summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2007-07-12fixed quoted-printable in HTML emails, and added htmlspecialchars() to email ↵Derek Jones1-4/+100
debugging output
2007-07-12type cast $key => $val pair in $options array as strings for friendlier ↵Derek Jones1-0/+3
handling of setting options as 'selected'
2007-07-12fixed the plural() and singular() function commentsDerek Jones1-2/+2
2007-07-11adding type casting of $title argument in URL helper functions to a string. ↵Derek Jones1-0/+8
A numeric 0 sent to these functions would evaluate if ($title == '') as TRUE, and type casting seems the more appropriate fix than simply using $title === '', since we're expecting and treating $title as a string.
2007-07-11bugfix for profiler output: POST keys were not being displayed properly, and ↵Derek Jones1-2/+2
queries needed htmlspecialchars()
2007-07-11inflector helper changes to account for words ending in "s"Derek Allard1-32/+46
2007-07-11fixed log message typoDerek Allard1-1/+1
2007-06-28Instead of doing file name security for Enable Query Strings, I am using the ↵paulburdick1-6/+5
already existin _filter_uri()
2007-06-28(no commit message)paulburdick2-2/+1
2007-06-28Modified the include so that there is a bit of filename securitypaulburdick1-1/+1
2007-06-28*Added filename_security() method to Input librarypaulburdick1-0/+50
*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.
2007-06-28*Modified the Router so that when Query Strings are Enabled, the controller ↵paulburdick1-3/+4
trigger and function trigger values are sanitized for filename include security.
2007-06-28(no commit message)paulburdick1-4/+13
2007-06-28Improved XSS clean to not allowing this:paulburdick1-4/+12
xss_clean("<x<xss>ss <scr<xss>ipt a='>'>alert/**/('!');//*/</script</script >>");
2007-06-26(no commit message)paulburdick1-1/+1
2007-06-26*Updated the XSS Filtering to take into account the IE expression() abilitypaulburdick1-1/+7
2007-06-24Modified the is_image() method in the Upload library to take into account ↵paulburdick1-5/+16
Windows IE 6/7 eccentricities when dealing with MIMEs
2007-06-24Fixed the do_xss_clean() method so that if file_get_contents returns FALSE, ↵paulburdick1-1/+1
then we return FALSE... Previously, if it did NOT return FALSE we returned FALSE and that is simply idiotic.
2007-06-18typo in commentsDerek Allard1-1/+1
2007-06-14(no commit message)Rick Ellis1-3/+3
2007-06-13(no commit message)Rick Ellis1-1/+1
2007-06-12(no commit message)Rick Ellis1-1/+1
2007-06-12(no commit message)Rick Ellis1-1/+1
2007-06-12(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-7/+43
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-19/+17
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-2/+2
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-6/+8
2007-06-11(no commit message)Rick Ellis1-4/+4
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-09(no commit message)Rick Ellis1-1/+1
2007-06-09(no commit message)Rick Ellis1-10/+23
2007-06-09(no commit message)Rick Ellis3-17/+10
2007-05-24typo fixDerek Allard1-1/+1
2007-05-09typo fixesDerek Allard3-99/+94
2007-05-04Modified XSS Cleaning routine to be more performance friendly and compatible ↵Derek Jones1-8/+47
with PHP 5.2's new PCRE backtrack and recursion limits. - replaced link and image tag javascript sanitization preg_replace()'s with callback functions to avoid excessive backtracks on strings with many links / image tags.
2007-05-02return preg_replace("|^/*(.+?)/*$|", "\\1", $str);Derek Allard1-2/+2
to return trim($str, '/');
2007-05-02$this->base_url = preg_replace("/(.+?)\/*$/", "\\1/", $this->base_url);Derek Allard1-2/+2
changed to $this->base_url = rtrim($this->base_url, '/') .'/';
2007-05-02// Prep the current page - no funny business!Derek Allard1-1/+1
$this->cur_page = preg_replace("/[a-z\-]/", "", $this->cur_page); became // Prep the current page - no funny business! $this->cur_page = (int) $this->cur_page;
2007-05-01fixed a bug in the calendar libraryDerek Allard1-1/+1
2007-04-30added a note about regex and custom routesDerek Allard1-48/+49
2007-04-30fixed bug in outputDerek Allard1-1/+1
2007-04-30fixed a typo in rpcs.php libraryDerek Allard1-1/+1
2007-04-27(no commit message)Rick Ellis1-1/+1
2007-04-27modified _add_data() to be compatible with OS XDerek Jones1-5/+2
(removed CRC and length from end of file stream)
2007-04-27fixed checked = 1 to be checked = checked in array created checkboxesDerek Allard1-0/+6