summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2008-06-06default to post methodDerek Allard1-4/+1
2008-06-06Form helper refactored to allow form_open() and form_fieldset() to accept ↵Derek Allard1-19/+51
arrays or strings as arguments.
2008-06-04picky picky Jones adjusts some syntaxDerek Jones1-2/+1
2008-06-04a few tweaks for speedDerek Allard1-3/+4
2008-06-04simplified and refactored input filtering and retrievalDerek Jones1-97/+32
2008-06-04emendation to on* event handler removalDerek Jones1-3/+2
2008-06-04whitespace, whitespace, schmeitespaceDerek Jones1-1/+1
2008-06-04compacting some whitespaceDerek Jones1-5/+1
2008-06-04bit of a code cleanupDerek Allard1-6/+5
2008-06-04change AR behaviour so that blank values result in empty quotesDerek Allard1-6/+4
2008-05-30decided just to kill all on*= event handlers, rather than trying to keep up ↵Derek Jones1-2/+2
with (and require users to do the same) with a blacklist.
2008-05-30moved word compacting to a callback for clarity, added a few js event ↵Derek Jones1-3/+20
handlers for removal
2008-05-29made MySQL/MySQLi forge use explicitly named KEYs, added ability to specify ↵Derek Jones8-27/+95
multi-column non-primary keys in table creation
2008-05-29added error suppression to fopen() in write_file()Derek Jones1-1/+1
2008-05-22Fixed a bug (#4561) where orhaving() wasn't properly passing values.Derek Allard3-4/+6
Removed some unused variables from the code (#4563). Fixed a bug where having() was not adding an = into the statement (#4568).
2008-05-21more complete protection against malformed link tags to protect against hex ↵Derek Jones1-13/+25
entities and href=data:url exploits
2008-05-21customizable query stringDerek Allard1-6/+21
2008-05-21Added support for query strings to the Pagination class, automatically ↵Derek Allard1-2/+11
detected or explicitly declared.
2008-05-20improved security in xss_clean(), added <audio> and <video> tags to naughty ↵Derek Jones1-22/+14
HTML tags, and the HTML5 event handlers onerror and onended
2008-05-18Moved the _has_operators() function into DB_driver from DB_active_rec.Derek Allard2-20/+22
2008-05-17reduced $mobiles to single arrayDerek Jones1-14/+13
2008-05-16Considerably expanded list of mobile user-agents in config/user_agents.php.Derek Allard1-12/+71
2008-05-16changed foreach() reindexing of segment arrays to array_unshift() - teensy ↵Derek Jones1-15/+2
tiny memory and speed improvement.
2008-05-16fixed regular expression in Image lib, CI bug #4542Derek Jones1-1/+1
2008-05-15addition xss protection against certain data urls, stripping of anything ↵Derek Jones1-2/+12
sent with utf-7 encoding
2008-05-15added ability to use xss_clean() to test images, and improved security for ↵Derek Jones1-37/+49
vectors particular to the Opera family of browsers
2008-05-14Set the mime type check in the Upload class to reference the global mimes ↵Derek Allard1-1/+3
variable.
2008-05-14Added missing semicolon in upload_lang.phpDerek Jones1-3/+3
2008-05-14set $DB->char_set and $DB->dbcollat defaults to utf8 and utf8_general_ci ↵Derek Jones1-2/+2
respectively
2008-05-14fixed bug #3419 where the 'database' setting for DSN connections was using ↵Derek Jones2-2/+25
the host portion of the URL instead of the path. Added ability to set other db config values in DSN connections via query string
2008-05-14force closing tag on eval() for servers not running short_open_tagsDerek Jones1-1/+1
2008-05-13hotfix for a bug in database error display introduced by 1.6.2 fix for bugs ↵Derek Jones1-3/+8
#4451, #4299, and #4339
2008-05-13Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). ↵Derek Jones1-21/+3
You're coming with me, pal!
2008-05-13increased security and performance of xss_clean(), added ↵Derek Jones1-24/+56
_sanitize_naughty_html() callback and removed "never allowed" items to a class property
2008-05-13The Zip class has undergone a substantial re-write for speed and clarityDerek Allard1-120/+101
2008-05-13removed some stray testing codeDerek Allard2-23/+17
2008-05-13reverted OR back to || for js_calendar_pi.php javascriptDerek Jones1-6/+6
2008-05-13Some sweeping syntax changes for consistency:Derek Jones105-879/+915
(! foo) changed to ( ! foo) || changed to OR changed newline standardization code in various places from preg_replace to str_replace
2008-05-13adjusted eval() statement in Loader to accommodate servers with ↵Derek Jones1-1/+1
short_open_tag disabled with the new change of removing closing PHP tags from files
2008-05-13minor source formattingDerek Allard4-36/+35
2008-05-13preg_split changed to explodeDerek Allard1-165/+165
2008-05-13substr checks swapped out with strncmpDerek Allard1-16/+72
{ braces } added around if and for statements
2008-05-12fixed a misspelling in the Input library of CDATADerek Allard1-1/+1
2008-05-12removed an ereg from configDerek Allard6-130/+131
added a qualifier to a str_replace for \t in Input changed substr to strncmp in Codeigniter.php and directory_map function added braces in an if statement of unit test Removed "scripts" from the auto-load search path. Scripts were deprecated in Version 1.4.1 (September 21, 2006). If you still need to use them for legacy reasons, they must now be manually loaded in each Controller.
2008-05-12Escape behaviour in where() clauses has changed; values in those with the ↵Derek Allard1-19/+22
"FALSE" argument are no longer escaped (ie: quoted).
2008-05-12(no commit message)Rick Ellis1-22/+57
2008-05-12Added protection in xss_clean() for GET variables in URLsDerek Jones1-3/+55
http://codeigniter.com/bug_tracker/bug/4167/
2008-05-12Fixed a bug in AR compiling, where select statements with arguments got ↵Derek Allard1-3/+10
incorrectly escaped (#3478).
2008-05-12changed $xmlrpcDateTime property to all lowercase 'datetime.iso8601' so it ↵Derek Jones1-3/+3
can be recognized as a valid XML-RPC type http://codeigniter.com/bug_tracker/bug/4153/
2008-05-12fixed a bug that would lead to a PHP notice error of array to string ↵Derek Jones1-2/+4
conversion in prep_for_form() http://codeigniter.com/bug_tracker/bug/4425/