| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
Fixed a bug where both accept_charset() and accept_lang() improperly parsed headers
if they contained spaces between data separators (which is valid).
Also made is_referral() testable by replacing its static cache var with a class
property and added some more unit tests for the library as a whole.
|
|
- Allow multiple levels of controller directories (supersedes PRs #390, #2439)
- Add support for per-directory 'defaul_controller' and '404_override' (resolves issue #2611; supersedes PR #939)
- Fixed a bug where default_controller was called instead of triggering 404 if the current route is inside a directory
- Removed a few calls from CI_Router to CI_URI that made a necessity for otherwise internal CI_URI methods to be public:
- Removed CI_URI::_fetch_uri_string() and moved its logic into CI_URI::__construct()
- Removed CI_URI::_remove_url_suffix, CI_URI::_explode_segments() and moved their logic into CI_URI::_set_uri_string()
- Removed CI_URI::_reindex_segments() altogether ( doesn't need further manipulation, while is
public anyway and can be properly (and more effectively) replaced on the spot)
|
|
Also did a tiny micro-optimization in the Utf8 class.
|
|
|
|
We only used to check (and not always) if the return value of fwrite() is boolean FALSE,
while it is possible that the otherwise returned bytecount is less than the length of
data that we're trying to write. This allowed incomplete writes over network streams
and possibly a few other edge cases.
|
|
- Initialize and cache the value in the class constructor instead of searching for it every time
- Removed the preg_quote() call from _filter_uri() to allow more fine-tuning from configuration
- Renamed _filter_uri() to filter_uri() - it was public anyway and using it cannot break anything
Related: issue #2799
|
|
attach files by absolute url
|
|
|
|
|
|
|
|
Based on PR #964
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Connor Tumbleson <connor.tumbleson@gmail.com>
|
|
|
|
Requested via issue #109
Supersedes PR #241
|
|
|
|
Calendar Updates
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Based on PR #970
|
|
pattern for Opera
Input comes from a configuration file that is barely touched by anyone
and the default values only contain letters, so it is safe to not
quote them.
This enables us to add a more advanced pattern in config/user_agents.php
for Opera 10+, which ... quote:
Opera/9.80 is hard coded at the beginning of the user agent string because of broken browser sniffing scripts which detect 'Opera/10' and above as Opera 1.
(reference: http://my.opera.com/community/openweb/idopera/)
Instead, latests versions of Opera append ' Version/<version number>'
to the end of the user agent string.
Fixes issue #555 (incorrect browser detection for Opera)
|
|
|
|
|
|
|
|
|
|
The 'mysql' PHP extension is notorious for it's problems and is deprecated as of PHP 5.5.
The other ones are dropped from PHP 5.3.
|
|
Added ['standardize_newlines']
Also altered the Session cookie driver, which experienced issues with this
feature due to it's HMAC verification failing after the Input class alters
newlines in non-encrypted session cookies.
Supersedes PR #2470
|
|
When ['global_xss_filtering'] was turned on, the , , &
superglobals were automatically overwritten. This resulted in one of the following problems:
- xss_clean() being called twice
- Inability to retrieve the original (not filtered) value
XSS filtering is now only applied on demand by the Input class, and the default value for
the parameter in CI_Input methods is changed to NULL. Unless a boolean value is
passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering']
value.
|
|
|
|
CI_Input::_clean_input_data() assumed that all input data is URL-encoded while sanitizing it.
However, PHP already performs URL-decoding on it, so this is either redudant or overly
intrusive as it resulted in many, many reports of data containing '%' followed by 1 numeric
characters being essentially destroyed.
Supersedes PR #1229
|
|
|
|
|
|
|
|
Supersedes PR #1497
|
|
Supersedes PR #884
|
|
When trying to load rules from a configuration file, the Form validation library matched against
ruri_string() as opposed to 'controller/method' like described in the manual. Since ruri_string()
also makes sense, now both are being checked with ruri_string() having a higher precedence.
Supersedes PR #2224
|
|
Requested in issue #2165
Supersedes PR #2319
|
|
|
