Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2015-09-14 | Add 'eval' to a JS blacklist in xss_clean() | Andrey Andreev | 1 | -7/+10 | |
2015-09-14 | Move _remove_evil_attributes() call | Andrey Andreev | 1 | -4/+3 | |
2015-09-11 | Harden xss_clean() more | Andrey Andreev | 1 | -5/+37 | |
This time eliminate false positives for the 'naughty html' logic. | |||||
2015-09-11 | Improve on previous commit | Andrey Andreev | 1 | -1/+1 | |
2015-09-11 | Replace the latest XSS patches | Andrey Andreev | 1 | -9/+21 | |
This one fixes yet another issue, is cleaner and faster. | |||||
2015-09-10 | Last commit didn't adjust a RE index | Andrey Andreev | 1 | -1/+1 | |
2015-09-10 | Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -2/+2 | |
2015-09-10 | Change form validation library to allow the pipe character within square ↵ | rich | 1 | -1/+1 | |
brackets | |||||
2015-09-10 | Fix #4106 | Andrey Andreev | 1 | -2/+2 | |
2015-09-07 | Remove unnecessary count() calls from _sanitize_globals() | Andrey Andreev | 1 | -3/+3 | |
foreach() just won't execute for an empty array, it does that check internally. | |||||
2015-09-07 | Move csrf_verify() call out of _sanitize_globals() | Andrey Andreev | 1 | -6/+6 | |
It doesn't belong in there. | |||||
2015-09-03 | Fix #4096 | Andrey Andreev | 1 | -1/+1 | |
2015-09-01 | Fix #4093 | Andrey Andreev | 1 | -1/+1 | |
2015-09-01 | There was an extra = sign in this file | Marco Monteiro | 1 | -1/+1 | |
2015-08-31 | [ci skip] Fix #4091 | Andrey Andreev | 1 | -1/+1 | |
2015-08-31 | Fix #4086 | Andrey Andreev | 1 | -13/+13 | |
2015-08-31 | Fix #4073 | Andrey Andreev | 1 | -7/+16 | |
2015-08-31 | Fix #4066 | Andrey Andreev | 2 | -18/+6 | |
2015-08-20 | Fix #4065 | Andrey Andreev | 1 | -1/+1 | |
2015-08-19 | [ci skip] Fix 'sqlsrv' connect failure endless loop | Andrey Andreev | 1 | -7/+8 | |
Reported via the forums: http://forum.codeigniter.com/thread-61494.html | |||||
2015-08-17 | Allow capitals in the middle of model names | Andrey Andreev | 1 | -1/+1 | |
Requested in #4059 | |||||
2015-08-15 | Fix #4056 | Andrey Andreev | 1 | -1/+1 | |
2015-08-14 | Fix #4052 | Andrey Andreev | 1 | -20/+0 | |
The bug actually had two instances: - Callback routes with literal matches and HTTP verbs has never worked - The reported issue in #4052, which is a regression introduced in 3.0.1 with abc299b3a234eb7da1b7e3d257b7eba2da649219 Removed the literal matches logic altogether to avoid similar issues in the future and reduce code complexity. The same logic is performed with the regular expressions logic. | |||||
2015-08-13 | Fix typo in comments | Claudio Galdiolo | 1 | -1/+1 | |
2015-08-07 | [ci skip] Partial patch for #2284 | Andrey Andreev | 1 | -2/+5 | |
The issue description is about update_string(), which I'm not sure if can be fixed at all. This patch only addresses protect_identifiers(). | |||||
2015-08-07 | [ci skip] Start of 3.0.2-dev | Andrey Andreev | 1 | -1/+1 | |
2015-08-07 | Fix #4023 | Andrey Andreev | 1 | -1/+1 | |
Close #4024 | |||||
2015-08-07 | Fix ReDoS-bug in string_helper.php | Kevin Morssink | 1 | -1/+1 | |
Fix for ReDoS (Regular Expression Denial of Service) / Code Injection Risk | |||||
2015-08-05 | Fix #4026 | Andrey Andreev | 1 | -1/+4 | |
2015-08-05 | Reduce once $config['query_toggle_count'] checking | bjjay | 1 | -6/+0 | |
This checking can be done by calling set_sections method when initialize profiler . | |||||
2015-08-05 | Fix #4027 | Andrey Andreev | 1 | -8/+12 | |
2015-08-03 | Fix #4015 | Andrey Andreev | 1 | -1/+2 | |
2015-08-03 | [ci skip] Normalize tabs/spaces | Andrey Andreev | 9 | -18/+18 | |
Partial changes from PR #4016 | |||||
2015-07-31 | Fix #4012 | Andrey Andreev | 1 | -1/+4 | |
2015-07-29 | Fix a 'counter-#3989' bug | Andrey Andreev | 1 | -5/+15 | |
The issue described in #3989 is actually the opposite of what has beent the intended behavior for the parameter in all Query Builder methods. Unfortunately, there's been a huge misunderstanding about that and half the methods worked properly, while the other half did not ... fixing that here. Also related: #4001 | |||||
2015-07-28 | Fix #4005 | Andrey Andreev | 1 | -1/+1 | |
2015-07-27 | Close #4004 | Andrey Andreev | 1 | -1/+3 | |
2015-07-27 | Revert "Fix an internal bug in QB where() escaping" | Andrey Andreev | 1 | -1/+4 | |
This reverts commit 43afc71b777b00cfc2638add6fa3c47d333c5e04. | |||||
2015-07-27 | Revert "Fix #3989" | Andrey Andreev | 1 | -4/+11 | |
This reverts commit e1a94d30e2f30cee36f71c246136fb2db34d25df. | |||||
2015-07-26 | Fix #4000 | Andrey Andreev | 1 | -1/+2 | |
2015-07-24 | Fixed typos | Calvin Tam | 9 | -9/+9 | |
2015-07-23 | Merge pull request #3995 from rajatsharma94/develop | Andrey Andreev | 1 | -1/+1 | |
set_realpath IP check | |||||
2015-07-23 | Update path_helper.php | rajatsharma94 | 1 | -1/+1 | |
2015-07-23 | Security check updated. | rajatsharma94 | 1 | -1/+1 | |
All security check conditions are modified according to CI styleguide. | |||||
2015-07-23 | Update path_helper.php | rajatsharma94 | 1 | -1/+1 | |
2015-07-23 | IP checking false positives and no ipv6 check | rajatsharma94 | 1 | -1/+1 | |
The currently implemented method marks all IPs between 0.0.0.0 - 999.999.999.999 as valid IP Address. Which generates false positives as any IP after 255.255.255.255 is not a valid IP address. Also, there is no check for IPv6 IP addresses. filter_var() solves both the issues. | |||||
2015-07-23 | IP Address checking generates false positives. | medhavini | 1 | -1/+1 | |
IP Address checking marks all IPs between 0.0.0.0 - 999.999.999.999 as valid IP Address. Which is not true. | |||||
2015-07-23 | Fix an issue with CI_Upload max filesize | Andrey Andreev | 1 | -0/+16 | |
Reported via the forums: http://forum.codeigniter.com/thread-62510.html | |||||
2015-07-22 | Remove eval()-related logic from function_exists() | Andrey Andreev | 1 | -13/+3 | |
#3991 shows that all such checks are useless as function_exists('eval') will always return FALSE. | |||||
2015-07-22 | Add class_exists() checks to CI_Loader::model() | Andrey Andreev | 1 | -12/+26 | |
Helps debugging in case of controller/model/library class name collision. |