summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2007-06-28Modified the include so that there is a bit of filename securitypaulburdick1-1/+1
2007-06-28*Added filename_security() method to Input librarypaulburdick1-0/+50
*Modified the Router so that when Query Strings are Enabled, the controller trigger and function trigger values are sanitized for filename include security.
2007-06-28*Modified the Router so that when Query Strings are Enabled, the controller ↵paulburdick1-3/+4
trigger and function trigger values are sanitized for filename include security.
2007-06-28(no commit message)paulburdick1-4/+13
2007-06-28Improved XSS clean to not allowing this:paulburdick1-4/+12
xss_clean("<x<xss>ss <scr<xss>ipt a='>'>alert/**/('!');//*/</script</script >>");
2007-06-26(no commit message)paulburdick1-1/+1
2007-06-26*Updated the XSS Filtering to take into account the IE expression() abilitypaulburdick1-1/+7
2007-06-24Modified the is_image() method in the Upload library to take into account ↵paulburdick1-5/+16
Windows IE 6/7 eccentricities when dealing with MIMEs
2007-06-24Fixed the do_xss_clean() method so that if file_get_contents returns FALSE, ↵paulburdick1-1/+1
then we return FALSE... Previously, if it did NOT return FALSE we returned FALSE and that is simply idiotic.
2007-06-18typo in commentsDerek Allard1-1/+1
2007-06-14(no commit message)Rick Ellis1-3/+3
2007-06-13(no commit message)Rick Ellis1-1/+1
2007-06-12(no commit message)Rick Ellis1-1/+1
2007-06-12(no commit message)Rick Ellis1-1/+1
2007-06-12(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-7/+43
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-19/+17
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-2/+2
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-11(no commit message)Rick Ellis1-6/+8
2007-06-11(no commit message)Rick Ellis1-4/+4
2007-06-11(no commit message)Rick Ellis1-1/+1
2007-06-09(no commit message)Rick Ellis1-1/+1
2007-06-09(no commit message)Rick Ellis1-10/+23
2007-06-09(no commit message)Rick Ellis3-17/+10
2007-05-24typo fixDerek Allard1-1/+1
2007-05-09typo fixesDerek Allard3-99/+94
2007-05-04Modified XSS Cleaning routine to be more performance friendly and compatible ↵Derek Jones1-8/+47
with PHP 5.2's new PCRE backtrack and recursion limits. - replaced link and image tag javascript sanitization preg_replace()'s with callback functions to avoid excessive backtracks on strings with many links / image tags.
2007-05-02return preg_replace("|^/*(.+?)/*$|", "\\1", $str);Derek Allard1-2/+2
to return trim($str, '/');
2007-05-02$this->base_url = preg_replace("/(.+?)\/*$/", "\\1/", $this->base_url);Derek Allard1-2/+2
changed to $this->base_url = rtrim($this->base_url, '/') .'/';
2007-05-02// Prep the current page - no funny business!Derek Allard1-1/+1
$this->cur_page = preg_replace("/[a-z\-]/", "", $this->cur_page); became // Prep the current page - no funny business! $this->cur_page = (int) $this->cur_page;
2007-05-01fixed a bug in the calendar libraryDerek Allard1-1/+1
2007-04-30added a note about regex and custom routesDerek Allard1-48/+49
2007-04-30fixed bug in outputDerek Allard1-1/+1
2007-04-30fixed a typo in rpcs.php libraryDerek Allard1-1/+1
2007-04-27(no commit message)Rick Ellis1-1/+1
2007-04-27modified _add_data() to be compatible with OS XDerek Jones1-5/+2
(removed CRC and length from end of file stream)
2007-04-27fixed checked = 1 to be checked = checked in array created checkboxesDerek Allard1-0/+6
2007-04-25APPVER replaced by CI_VERSIONDerek Allard2-2/+2
2007-04-24fixed router but that was ignoring the scaffolding route for optimizationDerek Allard1-2/+3
2007-04-15update app_verDerek Allard1-1/+1
2007-04-15update pMachine to EllisLabDerek Allard85-21999/+21999
update copyright year update Code Igniter to CodeIgniter
2007-04-10typo fixDerek Allard1-1/+1
2007-04-07repeater won't return any results if it is set to repeat 0 times.Derek Allard1-153/+153
2007-04-03array to string additionDerek Allard1-202/+212
http://codeigniter.com/forums/viewthread/46994/
2007-03-24passes hostname and not database nowDerek Allard1-452/+452
2007-03-13removed duplicate 'DATE_RFC822'Derek Allard1-565/+564