summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2011-04-22Fixed re-searching for config file even though one had been loaded ($found ↵katzgrau1-1/+2
was set to true, never reset). Also fixes getsparks issue.
2011-04-21Flipping around contents of a conditional in _ci_load() so the small bits ↵Greg Aker1-6/+6
are on top.
2011-04-20Fixed a bug (Core #340) where when passing in the second parameter to ↵Greg Aker1-12/+8
$this->db->select(), column names in subsequent queries would not be properly escaped.
2011-04-20Altered Session to use a longer match against the user_agent string. See ↵Greg Aker1-2/+2
upgrade notes if using database sessions.</li
2011-04-20Automated merge with http://hg.ellislab.com/CodeIgniter-ReactorGreg Aker3-37/+69
2011-04-20Refactoring the loader to set protected class variables.Greg Aker3-37/+69
Moved _ci_autoload(), which is used in CI_Controller to be a public method. Also added CI_Loader::set_base_classes() to be called in the controller so we're not setting protected vars in another class. Also refactored in the form_helper so it's not trying to access protected vars in CI_Loader. Added the is_loaded() method to the loader to take care of the checks that were being done there.
2011-04-20Change in core/Security.php to match coding standards.Greg Aker1-1/+2
2011-04-20Automated merge with http://hg.ellislab.com/CodeIgniter-ReactorDerek Jones2-2/+32
2011-04-20Altering the loader to be able to load views from packages when adding the ↵Greg Aker2-53/+59
package path with add_package_path().
2011-04-19modified MySQL and MySQLi drivers to address a potential SQL injection ↵Derek Jones2-2/+32
attack vector when multi-byte character set connections are employed. (Does not impact Latin-1, UTF-8, etc. encodings)
2011-04-191/2 reverting a previous change to the form_helper. Wrapping hidden form ↵Greg Aker1-1/+1
elements in <div style="display:none"></div> instead of an empty div. If a user is styling form div {} they can run into display issues, so something is needed.
2011-04-19Removing internal references to the EXT constant. Additionally, marked the ↵Greg Aker22-112/+112
constant as deprecated. Use ".php" instead. Also adding upgrade notes from 2.0.2 to 2.0.3.
2011-04-18changeset: 2204:37301a84c8beGreg Aker1-6/+29
tag: tip user: Greg Aker <greg.aker@ellislab.com> date: Mon Apr 18 15:51:28 2011 -0500 summary: Adding toggle show/hide on database queries in the output profiler. Added a profiler config item to set a threshold of when to hide the queries by default. Additionally, fixed a bug I created earlier today by marking the $CI class var in CI_Profiler as private.
2011-04-18changeset: 2202:06a75a1bd622Greg Aker1-2/+2
tag: tip user: Greg Aker <greg.aker@ellislab.com> date: Mon Apr 18 11:10:37 2011 -0500 summary: Tweak to session class all_userdata() to just return the userdata array. Also documented previously undocumented all_userdata() method.
2011-04-18Added Session Class userdata to the output profiler. Additionally, added a ↵Greg Aker2-6/+42
show/hide toggle on HTTP Headers, Session Data and Config Variables.
2011-04-18Added an optional third parameter to heading() which allows adding html ↵Greg Aker1-2/+3
attributes to the rendered heading tag.
2011-04-18Changed path in footer comment of cache dummy.Eric Barnes1-12/+12
2011-04-18Changed server check to ensure SCRIPT_NAME is defined. Fixes #57Eric Barnes1-5/+5
2011-04-11Fix: codeigniter-reactor/199 cookie name was overwritten with token namepatwork1-2/+4
2011-04-11Fix: codeigniter-reactor/32 unicorns are no longer mutepatwork1-4/+4
2011-04-09Fix: codeigniter-reactor/199 CSRF config in Security class is no longer ignoredpatwork1-1/+10
2011-04-08Fix: codeigniter-reactor/127 Form_validation rule error loggingpatwork1-1/+5
2011-04-08There is absolutely no need to specify class name (it will validate anyway).patwork1-2/+2
2011-04-08Deals with language errors after codeigniter-reactor commit r2307:c43c6dea56fbpatwork1-22/+22
2011-04-08Fix: codeigniter-reactor/193 incorrect driver filepathspatwork1-2/+2
2011-04-08Fix: #192 CI version constant incorrect in core/CodeIgniterGreg Aker1-1/+1
2011-04-08Fixing a bug in the form_helper where csrf_token_name and csrf_hash were ↵Greg Aker1-1/+1
referencing class properties in the Security class that were moved.
2011-04-07Made in Output protected again, it was only ever made public by Eric to fix ↵Phil Sturgeon1-1/+1
an issue with the Dwoo MY_Parser, which is no reason to change core files. That Parser doesn't really even need the acess.
2011-04-07Changed the 'plural' function so that it doesn't ruin the captalization of ↵Phil Sturgeon1-13/+15
your string. It also take into consideration acronyms which are all caps.
2011-04-06Made Environment Support optional. Comment out or delete the constant to ↵Phil Sturgeon12-377/+419
stop environment checks.
2011-04-06Made Environment Support optional. Comment out or delete the constant to ↵Phil Sturgeon15-57/+54
stop environment checks.
2011-04-05Fixed a bug in the Javascript Library where improperly escaped characters ↵Pascal Kriete1-1/+1
could result in arbitrary javascript execution.
2011-04-05Removing dohash and deprecating CI_SHAPascal Kriete1-33/+1
2011-04-05Tightening up control character handling in urlsPascal Kriete1-23/+34
2011-04-05Removing security loading calls.Pascal Kriete4-26/+4
2011-04-05Moving security to core.Pascal Kriete4-10/+15
2011-04-05tweaking remove_invisible_characters to make urlencoded character stripping ↵Pascal Kriete1-15/+13
optional
2011-04-05Improving parameter security in xss cleanPascal Kriete1-269/+351
2011-04-03Fixed loading an array of libraries.Phil Sturgeon1-1/+1
2011-04-02Added CI_ Prefix to the Cache driver.Phil Sturgeon6-19/+19
2011-04-02Added is_cli_request() method to documentation for Input class.Phil Sturgeon1-0/+4
2011-04-02Removed double-spacing from ftp_lang.php sentances.Phil Sturgeon1-7/+7
2011-04-02Fixed issue #153 Escape Str Bug in MSSQL driverPhil Sturgeon1-3/+5
2011-04-01Merged changes.Phil Sturgeon1-13/+3
2011-03-25Fixed merge.Phil Sturgeon1-3/+3
2011-03-22->db->count_all_results() will now return an integer instead of a string.Phil Sturgeon1-2/+2
2011-03-22If you do is_really_writable() on a file that does not exist on a Windows ↵Eric Barnes1-1/+1
server or on a Unix box with safe_mode enabled, it will create the file and leave it there. Fixes #80
2011-03-22Added error logging to language. Fixes #32Eric Barnes1-0/+7
2011-03-22Fixed logic and removed the error supressingEric Barnes8-39/+34
2011-03-18Changed scope on parse_exec_vars. Fixes #145Eric Barnes1-7/+6