summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2008-07-03changed link and image regex to be more precise in matching tags, reducing ↵Derek Jones1-3/+3
false positive matches
2008-07-01Changed regex for onfoo event handlers to prevent unwanted matching of text ↵Derek Jones1-4/+4
such as locatiON, cONtent, etc.
2008-06-30whitespaceDerek Jones1-1/+0
2008-06-30simplified regex for _remove_invisible_characters() - since we ↵Derek Jones1-5/+4
rawurldecode() the string, there's no need to go looking for url encoded characters here
2008-06-30fixed some whitespace in the number helper and improved on the calculation ↵Derek Jones1-9/+9
method
2008-06-27Moved the <label> output ability from the language library to a language ↵Derek Jones2-8/+59
helper (hotfix for 1.6.3)
2008-06-27Fixed a double opening &lt;p&gt; tag in the index pages of each system ↵Derek Allard31-248/+93
directory.
2008-06-27bump CI_VERSION to 1.6.3Derek Allard1-1/+1
2008-06-26changed your-site.com to example.com doc-wideDerek Jones4-9/+9
2008-06-26Number helper uses lang filesDerek Allard2-5/+18
Bytes use whole numbers (123.0 bytes is just silly)
2008-06-25fixed accidental removal of $converted_string in xss_clean() for image ↵Derek Jones1-0/+5
comparison
2008-06-25added a bit of leeway for images to avoid the more common false-positives ↵Derek Jones1-2/+11
that using xss_clean() on image files might trigger
2008-06-25Further improvements to xss_clean()Derek Jones1-47/+83
2008-06-20Added the ability to automatically output language items as form labels in ↵Derek Allard1-3/+11
the Language class.
2008-06-20Added get_post() to the Input class.Derek Allard1-0/+22
Documented get() in the Input class.
2008-06-19(no commit message)Derek Allard1-67/+71
2008-06-19added a Number helperDerek Jones1-0/+68
2008-06-19removed maxlength and size as automatically added attributes in form helperDerek Allard1-1/+1
2008-06-16correcting some docblock commentsDerek Allard5-15/+15
2008-06-09Added a language key for valid_emails in validation_lang.php.Derek Allard1-2/+3
2008-06-06added quoted-printable headers when $this->send_multipart has been manually ↵Derek Jones1-1/+2
changed to FALSE
2008-06-06Removed an unused Router reference in _display_cache().Derek Allard2-4/+2
2008-06-06goofed. Fixed up.Derek Allard1-1/+6
2008-06-06default to post methodDerek Allard1-4/+1
2008-06-06Form helper refactored to allow form_open() and form_fieldset() to accept ↵Derek Allard1-19/+51
arrays or strings as arguments.
2008-06-04picky picky Jones adjusts some syntaxDerek Jones1-2/+1
2008-06-04a few tweaks for speedDerek Allard1-3/+4
2008-06-04simplified and refactored input filtering and retrievalDerek Jones1-97/+32
2008-06-04emendation to on* event handler removalDerek Jones1-3/+2
2008-06-04whitespace, whitespace, schmeitespaceDerek Jones1-1/+1
2008-06-04compacting some whitespaceDerek Jones1-5/+1
2008-06-04bit of a code cleanupDerek Allard1-6/+5
2008-06-04change AR behaviour so that blank values result in empty quotesDerek Allard1-6/+4
2008-05-30decided just to kill all on*= event handlers, rather than trying to keep up ↵Derek Jones1-2/+2
with (and require users to do the same) with a blacklist.
2008-05-30moved word compacting to a callback for clarity, added a few js event ↵Derek Jones1-3/+20
handlers for removal
2008-05-29made MySQL/MySQLi forge use explicitly named KEYs, added ability to specify ↵Derek Jones8-27/+95
multi-column non-primary keys in table creation
2008-05-29added error suppression to fopen() in write_file()Derek Jones1-1/+1
2008-05-22Fixed a bug (#4561) where orhaving() wasn't properly passing values.Derek Allard3-4/+6
Removed some unused variables from the code (#4563). Fixed a bug where having() was not adding an = into the statement (#4568).
2008-05-21more complete protection against malformed link tags to protect against hex ↵Derek Jones1-13/+25
entities and href=data:url exploits
2008-05-21customizable query stringDerek Allard1-6/+21
2008-05-21Added support for query strings to the Pagination class, automatically ↵Derek Allard1-2/+11
detected or explicitly declared.
2008-05-20improved security in xss_clean(), added <audio> and <video> tags to naughty ↵Derek Jones1-22/+14
HTML tags, and the HTML5 event handlers onerror and onended
2008-05-18Moved the _has_operators() function into DB_driver from DB_active_rec.Derek Allard2-20/+22
2008-05-17reduced $mobiles to single arrayDerek Jones1-14/+13
2008-05-16Considerably expanded list of mobile user-agents in config/user_agents.php.Derek Allard1-12/+71
2008-05-16changed foreach() reindexing of segment arrays to array_unshift() - teensy ↵Derek Jones1-15/+2
tiny memory and speed improvement.
2008-05-16fixed regular expression in Image lib, CI bug #4542Derek Jones1-1/+1
2008-05-15addition xss protection against certain data urls, stripping of anything ↵Derek Jones1-2/+12
sent with utf-7 encoding
2008-05-15added ability to use xss_clean() to test images, and improved security for ↵Derek Jones1-37/+49
vectors particular to the Opera family of browsers
2008-05-14Set the mime type check in the Upload class to reference the global mimes ↵Derek Allard1-1/+3
variable.