summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2008-03-18added hashing to prevent client side data tampering to sessionsDerek Allard1-0/+20
2008-03-17added filename prepping in the Upload library to prevent files with multiple ↵Derek Jones1-1/+41
extensions to potentially be parsed as a script by Apache
2008-03-06change to the way AR handles aliased tablesDerek Allard1-5/+3
2008-03-06Modified img() in the HTML Helper to remove an unneeded space.Derek Allard2-2/+2
Modified anchor() in the URL helper to convert entities in the title attribute.
2008-03-05restore a commentDerek Allard1-2/+8
2008-03-04fix silly copy-paste error in active recordDerek Allard1-1/+1
2008-03-02added or_having, deprecated orhavingDerek Allard1-2/+14
2008-02-28modified the new check for a callable controller method to be ↵Derek Jones1-1/+1
case-insensitive for backwards compatibility and consistent behavior between PHP 4 and 5.
2008-02-27added improved check for controller method access so that CI does not ↵Derek Jones2-5/+7
attempt to load private or protected controller methods added controller/method details to framework initiated 404 pages for logging
2008-02-27fixed recursion in get_filenames() (bug #3523)Derek Jones1-4/+9
2008-02-26changed conditional for empty cells to not match on variables that would be ↵Derek Jones1-1/+1
loosely cast as an empty string
2008-02-25Added 'application/vnd.ms-powerpoint' to list of mime types.Derek Allard1-1/+1
2008-02-25Fixed an AR_caching error where it wasn't tracking table aliases (#3463)Derek Allard8-8/+8
2008-02-25Moved the safe mode and auth checks for the Email library into the constructorDerek Allard1-42/+44
2008-02-21fix $FALSE to FALSEDerek Allard1-1/+1
2008-02-20modified get_filenames() to return FALSE if the directory cannot be readDerek Jones1-0/+4
2008-02-19clarified in the config comment instructions that 'permitted_uri_chars' is a ↵Derek Jones1-3/+3
regular expression
2008-02-18Escaped the '-' in the default 'permitted_uri_chars' config item, as some ↵Derek Jones1-1/+1
developers just want to add characters to the pattern and do not have a good grasp of regular expressions.
2008-02-14little protection in case an array is provided as the $params for the DB classDerek Jones1-1/+1
2008-02-13reapplied implementation of db_set_charset() for MySQLi...Derek Jones1-2/+1
2008-02-13fixed bug #3419, moved DSN parsing to DB.php so the driver could properly be ↵Derek Jones2-24/+24
set to instantiate the correct db driver class.
2008-02-13fixes to _create_table() in sqlite_forge.php:Derek Jones1-2/+3
removed space between table name and parenthesis added version check for IF NOT EXISTS
2008-02-13changed escape_str() in mysqli_driver() to use is_object() instead of ↵Derek Jones1-1/+1
is_resource() to test $this->conn_id
2008-02-13removed the array_diff comparison in _reindex_segments(). That conditional ↵Derek Jones1-15/+8
and use of those functions is probably slower than looping through both arrays, even if someone went crazy with dozens of URI segments.
2008-02-13Fixed bug (#3445) where the routed segment array when the default ↵Derek Jones1-0/+3
controller is used was not being re-indexed to begin with 1
2008-02-12(no commit message)Derek Allard1-1/+1
2008-02-12change 1.6.1 to 1.6.0.1Derek Allard1-1/+1
2008-02-11added Path HelperDerek Allard1-0/+70
2008-02-11remove backticks from ODBCDerek Allard1-8/+4
2008-02-11database enhancements, compatibility additions and bugfixesDerek Allard7-21/+29
2008-02-11driver escape_table fixesDerek Allard5-10/+10
2008-02-11escape_table made consistent with mysql driver across all driversDerek Allard5-10/+10
2008-02-11clarifying comment on sqlite escape tableDerek Allard1-5/+3
2008-02-10changes for enhanced database compatibilityDerek Allard6-23/+58
2008-02-10adding is_numeric back into validation libraryDerek Allard1-0/+14
2008-02-08changed order of SQL keywords in the $highlight array so OR would not be ↵Derek Jones1-1/+1
highlighted before ORDER BY
2008-02-07added functionality for setting client character set and collation in MySQLi ↵Derek Jones1-2/+1
driver
2008-02-06cache_stop() fix...Derek Allard1-4/+1
2008-02-05Changed the behaviour of Active Record's update() to make the WHERE clause ↵Derek Allard7-7/+35
optional (#3395)
2008-02-05* Fixed a bug (#3396) where certain POST variables would cause a PHP warning.Derek Jones1-6/+15
* Added $_SERVER, $_FILES, $_ENV, and $_SESSION to sanitization of globals.
2008-02-05Added and documented Active Record caching.Derek Allard8-42/+322
Made AR fully database-prefix aware
2008-02-04change CI_VERSION from 1.6.0 to 1.6.1Derek Allard1-1/+1
2008-02-04changed URL decoding implementation of xss_clean() to use rawurldecode() to ↵Derek Jones1-6/+3
discontinue misconversion of characters to bad entities, and to continue avoidance of unwanted removal of + signs
2008-02-01remove parenthesis from postrgre _from_tablesDerek Allard1-1/+1
2008-01-30fix orlike to call or_likeDerek Allard1-1/+1
2008-01-30added default value for $active_record when it's not setDerek Jones1-1/+1
2008-01-30Fixed bug #1813 - added check for $CI->db isset() and is_object() before ↵Derek Jones1-4/+4
returning false in Loader::database()
2008-01-30actually removed 'active_r' from database.php config like I said I already ↵Derek Jones1-1/+0
did...
2008-01-30removed 'active_r' db config variable, replaced with global $active_record ↵Derek Jones2-5/+7
setting. (bug report #1834)
2008-01-30added img() to HTML helperDerek Allard1-22/+29