From 0a6b0661305f20ac1fbd219d43f59193bea90d1d Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Mon, 26 Oct 2015 15:31:38 +0200
Subject: Prevent Host header injections

---
 application/config/config.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'application/config')

diff --git a/application/config/config.php b/application/config/config.php
index 479d591a4..4f8f81406 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -11,10 +11,16 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 |
 |	http://example.com/
 |
-| If this is not set then CodeIgniter will try guess the protocol, domain
-| and path to your installation. However, you should always configure this
-| explicitly and never rely on auto-guessing, especially in production
-| environments.
+| WARNING: You MUST set this value!
+|
+| If it is not set, then CodeIgniter will try guess the protocol and path
+| your installation, but due to security concerns the hostname will be set
+| to $_SERVER['SERVER_ADDR'] if available, or localhost otherwise.
+| The auto-detection mechanism exists only for convenience during
+| development and MUST NOT be used in production!
+|
+| If you need to allow multiple domains, remember that this file is still
+| a PHP script and you can easily do that on your own.
 |
 */
 $config['base_url'] = '';
-- 
cgit v1.2.3-24-g4f1b


From 76d5f881ecd0c70759cbebc9c5c622ef7d716aa8 Mon Sep 17 00:00:00 2001
From: Rafael Schwemmer <rafael.schwemmer@textandbytes.com>
Date: Thu, 5 Nov 2015 22:49:17 +0100
Subject: Added MIME types for JPEG2000

Added all MIME types and file extensions to support JPEG2000 images as
allowed file type.
---
 application/config/mimes.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'application/config')

diff --git a/application/config/mimes.php b/application/config/mimes.php
index 8eff4d2d5..a9b82008f 100644
--- a/application/config/mimes.php
+++ b/application/config/mimes.php
@@ -78,6 +78,14 @@ return array(
 	'jpeg'	=>	array('image/jpeg', 'image/pjpeg'),
 	'jpg'	=>	array('image/jpeg', 'image/pjpeg'),
 	'jpe'	=>	array('image/jpeg', 'image/pjpeg'),
+	'jp2' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'j2k' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpf' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpg2' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpx' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpm' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'mj2' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'mjp2' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
 	'png'	=>	array('image/png',  'image/x-png'),
 	'tiff'	=>	'image/tiff',
 	'tif'	=>	'image/tiff',
-- 
cgit v1.2.3-24-g4f1b


From 871811e81af949c52604eb1df8394c0071dba10c Mon Sep 17 00:00:00 2001
From: Rafael Schwemmer <rafael.schwemmer@textandbytes.com>
Date: Fri, 6 Nov 2015 10:22:00 +0100
Subject: Fixed white-space for JPEG2000 MIME types

Replaced spaces by tabs to be consistent with rest of the code
---
 application/config/mimes.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'application/config')

diff --git a/application/config/mimes.php b/application/config/mimes.php
index a9b82008f..5e43773a8 100644
--- a/application/config/mimes.php
+++ b/application/config/mimes.php
@@ -78,14 +78,14 @@ return array(
 	'jpeg'	=>	array('image/jpeg', 'image/pjpeg'),
 	'jpg'	=>	array('image/jpeg', 'image/pjpeg'),
 	'jpe'	=>	array('image/jpeg', 'image/pjpeg'),
-	'jp2' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
-	'j2k' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
-	'jpf' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
-	'jpg2' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
-	'jpx' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
-	'jpm' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
-	'mj2' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
-	'mjp2' => array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jp2'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'j2k'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpf'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpg2'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpx'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'jpm'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'mj2'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
+	'mjp2'	=>	array('image/jp2', 'video/mj2', 'image/jpx', 'image/jpm'),
 	'png'	=>	array('image/png',  'image/x-png'),
 	'tiff'	=>	'image/tiff',
 	'tif'	=>	'image/tiff',
-- 
cgit v1.2.3-24-g4f1b