Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2015-11-06 | Simpler way to detect an IPv6 address (strpos) | Nate Silva | 1 | -1/+1 | |
2015-11-05 | Build base_url correctly if SERVER_ADDR is IPv6 | Nate Silva | 1 | -1/+9 | |
2015-11-04 | Merge branch '3.0-stable' into develop | Andrey Andreev | 20 | -397/+316 | |
2015-11-04 | [ci skip] Start of 3.0.4 development | Andrey Andreev | 1 | -1/+1 | |
2015-10-31 | [ci skip] Update changelog, version & upgrade instructions | Andrey Andreev | 1 | -1/+1 | |
2015-10-31 | Use proper randomness when generating CAPTCHAs | Andrey Andreev | 1 | -2/+87 | |
2015-10-31 | Prevent Host header injections | Andrey Andreev | 1 | -4/+2 | |
2015-10-31 | Harden xss_clean() | Andrey Andreev | 1 | -27/+39 | |
2015-10-30 | Fix #4192 | Andrey Andreev | 1 | -5/+8 | |
2015-10-30 | Fix #3201 | Andrey Andreev | 1 | -1/+6 | |
2015-10-19 | Fix #4171 and a number of other transaction bugs | Andrey Andreev | 13 | -354/+162 | |
2015-10-19 | Fix #4173 | Andrey Andreev | 1 | -1/+7 | |
This reverts commit 7cc6cea2d421862726081a39e932dbceeefcc775 from PR #3968. At the time this seemed logical, but turns out it breaks the ability to create non-PRIMARY composite keys, so ... | |||||
2015-10-18 | Fix #4179 | Andrey Andreev | 1 | -0/+4 | |
2015-10-13 | [ci skip] Fix #4170 | Andrey Andreev | 1 | -3/+1 | |
2015-10-12 | Merge branch '3.0-stable' into develop | Andrey Andreev | 16 | -177/+240 | |
2015-10-12 | [ci skip] This is 3.0.3-dev | Andrey Andreev | 1 | -1/+1 | |
2015-10-12 | Optimize csv_from_result speed. | Ahmad Anbar | 1 | -2/+3 | |
2015-10-10 | Optimize csv_from_result speed. | Ahmad Anbar | 1 | -2/+3 | |
2015-10-08 | [ci skip] Prepare 3.0.2 release | Andrey Andreev | 1 | -1/+1 | |
2015-10-05 | Some more intrusive XSS cleaning | Andrey Andreev | 1 | -5/+11 | |
2015-10-05 | Close #4155 | Andrey Andreev | 1 | -1/+1 | |
2015-10-02 | More XSS stuff | Andrey Andreev | 1 | -1/+1 | |
2015-09-29 | Merge pull request #4126 from zoaked/patch-1 | Andrey Andreev | 1 | -1/+0 | |
Persist config file rules when using FV reset_validation() | |||||
2015-09-26 | Removing config_rules from reset_validation | zoaked | 1 | -6/+1 | |
Signed-off-by: Junior Asparagus<zoaked@hotmail.com> | |||||
2015-09-24 | Fix #4137 | Andrey Andreev | 1 | -1/+1 | |
2015-09-22 | Styling changes | zoaked | 1 | -3/+5 | |
2015-09-21 | More XSS stuff | Andrey Andreev | 1 | -3/+3 | |
2015-09-21 | Switch from saving copy of config to reset method parameter | zoaked | 1 | -4/+5 | |
2015-09-20 | Persist config file settings when resetting form_validation | zoaked | 1 | -2/+3 | |
When checking multiple arrays using form_validation you have to call reset_validation between each separate check due to the instance of the library being a singleton. The issue comes in when the settings are loaded from a config file as they are initially loaded from a parameter in the constructor, but are set to an empty array when resetting the class. To get around this issue a copy of the config parameter is made and then the copy is used to reset the rules when clearing. | |||||
2015-09-17 | Don't allow open-ended tags to pass through xss_clean() | Andrey Andreev | 1 | -4/+9 | |
This was a regression caused by the previous commit | |||||
2015-09-17 | Refactor 'evil attributes' sanitization logic | Andrey Andreev | 1 | -92/+66 | |
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes(). | |||||
2015-09-16 | Fix #4116 | Andrey Andreev | 1 | -6/+6 | |
Close #4117 | |||||
2015-09-16 | Fix #4120 | Andrey Andreev | 1 | -3/+13 | |
2015-09-15 | Missing character in the evil attributes pattern | Andrey Andreev | 1 | -1/+1 | |
2015-09-14 | Another addition to tag detection patterns in xss_clean() | Andrey Andreev | 1 | -1/+4 | |
2015-09-14 | Close #4098 | Andrey Andreev | 1 | -2/+18 | |
2015-09-14 | Fix #4032 | Andrey Andreev | 1 | -5/+8 | |
2015-09-14 | Fix #4044 | Andrey Andreev | 1 | -5/+5 | |
2015-09-14 | Fix #4109 | Andrey Andreev | 1 | -20/+22 | |
2015-09-14 | Add 'eval' to a JS blacklist in xss_clean() | Andrey Andreev | 1 | -7/+10 | |
2015-09-14 | Move _remove_evil_attributes() call | Andrey Andreev | 1 | -4/+3 | |
2015-09-11 | Harden xss_clean() more | Andrey Andreev | 1 | -5/+37 | |
This time eliminate false positives for the 'naughty html' logic. | |||||
2015-09-11 | Improve on previous commit | Andrey Andreev | 1 | -1/+1 | |
2015-09-11 | Replace the latest XSS patches | Andrey Andreev | 1 | -9/+21 | |
This one fixes yet another issue, is cleaner and faster. | |||||
2015-09-10 | Last commit didn't adjust a RE index | Andrey Andreev | 1 | -1/+1 | |
2015-09-10 | Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -2/+2 | |
2015-09-10 | Change form validation library to allow the pipe character within square ↵ | rich | 1 | -1/+1 | |
brackets | |||||
2015-09-10 | Fix #4106 | Andrey Andreev | 1 | -2/+2 | |
2015-09-09 | Change form validation library to allow the pipe character within square ↵ | rich | 1 | -1/+1 | |
brackets | |||||
2015-09-07 | Remove unnecessary count() calls from _sanitize_globals() | Andrey Andreev | 1 | -3/+3 | |
foreach() just won't execute for an empty array, it does that check internally. |