and directory_map function added braces in an if statement of unit test Removed "scripts" from the auto-load search path. Scripts were deprecated in Version 1.4.1 (September 21, 2006). If you still need to use them for legacy reasons, they must now be manually loaded in each Controller. | |||||
2008-05-12 | Added protection in xss_clean() for GET variables in URLs | Derek Jones | 1 | -3/+55 | |
http://codeigniter.com/bug_tracker/bug/4167/ |