Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2017-01-17 | [ci skip] Merge pull request #4986 from ka7/feature/spelling | Andrey Andreev | 1 | -1/+1 | |
Spelling fixes in comment blocks and docs | |||||
2017-01-10 | Add a testcase and changelog entry for #4975 | Andrey Andreev | 1 | -2/+4 | |
2017-01-04 | Fix an XSS vulnerability | Andrey Andreev | 1 | -0/+5 | |
2016-12-08 | Merge pull request #4932 from rhynodesigns/patch-1 | Andrey Andreev | 1 | -2/+2 | |
[ci skip] Fix a comment typo in unit tests | |||||
2016-11-23 | Fix #4917 | Andrey Andreev | 1 | -0/+8 | |
2016-09-27 | Fix entity_decode() issue | Andrey Andreev | 1 | -0/+6 | |
2016-08-22 | Skip mcrypt-related testcases on PHP 7.1 | Andrey Andreev | 2 | -2/+14 | |
ext/mcrypt is deprecated and the test cases in question trigger E_DEPRECATED messages as a result. | |||||
2016-08-10 | Add changelog entry and a test case for #4758 | Andrey Andreev | 1 | -0/+3 | |
2016-08-10 | Use getMockBuilder() in PHPUnit instead of the deprecated getMock() | Andrey Andreev | 8 | -17/+17 | |
2016-07-28 | Remove dead code written for PHP 5.2 | Andrey Andreev | 5 | -231/+4 | |
2016-07-25 | Merge pull request #4725 from tianhe1986/develop_url_encode_case_insensitive | Andrey Andreev | 1 | -0/+12 | |
Fix remove_invisible_characters() for URL-encoded characters in upper case | |||||
2016-07-19 | Fix #4679 | Andrey Andreev | 1 | -0/+6 | |
2016-05-25 | Fix #4639 | Andrey Andreev | 1 | -2/+13 | |
Really fix #4633 | |||||
2016-05-20 | Merge pull request #4638 from kasimtan/phpdoc_fixes | Andrey Andreev | 5 | -5/+0 | |
[ci skip] Fixed PHPDoc parameter name and type discrepancies | |||||
2016-05-17 | Fix #4633 | Andrey Andreev | 1 | -1/+1 | |
2016-04-28 | Fix #4605 | Andrey Andreev | 1 | -0/+2 | |
2016-03-12 | Fix #4516 | Andrey Andreev | 1 | -0/+10 | |
2016-03-07 | Fix #4475 | Andrey Andreev | 1 | -2/+4 | |
2016-02-11 | Skip CI_Log tests on PHP 5.2 | Andrey Andreev | 1 | -1/+10 | |
We still run those (with failures enabled) and that test breaks them | |||||
2016-02-11 | Fix #4449 | Andrey Andreev | 1 | -2/+25 | |
2016-02-09 | [ci skip] Whitespace | Andrey Andreev | 1 | -1/+1 | |
2016-02-09 | Add CI_Log test cases | Andrey Andreev | 1 | -0/+64 | |
2016-02-05 | Fix another regression caused by 805eddaefd9503b5dbbd924bd6da66e29c4768f3 | Andrey Andreev | 1 | -0/+20 | |
Also added a unit test for #4431 | |||||
2016-01-30 | Fix #4415 and add unit tests for https://bugs.php.net/bug.php?id=51192 | Andrey Andreev | 1 | -0/+7 | |
2016-01-11 | Alter a valid URL test | Andrey Andreev | 1 | -1/+1 | |
2015-11-09 | Merge pull request #4225 from zhanghongyi/loader-test | Andrey Andreev | 1 | -4/+25 | |
Improve Loader test cases for libraries | |||||
2015-10-31 | Prevent Host header injections | Andrey Andreev | 1 | -30/+17 | |
2015-10-31 | Harden xss_clean() | Andrey Andreev | 1 | -15/+20 | |
2015-10-30 | Fix #3201 | Andrey Andreev | 1 | -0/+5 | |
2015-10-05 | Some more intrusive XSS cleaning | Andrey Andreev | 1 | -2/+7 | |
2015-10-02 | More XSS stuff | Andrey Andreev | 1 | -1/+6 | |
2015-09-28 | Merge pull request #4125 from jim-parry/fix/lang_test | Andrey Andreev | 1 | -5/+17 | |
Improve CI_Lang tests | |||||
2015-09-21 | More XSS stuff | Andrey Andreev | 1 | -0/+16 | |
2015-09-17 | Don't allow open-ended tags to pass through xss_clean() | Andrey Andreev | 1 | -0/+1 | |
This was a regression caused by the previous commit | |||||
2015-09-17 | Refactor 'evil attributes' sanitization logic | Andrey Andreev | 1 | -23/+34 | |
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes(). | |||||
2015-09-14 | Another addition to tag detection patterns in xss_clean() | Andrey Andreev | 1 | -0/+5 | |
2015-09-14 | Move _remove_evil_attributes() call | Andrey Andreev | 1 | -0/+14 | |
2015-09-11 | Harden xss_clean() more | Andrey Andreev | 1 | -2/+7 | |
This time eliminate false positives for the 'naughty html' logic. | |||||
2015-09-11 | Improve on previous commit | Andrey Andreev | 1 | -0/+5 | |
2015-09-11 | Replace the latest XSS patches | Andrey Andreev | 1 | -1/+6 | |
This one fixes yet another issue, is cleaner and faster. | |||||
2015-09-10 | Last commit didn't adjust a RE index | Andrey Andreev | 1 | -0/+5 | |
2015-09-10 | Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -4/+4 | |
2015-09-10 | Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -1/+1 | |
2015-09-10 | Fix #4106 | Andrey Andreev | 1 | -0/+8 | |
2015-09-01 | Fix #4093 | Andrey Andreev | 1 | -0/+8 | |
2015-08-03 | [ci skip] Normalize tabs/spaces | Andrey Andreev | 3 | -7/+8 | |
Partial changes from PR #4016 | |||||
2015-07-22 | Fix testcases broken by b63dc1904e4f34cb48d7dce80155172c6e94d777 | Andrey Andreev | 1 | -2/+2 | |
2015-07-20 | Fixed typo | Calvin Tam | 1 | -1/+1 | |
2015-04-14 | Add test for email address with subdomain | Brett Santore | 1 | -0/+1 | |
2015-04-01 | [ci skip] Whitespace cleanup following PR #3716 | Andrey Andreev | 1 | -29/+29 | |