summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2012-05-19Fix issue #726Andrey Andreev1-8/+8
2012-05-17Merge pull request #1366 from aphofstede/2.1-stableAndrey Andreev1-1/+1
Check cookie against md5 regex. 2.1 stable CSRF injection security fix
2012-05-17Check cookie against md5 regex.Alexander Hofstede1-1/+1
Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser.
2012-05-07Added a return false if an image doesn't pass XSS cleaning to prevent ↵Wes Baker1-0/+4
file_get_contents from returning a NULL and passing through unscathed.
2012-04-23Corrected the migration_missing_down_method language stringRepox1-1/+1
2012-03-04Merge pull request #1116 from tubalmartin/helpers|url|2.1-stablePhil Sturgeon1-20/+16
2.1 stable - An improved url_title helper function
2012-03-04Allow developers to use any string as a separator, not just dashes or ↵tubalmartin1-10/+19
underscores. Backwards compatible when using 'dash' or 'underscore' as string separator. Tests: http://codepad.org/DWcxVH5r
2012-03-03Fixed a bug - CI_Upload::_file_mime_type() could've failed if popen() is ↵tubalmartin1-1/+1
used for the detection.
2012-03-03An even better url_title helper. Tests: http://codepad.org/tuJgvkyNtubalmartin1-20/+7
Changelog entry added for 2.1.1
2012-03-01compile binds before caching the query, otherwise the cached query will ↵Ryan Dial1-6/+6
never match the unbound query. updated changlog to mention bug fix.
2012-02-12Merge pull request #757 from narfbg/2.1-stablePhil Sturgeon1-24/+78
Improve CI_Upload::_file_mime_type() realiability (2.1-stable)
2011-12-26Merge pull request #709 from tubalmartin/2.1-stablePhil Sturgeon1-0/+14
2.1.0 - Fatal error: Call to undefined method CI_DB_Driver::_reset_select()
2011-12-15Merge remote-tracking branch 'upstream/2.1-stable' into 2.1-stableAndrey Andreev1-1/+1
2011-12-13Tweak MIME regular expression check againAndrey Andreev1-1/+1
2011-12-11Fix regular expression for validating MIME type stringAndrey Andreev1-1/+1
2011-12-11Fix for Issue #538.Andrew Mackrodt1-1/+1
2011-12-09Improve CI_Upload::_file_mime_type()Andrey Andreev1-24/+78
2011-12-02Update a comment, just to be clearerAndrey Andreev1-1/+1
2011-12-02Hotfix for a file type detection bug in the Upload libraryAndrey Andreev1-2/+5
2011-12-01This fixes issue #725Repox1-2/+8
2011-11-24Changed form_open() to compare $action against base_url()John Nicely1-1/+1
Checking for strpos($action, $CI->config->site_url()) === FALSE causes CSRF token to not be added in form_open() output. When site_url()'s first parameter ($uri) is empty, site_url's return value is the base URL plus the $CI->config->item('index_page') value. form_open() and CodeIgniter's URI routing do not require index.php to be in the URL, so any call to form_open() in which the $action parameter does not have index.php will always return false for the strpos() call.
2011-11-24Added dummy _reset_select() method to CI_DB_Driver class to allow Active ↵Túbal Martín1-0/+14
Record class to be disabled. Otherwise a fatal error is triggered.
2011-11-23tmp_path does not exists, should be tmp_nameMichiel Vugteveen1-1/+1
2011-11-22Readded PDO drivers.Phil Sturgeon5-15/+565
2011-11-14Tweaking the xss filter for IE <comment> tags, parameter injection, and ↵Pascal Kriete1-50/+41
weird html5 attributes.
2011-11-14Removing stray docblocksPascal Kriete1-12/+0
2011-11-13Added TLS and SSL support to Email library. Fixes issue #171Radu Potop1-1/+19
2011-11-13Resolved issue 65 - made action on form_open_multipart helper function call ↵Ben Edmunds1-1/+1
optional
2011-11-13Fix invalid datetime formatSyahril Zulkefli1-3/+3
2011-11-13Fix invalid date formatSyahril Zulkefli1-1/+1
2011-11-13Fix invalid date formatSyahril Zulkefli1-1/+1
2011-11-08Added ->db->replace() for MySQLi.Phil Sturgeon1-0/+19
2011-11-08Enables real page numbers for URI segment in Pagination libraryAaron Kuzemchak1-12/+73
2011-11-02Fix #8 - Load core classes from the application folder first.Shane Pearson1-3/+3
2011-10-31Misc formatting fixesTimothy Warren1-7/+8
2011-10-31Set charset in DSN if PHP >= 5.3.6Timothy Warren1-1/+7
2011-10-31Changed mysql charset to PDO optionTimothy Warren1-4/+7
2011-10-28add html_escape() function to escape HTML.kenjis1-0/+24
2011-10-27Added the 'user_data' key to the userdata property so that sessions using a ↵Kyle Farris1-1/+2
database can be deleted properly when using the table schema found in the "Saving Session Data to a Database" section of the Session Class in the user guide.
2011-10-27Fixed issue #150 correctly.Phil Sturgeon2-6/+6
2011-10-27Fixed issue #150 (for mysql and mysqli), now returns the actual column length.danmontgomery4-15/+25
2011-10-27Fixed a bug (#200) where MySQL queries would be malformed after calling ↵Greg Aker9-0/+9
db->count_all() then db->get()
2011-10-27Fixed LIKE statement escaping issuesTimothy Warren1-12/+13
2011-10-27Bumped CodeIgniter version to 2.1.0.Phil Sturgeon1-1/+1
2011-10-27Some public and protected method declarationsAndrey Andreev3-59/+59
2011-10-27Remove another 2 old commentsAndrey Andreev1-3/+1
2011-10-27Cleanup and migrate oci8_driver and oci8_result from deprecated PHP4 to PHP5 ↵Andrey Andreev2-118/+120
style functions
2011-10-27get_magic_quotes_gpc() to be executed only if PHP version is 5.3 or lowerAndrey Andreev2-7/+14
2011-10-27I wasn't following the CI code style guide.diegorivera1-3/+3
2011-10-27Update system/libraries/Email.phpdiegorivera1-1/+9