summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2016-01-07Add support for MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERTAndrey Andreev1-2/+15
Available since PHP 5.6.16
2016-01-07[ci skip] Add Oracle 12.1 OFFSET support to PDO_OCI as wellAndrey Andreev1-0/+8
Reference: #4279
2016-01-07Merge branch 'feature/oci_offset' into 3.0-stableAndrey Andreev1-0/+8
2016-01-07Fix #4362Andrey Andreev2-2/+8
2016-01-06[ci skip] Add support for OFFSET with Oracle 12cAndrey Andreev1-0/+8
As requested in #4279
2016-01-06Fix #4337Andrey Andreev4-2/+48
2016-01-04Fix #4350Andrey Andreev1-1/+31
2015-12-30Fix #4343Andrey Andreev1-2/+1
2015-12-30Fix #4331Andrey Andreev1-13/+24
2015-12-15Fix logical errors from af849696d43f5c3b68962af1ae5096151a6d9f1aAndrey Andreev3-4/+4
2015-12-15Really fix #4039Andrey Andreev1-1/+1
A typo from 8df6efd402180a6361b4dd619f5535d6c2bed334
2015-12-14Fix version() for Oracle DB driversAndrey Andreev2-2/+29
2015-12-14Close #4313Andrey Andreev1-0/+12
2015-12-14Fix #4312Andrey Andreev1-6/+3
2015-12-12[ci skip] Proper error handling for Sessions on PHP 5Andrey Andreev5-78/+133
This was actually a PHP bug, see https://wiki.php.net/rfc/session.user.return-value Also related: #4039
2015-12-11Fix #4039Andrey Andreev1-0/+6
2015-12-11Fix #4306Andrey Andreev1-1/+1
2015-12-07Merge pull request #4291 from b-kaxa/fix-phpdocAndrey Andreev2-1/+2
[ci skip] phpdoc adjustments in CI_Router and CI_URI
2015-12-03Fix #4283Andrey Andreev1-1/+2
2015-11-24Use PHP7's random_bytes() when possibleAndrey Andreev2-0/+21
Close #4260
2015-11-24[ci skip] Remove some redundant code from DB_forgeAndrey Andreev1-4/+0
2015-11-16[ci skip] Fix #4245Andrey Andreev1-1/+1
2015-11-16Fix #4244Andrey Andreev1-3/+28
2015-11-09Merge pull request #4223 from j0inty/developAndrey Andreev1-1/+4
CI_DB_driver->simple_query() to check initialize() return value
2015-11-09[ci skip] Fix an infinite loop in captcha helperAndrey Andreev1-1/+2
2015-11-09Merge pull request #4217 from natesilva/fix-ipv6-base_urlAndrey Andreev1-1/+10
Build base_url correctly if SERVER_ADDR is IPv6
2015-11-04[ci skip] Fix a false default-fallback bug in set_checkbox(), set_radio()Andrey Andreev1-8/+33
Relevant: #4210
2015-11-04Fix #4212Andrey Andreev1-1/+1
2015-11-04[ci skip] Start of 3.0.4 developmentAndrey Andreev1-1/+1
2015-10-31[ci skip] Update changelog, version & upgrade instructionsAndrey Andreev1-1/+1
2015-10-31Use proper randomness when generating CAPTCHAsAndrey Andreev1-2/+87
2015-10-31Prevent Host header injectionsAndrey Andreev1-4/+2
2015-10-31Harden xss_clean()Andrey Andreev1-27/+39
2015-10-30Fix #4192Andrey Andreev1-5/+8
2015-10-30Fix #3201Andrey Andreev1-1/+6
2015-10-19Fix #4171 and a number of other transaction bugsAndrey Andreev13-354/+162
2015-10-19Fix #4173Andrey Andreev1-1/+7
This reverts commit 7cc6cea2d421862726081a39e932dbceeefcc775 from PR #3968. At the time this seemed logical, but turns out it breaks the ability to create non-PRIMARY composite keys, so ...
2015-10-18Fix #4179Andrey Andreev1-0/+4
2015-10-13[ci skip] Fix #4170Andrey Andreev1-3/+1
2015-10-12[ci skip] This is 3.0.3-devAndrey Andreev1-1/+1
2015-10-12Optimize csv_from_result speed.Ahmad Anbar1-2/+3
2015-10-08[ci skip] Prepare 3.0.2 releaseAndrey Andreev1-1/+1
2015-10-05Some more intrusive XSS cleaningAndrey Andreev1-5/+11
2015-10-05Close #4155Andrey Andreev1-1/+1
2015-10-02More XSS stuffAndrey Andreev1-1/+1
2015-09-29Merge pull request #4126 from zoaked/patch-1Andrey Andreev1-1/+0
Persist config file rules when using FV reset_validation()
2015-09-24Fix #4137Andrey Andreev1-1/+1
2015-09-21More XSS stuffAndrey Andreev1-3/+3
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev1-4/+9
This was a regression caused by the previous commit
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev1-92/+66
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes().