From aeb2c3e532e78be9ac78ba6fd4a305b7be31d2ab Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sun, 21 Aug 2011 16:14:54 +0100 Subject: Added new config parameter "csrf_exclude_uris" which allows for URIs to be whitelisted from CSRF verification. Fixes #149 --- application/config/config.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'application/config') diff --git a/application/config/config.php b/application/config/config.php index 1ec65435e..b64b11669 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -292,11 +292,13 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_token_name' = The token name | 'csrf_cookie_name' = The cookie name | 'csrf_expire' = The number in seconds the token should expire. +| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ $config['csrf_protection'] = FALSE; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; +$config['csrf_exclude_uris'] = array(); /* |-------------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 17e7b44e4b67e8d36ef6a0f8f08c2751fce3b55b Mon Sep 17 00:00:00 2001 From: Kevin Hoogheem Date: Tue, 23 Aug 2011 22:48:48 -0500 Subject: MIME Type Adds/Changes Updated MIME Types with certs and new audio/video files as well as added extra types for some existing files. --- application/config/mimes.php | 50 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 8 deletions(-) (limited to 'application/config') diff --git a/application/config/mimes.php b/application/config/mimes.php index 82767d7c8..be9a67842 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -8,10 +8,10 @@ | */ -$mimes = array( 'hqx' => 'application/mac-binhex40', +$mimes = array( 'hqx' => array('application/mac-binhex40', 'application/mac-binhex', 'application/x-binhex40', 'application/x-mac-binhex40'), 'cpt' => 'application/mac-compactpro', 'csv' => array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel'), - 'bin' => 'application/macbinary', + 'bin' => array('application/macbinary', 'application/mac-binary', 'application/octet-stream', 'application/x-binary', 'application/x-macbinary'), 'dms' => 'application/octet-stream', 'lha' => 'application/octet-stream', 'lzh' => 'application/octet-stream', @@ -39,6 +39,7 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'dvi' => 'application/x-dvi', 'gtar' => 'application/x-gtar', 'gz' => 'application/x-gzip', + 'gzip' => 'application/x-gzip', 'php' => 'application/x-httpd-php', 'php4' => 'application/x-httpd-php', 'php3' => 'application/x-httpd-php', @@ -51,14 +52,14 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'tgz' => array('application/x-tar', 'application/x-gzip-compressed'), 'xhtml' => 'application/xhtml+xml', 'xht' => 'application/xhtml+xml', - 'zip' => array('application/x-zip', 'application/zip', 'application/x-zip-compressed'), + 'zip' => array('application/x-zip', 'application/zip', 'application/x-zip-compressed'), 'mid' => 'audio/midi', 'midi' => 'audio/midi', 'mpga' => 'audio/mpeg', 'mp2' => 'audio/mpeg', 'mp3' => array('audio/mpeg', 'audio/mpg', 'audio/mpeg3', 'audio/mp3'), - 'aif' => 'audio/x-aiff', - 'aiff' => 'audio/x-aiff', + 'aif' => array('audio/x-aiff', 'audio/aiff'), + 'aiff' => array('audio/x-aiff', 'audio/aiff'), 'aifc' => 'audio/x-aiff', 'ram' => 'audio/x-pn-realaudio', 'rm' => 'audio/x-pn-realaudio', @@ -66,7 +67,7 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'ra' => 'audio/x-realaudio', 'rv' => 'video/vnd.rn-realvideo', 'wav' => 'audio/x-wav', - 'bmp' => 'image/bmp', + 'bmp' => array('image/bmp', 'image/x-windows-bmp'), 'gif' => 'image/gif', 'jpeg' => array('image/jpeg', 'image/pjpeg'), 'jpg' => array('image/jpeg', 'image/pjpeg'), @@ -90,7 +91,7 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'mpe' => 'video/mpeg', 'qt' => 'video/quicktime', 'mov' => 'video/quicktime', - 'avi' => 'video/x-msvideo', + 'avi' => array('video/x-msvideo', 'video/msvideo', 'video/avi', 'application/x-troff-msvideo'), 'movie' => 'video/x-sgi-movie', 'doc' => 'application/msword', 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', @@ -98,7 +99,40 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'word' => array('application/msword', 'application/octet-stream'), 'xl' => 'application/excel', 'eml' => 'message/rfc822', - 'json' => array('application/json', 'text/json') + 'json' => array('application/json', 'text/json'), + 'pem' => array('application/x-x509-user-cert', 'application/x-pem-file', 'application/octet-stream'), + 'p10' => array('application/x-pkcs10', 'application/pkcs10'), + 'p12' => 'application/x-pkcs12', + 'p7a' => 'application/x-pkcs7-signature', + 'p7c' => array('application/pkcs7-mime', 'application/x-pkcs7-mime'), + 'p7m' => array('application/pkcs7-mime', 'application/x-pkcs7-mime'), + 'p7r' => 'application/x-pkcs7-certreqresp', + 'p7s' => 'application/pkcs7-signature', + 'crt' => array('application/x-x509-ca-cert', 