Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2007-07-12 | added attribute and html entity decode callbacks to xss_clean() | Derek Jones | 1 | -11/+69 | |
2007-07-12 | sacked duplicate and incorrect version of _version()! | Derek Jones | 1 | -13/+0 | |
2007-07-12 | csv_from_result buggy. revert to old function until rewrite | Derek Allard | 1 | -470/+454 | |
2007-07-12 | fixed undefined function in insert_id() of PostgreSQL driver | Derek Jones | 1 | -1/+1 | |
2007-07-12 | removed empty string element from default $autoload['language'] array | Derek Jones | 1 | -1/+1 | |
2007-07-12 | removed $return argument from load() | Derek Jones | 1 | -2/+1 | |
2007-07-12 | further xss_clean() enhancements | Derek Jones | 1 | -30/+67 | |
2007-07-12 | csv_from_result() move robust against data with "," in it. | Derek Allard | 1 | -19/+35 | |
2007-07-12 | added language files to autoload | Derek Allard | 3 | -12/+33 | |
2007-07-12 | fixed quoted-printable in HTML emails, and added htmlspecialchars() to email ↵ | Derek Jones | 1 | -4/+100 | |
debugging output | |||||
2007-07-12 | type cast $key => $val pair in $options array as strings for friendlier ↵ | Derek Jones | 1 | -0/+3 | |
handling of setting options as 'selected' | |||||
2007-07-12 | fixed the plural() and singular() function comments | Derek Jones | 1 | -2/+2 | |
2007-07-11 | adding type casting of $title argument in URL helper functions to a string. ↵ | Derek Jones | 1 | -0/+8 | |
A numeric 0 sent to these functions would evaluate if ($title == '') as TRUE, and type casting seems the more appropriate fix than simply using $title === '', since we're expecting and treating $title as a string. | |||||
2007-07-11 | bugfix for profiler output: POST keys were not being displayed properly, and ↵ | Derek Jones | 1 | -2/+2 | |
queries needed htmlspecialchars() | |||||
2007-07-11 | inflector helper changes to account for words ending in "s" | Derek Allard | 1 | -32/+46 | |
2007-07-11 | fixed log message typo | Derek Allard | 1 | -1/+1 | |
2007-06-28 | Instead of doing file name security for Enable Query Strings, I am using the ↵ | paulburdick | 1 | -6/+5 | |
already existin _filter_uri() | |||||
2007-06-28 | (no commit message) | paulburdick | 2 | -2/+1 | |
2007-06-28 | Modified the include so that there is a bit of filename security | paulburdick | 1 | -1/+1 | |
2007-06-28 | *Added filename_security() method to Input library | paulburdick | 1 | -0/+50 | |
*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security. | |||||
2007-06-28 | *Modified the Router so that when Query Strings are Enabled, the controller ↵ | paulburdick | 1 | -3/+4 | |
trigger and function trigger values are sanitized for filename include security. | |||||
2007-06-28 | (no commit message) | paulburdick | 1 | -4/+13 | |
2007-06-28 | Improved XSS clean to not allowing this: | paulburdick | 1 | -4/+12 | |
xss_clean("<x<xss>ss <scr<xss>ipt a='>'>alert/**/('!');//*/</script</script >>"); | |||||
2007-06-26 | (no commit message) | paulburdick | 1 | -1/+1 | |
2007-06-26 | *Updated the XSS Filtering to take into account the IE expression() ability | paulburdick | 1 | -1/+7 | |
2007-06-24 | Modified the is_image() method in the Upload library to take into account ↵ | paulburdick | 1 | -5/+16 | |
Windows IE 6/7 eccentricities when dealing with MIMEs | |||||
2007-06-24 | Fixed the do_xss_clean() method so that if file_get_contents returns FALSE, ↵ | paulburdick | 1 | -1/+1 | |
then we return FALSE... Previously, if it did NOT return FALSE we returned FALSE and that is simply idiotic. | |||||
2007-06-18 | typo in comments | Derek Allard | 1 | -1/+1 | |
2007-06-14 | (no commit message) | Rick Ellis | 1 | -3/+3 | |
2007-06-13 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-12 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-12 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-12 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -7/+43 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -19/+17 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -2/+2 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -6/+8 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -4/+4 | |
2007-06-11 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-09 | (no commit message) | Rick Ellis | 1 | -1/+1 | |
2007-06-09 | (no commit message) | Rick Ellis | 1 | -10/+23 | |
2007-06-09 | (no commit message) | Rick Ellis | 3 | -17/+10 | |
2007-05-24 | typo fix | Derek Allard | 1 | -1/+1 | |
2007-05-09 | typo fixes | Derek Allard | 3 | -99/+94 | |
2007-05-04 | Modified XSS Cleaning routine to be more performance friendly and compatible ↵ | Derek Jones | 1 | -8/+47 | |
with PHP 5.2's new PCRE backtrack and recursion limits. - replaced link and image tag javascript sanitization preg_replace()'s with callback functions to avoid excessive backtracks on strings with many links / image tags. | |||||
2007-05-02 | return preg_replace("|^/*(.+?)/*$|", "\\1", $str); | Derek Allard | 1 | -2/+2 | |
to return trim($str, '/'); |