summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2015-08-07Fix ReDoS-bug in string_helper.phpKevin Morssink1-1/+1
Fix for ReDoS (Regular Expression Denial of Service) / Code Injection Risk
2015-08-05Fix #4026Andrey Andreev1-1/+4
2015-08-05Reduce once $config['query_toggle_count'] checkingbjjay1-6/+0
This checking can be done by calling set_sections method when initialize profiler .
2015-08-05Fix #4027Andrey Andreev1-8/+12
2015-08-03Fix #4015Andrey Andreev1-1/+2
2015-08-03[ci skip] Normalize tabs/spacesAndrey Andreev9-18/+18
Partial changes from PR #4016
2015-07-31Fix #4012Andrey Andreev1-1/+4
2015-07-29Fix a 'counter-#3989' bugAndrey Andreev1-5/+15
The issue described in #3989 is actually the opposite of what has beent the intended behavior for the parameter in all Query Builder methods. Unfortunately, there's been a huge misunderstanding about that and half the methods worked properly, while the other half did not ... fixing that here. Also related: #4001
2015-07-28Fix #4005Andrey Andreev1-1/+1
2015-07-27Close #4004Andrey Andreev1-1/+3
2015-07-27Revert "Fix an internal bug in QB where() escaping"Andrey Andreev1-1/+4
This reverts commit 43afc71b777b00cfc2638add6fa3c47d333c5e04.
2015-07-27Revert "Fix #3989"Andrey Andreev1-4/+11
This reverts commit e1a94d30e2f30cee36f71c246136fb2db34d25df.
2015-07-26Fix #4000Andrey Andreev1-1/+2
2015-07-24Fixed typosCalvin Tam9-9/+9
2015-07-23Merge pull request #3995 from rajatsharma94/developAndrey Andreev1-1/+1
set_realpath IP check
2015-07-23Update path_helper.phprajatsharma941-1/+1
2015-07-23Security check updated.rajatsharma941-1/+1
All security check conditions are modified according to CI styleguide.
2015-07-23Update path_helper.phprajatsharma941-1/+1
2015-07-23IP checking false positives and no ipv6 checkrajatsharma941-1/+1
The currently implemented method marks all IPs between 0.0.0.0 - 999.999.999.999 as valid IP Address. Which generates false positives as any IP after 255.255.255.255 is not a valid IP address. Also, there is no check for IPv6 IP addresses. filter_var() solves both the issues.
2015-07-23IP Address checking generates false positives.medhavini1-1/+1
IP Address checking marks all IPs between 0.0.0.0 - 999.999.999.999 as valid IP Address. Which is not true.
2015-07-23Fix an issue with CI_Upload max filesizeAndrey Andreev1-0/+16
Reported via the forums: http://forum.codeigniter.com/thread-62510.html
2015-07-22Remove eval()-related logic from function_exists()Andrey Andreev1-13/+3
#3991 shows that all such checks are useless as function_exists('eval') will always return FALSE.
2015-07-22Add class_exists() checks to CI_Loader::model()Andrey Andreev1-12/+26
Helps debugging in case of controller/model/library class name collision.
2015-07-22Fix #3991Andrey Andreev1-1/+1
2015-07-21Fix #3989Andrey Andreev1-11/+4
More instances of the bug that was fixed with 43afc71b777b00cfc2638add6fa3c47d333c5e04
2015-07-20Failed security checkrajatsharma941-2/+1
The implemented security check to make sure the path is NOT a URL can easily be bypassed (gives false negative) for all subdomains. Eg "subdomain.domain.com" should ideally show an error but it does not. The new security check tries to make a fsockopen connection to validate whether the URL is external or not.
2015-07-20Security check failmedhavini1-0/+1
Security check condition to check that the path is NOT a URL may give false negative in case of subdomains. Where URLs don't start with http or www.
2015-07-20Fix #3279Andrey Andreev1-4/+4
2015-07-20Fix an internal bug in QB where() escapingAndrey Andreev1-4/+1
This is not a supported use case, but if QB escaping is force-disabled, string values passed to where() or having() aren't escaped. That's wrong because escape-disabling should only be possible for identifiers and not values. Reported via the forums: http://forum.codeigniter.com/thread-62478.html
2015-07-17Fix #3752Andrey Andreev1-21/+22
2015-07-17[ci skip] Fix #3778Andrey Andreev1-15/+6
2015-07-17[ci skip] Fix a bug reported via PR #3704Andrey Andreev1-23/+20
2015-07-16Add 'ssl_verify' option for mysqli driverAndrey Andreev1-0/+5
MYSQLI_OPT_SSL_VERIFY_SERVER_CERT is an undocumented option that may not always be available. Reference: http://svn.php.net/viewvc/php/php-src/trunk/ext/mysqli/tests/mysqli_constants.phpt?view=markup&pathrev=302897
2015-07-16Add SSL support for PDO_MYSQL tooAndrey Andreev1-2/+29
Related: #3896
2015-07-16Improve the ssl_cipher check for MySQLiAndrey Andreev1-9/+9
Related: #3896
2015-07-16Refactor proposed changes from PR #3896Andrey Andreev1-44/+28
2015-07-16Merge branch 'feature/mysqli-ssl' of github.com:ndigitals/CodeIgniter into ↵Andrey Andreev1-2/+56
feature/mysqli_ssl
2015-07-15[ci skip] Revert styleguide violations from PR #3828Andrey Andreev1-3/+3
2015-07-15Merge branch 'patch-1' of github.com:w0den/CodeIgniter into feature/output_cacheAndrey Andreev1-7/+28
2015-07-15Merge pull request #3715 from infinit89/patch-1Andrey Andreev1-1/+1
[ci skip] Fix pagination links with protocol-relative URLs
2015-07-15Merge pull request #3977 from MSDehghan/developAndrey Andreev1-1/+1
[ci skip] Fix a log message typo
2015-07-15Polish changes from PR #3893Andrey Andreev1-24/+13
2015-07-15Fix a TypoMohammad Sadegh Dehghan Niri1-1/+1
2015-07-15Merge branch 'feature/form_helper' of github.com:darkhouse/CodeIgniter into ↵Andrey Andreev1-10/+28
feature/form_helpers_extra_array Manually fixed conflicts in: user_guide_src/source/changelog.rst
2015-07-15allow add of keys with arrayAdrian Voicu1-1/+1
This will allow adding multiple keys using array (http://www.codeigniter.com/user_guide/database/forge.html#adding-keys). Only if user wants, he can use the table columns to set a primary key by setting second parameter as TRUE.
2015-07-13Add check for PCRE UTF-8 supportdimonneon1-1/+1
2015-07-10Add unicode support in url_title functiondimonneon1-2/+2
2015-07-09Fix #3965Andrey Andreev1-9/+3
2015-07-08[ci skip] Cleanup some whitespace in CI_Unit_testAndrey Andreev1-23/+23
2015-07-08Fix #3963Andrey Andreev1-3/+5