'application/x-x509-user-cert', 'application/pkix-cert'), + 'crl' => array('application/pkix-crl', 'application/pkcs-crl'), + 'der' => 'application/x-x509-ca-cert', + 'kdb' => 'application/octet-stream', + 'pgp' => 'application/pgp', + 'gpg' => 'application/gpg-keys', + 'sst' => 'application/octet-stream', + 'csr' => 'application/octet-stream', + 'rsa' => 'application/x-pkcs7', + 'cer' => array('application/pkix-cert', 'application/x-x509-ca-cert'), + '3g2' => 'video/3gpp2', + '3gp' => 'video/3gp', + 'mp4' => 'video/mp4', + 'm4a' => 'audio/x-m4a', + 'f4v' => 'video/mp4', + 'aac' => 'audio/x-acc', + 'm4u' => 'application/vnd.mpegurl', + 'm3u' => 'text/plain', + 'xspf' => 'application/xspf+xml', + 'vlc' => 'application/videolan', + 'wmv' => 'video/x-ms-wmv', + 'au' => 'audio/x-au', + 'ac3' => 'audio/ac3', + 'flac' => 'audio/x-flac', + 'ogg' => 'audio/ogg', ); -- cgit v1.2.3-24-g4f1b From eddd10786c2777e5601f4c9dcfbd9e5d089bbe42 Mon Sep 17 00:00:00 2001 From: Kevin Hoogheem Date: Wed, 24 Aug 2011 07:59:36 -0500 Subject: whitespace updates per Phil updating some whitespace issues --- application/config/mimes.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'application/config') diff --git a/application/config/mimes.php b/application/config/mimes.php index be9a67842..90a1d18bb 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -8,7 +8,7 @@ | */ -$mimes = array( 'hqx' => array('application/mac-binhex40', 'application/mac-binhex', 'application/x-binhex40', 'application/x-mac-binhex40'), +$mimes = array('hqx' => array('application/mac-binhex40', 'application/mac-binhex', 'application/x-binhex40', 'application/x-mac-binhex40'), 'cpt' => 'application/mac-compactpro', 'csv' => array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel'), 'bin' => array('application/macbinary', 'application/mac-binary', 'application/octet-stream', 'application/x-binary', 'application/x-macbinary'), @@ -39,7 +39,7 @@ $mimes = array( 'hqx' => array('application/mac-binhex40', 'application/m 'dvi' => 'application/x-dvi', 'gtar' => 'application/x-gtar', 'gz' => 'application/x-gzip', - 'gzip' => 'application/x-gzip', + 'gzip' => 'application/x-gzip', 'php' => 'application/x-httpd-php', 'php4' => 'application/x-httpd-php', 'php3' => 'application/x-httpd-php', @@ -52,7 +52,7 @@ $mimes = array( 'hqx' => array('application/mac-binhex40', 'application/m 'tgz' => array('application/x-tar', 'application/x-gzip-compressed'), 'xhtml' => 'application/xhtml+xml', 'xht' => 'application/xhtml+xml', - 'zip' => array('application/x-zip', 'application/zip', 'application/x-zip-compressed'), + 'zip' => array('application/x-zip', 'application/zip', 'application/x-zip-compressed'), 'mid' => 'audio/midi', 'midi' => 'audio/midi', 'mpga' => 'audio/mpeg', @@ -99,8 +99,8 @@ $mimes = array( 'hqx' => array('application/mac-binhex40', 'application/m 'word' => array('application/msword', 'application/octet-stream'), 'xl' => 'application/excel', 'eml' => 'message/rfc822', - 'json' => array('application/json', 'text/json'), - 'pem' => array('application/x-x509-user-cert', 'application/x-pem-file', 'application/octet-stream'), + 'json' => array('application/json', 'text/json'), + 'pem' => array('application/x-x509-user-cert', 'application/x-pem-file', 'application/octet-stream'), 'p10' => array('application/x-pkcs10', 'application/pkcs10'), 'p12' => 'application/x-pkcs12', 'p7a' => 'application/x-pkcs7-signature', -- cgit v1.2.3-24-g4f1b From d720af7ce5539c0c5f1a604358a96bcf54af80fd Mon Sep 17 00:00:00 2001 From: Bruno Bierbaumer Date: Sat, 27 Aug 2011 16:13:14 +0200 Subject: add Android user agent --- application/config/user_agents.php | 1 + 1 file changed, 1 insertion(+) (limited to 'application/config') diff --git a/application/config/user_agents.php b/application/config/user_agents.php index e2d3c3af0..4746f2fcd 100644 --- a/application/config/user_agents.php +++ b/application/config/user_agents.php @@ -126,6 +126,7 @@ $mobiles = array( 'sendo' => "Sendo", // Operating Systems + 'android' => "Android", 'symbian' => "Symbian", 'SymbianOS' => "SymbianOS", 'elaine' => "Palm", -- cgit v1.2.3-24-g4f1b From 8cc0cfe1ab1e10aad71d14e0b43e05444c00693d Mon Sep 17 00:00:00 2001 From: freewil Date: Sat, 27 Aug 2011 21:53:00 -0400 Subject: always use charset config item --- application/config/config.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'application/config') diff --git a/application/config/config.php b/application/config/config.php index 880393c29..a6d10d8dc 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -79,6 +79,8 @@ $config['language'] = 'english'; | This determines which character set is used by default in various methods | that require a character set to be provided. | +| See http://php.net/htmlspecialchars for a list of supported charsets. +| */ $config['charset'] = 'UTF-8'; -- cgit v1.2.3-24-g4f1b