summaryrefslogtreecommitdiffstats
path: root/system
AgeCommit message (Collapse)AuthorFilesLines
2014-01-28Fix #2845Andrey Andreev1-1/+1
2014-01-28Fix #2844Andrey Andreev1-1/+1
2014-01-25Add <math> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-25Previous commit caused side effects ...Andrey Andreev1-2/+2
2014-01-25Fix CI_Security::_remove_evil_attributes() being way too aggressiveAndrey Andreev1-2/+2
2014-01-25Re-add 'on\w*' to evil attributes (rel #2667)Andrey Andreev1-2/+1
2014-01-25Partially fix #2667Andrey Andreev1-2/+8
2014-01-24[ci skip] Add a link to PHP bug 54709 in is_really_writable()'s docblockAndrey Andreev1-0/+1
2014-01-24CI_Security: Also add <svg> to 'naughty' HTML elementsAndrey Andreev1-1/+1
2014-01-24CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML ↵Andrey Andreev1-1/+1
elements
2014-01-24Fix syntax errorsAndrey Andreev1-2/+2
2014-01-24CI_Security: Add 'form' and 'xlink:href' to evil attributesAndrey Andreev1-1/+1
2014-01-24Add &newline; and &tab; to CI_Security::Andrey Andreev1-1/+3
2014-01-24Righting a wrong in the Session libraryAndrey Andreev2-41/+50
- Change userdata(), flashdata(), tempdata() to return all the respective data when no parameter is passed. - Revert the addition of all_flashdata(). - Deprecate all_userdata(). - Fix related changelog entries that were all inconsistent.
2014-01-24[ci skip] AND -> &&Andrey Andreev1-1/+1
2014-01-23Fix #2836Andrey Andreev1-1/+1
2014-01-22CI_Security::_decode_entity() to replace dangerous HTML5 entitiesAndrey Andreev1-1/+19
Related to issue #2771
2014-01-21Add <button> to the list of 'naugthy' html elements in CI_Security::xss_clean()Andrey Andreev1-2/+2
2014-01-21Merge branch 'feature/dbforge_table_attributes' into developAndrey Andreev4-23/+103
2014-01-21SQLSRV improvementsAndrey Andreev2-3/+66
Mainly for performance (issue #2474), but also added a 'scrollable' configuration flag and auto-detection for SQLSRV_CURSOR_CLIENT_BUFFERED (only available since SQLSRV 3).
2014-01-20Add support for optional table attributes to CI_DB_forge::create_table()Andrey Andreev4-23/+103
Supersedes PRs #989, #2776 Related issue: #41
2014-01-20Fix #2729Andrey Andreev1-2/+3
2014-01-20Fix #2737Andrey Andreev1-21/+27
2014-01-20Merge branch 'develop' into feature/output_compressed_cacheAndrey Andreev1-4/+4
2014-01-18Fix #2829Andrey Andreev1-4/+4
2014-01-18Merge branch 'develop' into feature/output_compressed_cacheAndrey Andreev1-1/+1
2014-01-18Fix 2 Router-related errorsAndrey Andreev1-1/+1
2014-01-18Merge branch 'develop' into feature/output_compressed_cacheAndrey Andreev1-0/+3
2014-01-18Fix CI_URI:: not being properly indexedAndrey Andreev1-0/+3
2014-01-18Merge branch 'develop' into feature/output_compressed_cacheAndrey Andreev7-364/+309
2014-01-18Fix #2825Andrey Andreev1-1/+1
2014-01-18Fix #2827Andrey Andreev1-1/+1
2014-01-17Merge branch 'feature/uri_routing_overhaul' into 'develop'Andrey Andreev3-352/+283
2014-01-17Add autoloading library aliasing support (supersedes PR #2824)Andrey Andreev1-2/+9
2014-01-17Minor changes related to CI_User_agentAndrey Andreev1-8/+15
Fixed a bug where both accept_charset() and accept_lang() improperly parsed headers if they contained spaces between data separators (which is valid). Also made is_referral() testable by replacing its static cache var with a class property and added some more unit tests for the library as a whole.
2014-01-16URI Routing overhaulAndrey Andreev3-352/+283
- Allow multiple levels of controller directories (supersedes PRs #390, #2439) - Add support for per-directory 'defaul_controller' and '404_override' (resolves issue #2611; supersedes PR #939) - Fixed a bug where default_controller was called instead of triggering 404 if the current route is inside a directory - Removed a few calls from CI_Router to CI_URI that made a necessity for otherwise internal CI_URI methods to be public: - Removed CI_URI::_fetch_uri_string() and moved its logic into CI_URI::__construct() - Removed CI_URI::_remove_url_suffix, CI_URI::_explode_segments() and moved their logic into CI_URI::_set_uri_string() - Removed CI_URI::_reindex_segments() altogether ( doesn't need further manipulation, while is public anyway and can be properly (and more effectively) replaced on the spot)
2014-01-15Fix #2799 by adding conditional PCRE UTF-8 support to CI_URI::filter_uri()Andrey Andreev2-2/+2
Also did a tiny micro-optimization in the Utf8 class.
2014-01-15Merge changes from developAndrey Andreev9-101/+183
2014-01-15Fix #2822: Incorrect usage of fwrite()Andrey Andreev6-21/+80
We only used to check (and not always) if the return value of fwrite() is boolean FALSE, while it is possible that the otherwise returned bytecount is less than the length of data that we're trying to write. This allowed incomplete writes over network streams and possibly a few other edge cases.
2014-01-15CI_URI changes related to the 'permitted_uri_chars' settingAndrey Andreev2-15/+26
- Initialize and cache the value in the class constructor instead of searching for it every time - Removed the preg_quote() call from _filter_uri() to allow more fine-tuning from configuration - Renamed _filter_uri() to filter_uri() - it was public anyway and using it cannot break anything Related: issue #2799
2014-01-15Fix incorrect checks for the fwrite() return valueAndrey Andreev3-3/+3
! fwrite() could trigger false-positives as it is possible for it to return 0 instead of boolean FALSE. (issue #2822) Also removed an unnecessary log level check that caused an extra space to be inserted for the INFO level. (proposed in PR #2821)
2014-01-12Merge pull request #2808 from melounek/filename_as_urlAndrey Andreev1-9/+9
attach files by absolute url
2014-01-10Finally get rid of the CI_Router::_set_overrides() callsAndrey Andreev2-38/+23
2014-01-10condition repair and commentsPetr Heralecky1-3/+3
2014-01-10rename src to filePetr Heralecky1-9/+9
2014-01-10attach files by absolute urlPetr Heralecky1-10/+10
2014-01-10Use config_item() in CI_Output::__construct()Andrey Andreev1-3/+1
2014-01-10Compress output before storing it to cache, if output compression is enabledAndrey Andreev1-20/+62
Based on PR #964
2014-01-10Further changes related to PR #2807Andrey Andreev1-11/+12
2014-01-10variable repairPetr Heralecky1-2/+2