From e2c374fc474f91cc1c04aaae68e15cef6984f494 Mon Sep 17 00:00:00 2001 From: Alexander Hofstede Date: Thu, 17 May 2012 00:28:08 +0200 Subject: Check cookie against md5 regex. Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser. --- user_guide/changelog.html | 1 + 1 file changed, 1 insertion(+) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 613c4e65d..38275955b 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -85,6 +85,7 @@ Change Log
  • Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.
  • Fixed a bug (#538) - Windows paths were ignored when using the Image Manipulation Class to create a new file.
  • Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found.
  • +
  • Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
  • -- cgit v1.2.3-24-g4f1b From c3eb672ed01c57a543dd8cdf1b90eb4001498c19 Mon Sep 17 00:00:00 2001 From: Alexander Hofstede Date: Thu, 17 May 2012 10:48:11 +0200 Subject: Use tab for indent --- user_guide/changelog.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 38275955b..55fbceeaf 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -85,7 +85,7 @@ Change Log
  • Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.
  • Fixed a bug (#538) - Windows paths were ignored when using the Image Manipulation Class to create a new file.
  • Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found.
  • -
  • Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
  • +
  • Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
  • -- cgit v1.2.3-24-g4f1b From be32f2b25c72517c003010eeaae8b46dae19fe3e Mon Sep 17 00:00:00 2001 From: Alexander Hofstede Date: Thu, 17 May 2012 10:51:05 +0200 Subject: Revert "Use tab for indent" This reverts commit c3eb672ed01c57a543dd8cdf1b90eb4001498c19. --- user_guide/changelog.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 55fbceeaf..38275955b 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -85,7 +85,7 @@ Change Log
  • Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.
  • Fixed a bug (#538) - Windows paths were ignored when using the Image Manipulation Class to create a new file.
  • Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found.
  • -
  • Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
  • +
  • Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
  • -- cgit v1.2.3-24-g4f1b From 8f04c69fe65ddc2604425eaee811b50a909d905f Mon Sep 17 00:00:00 2001 From: Alexander Hofstede Date: Thu, 17 May 2012 10:52:44 +0200 Subject: Use tabs for indenting --- user_guide/changelog.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide') diff --git a/user_guide/changelog.html b/user_guide/changelog.html index 38275955b..55fbceeaf 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -85,7 +85,7 @@ Change Log
  • Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.
  • Fixed a bug (#538) - Windows paths were ignored when using the Image Manipulation Class to create a new file.
  • Fixed a bug - When database caching was enabled, $this->db->query() checked the cache before binding variables which resulted in cached queries never being found.
  • -
  • Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
  • +
  • Fixed a bug - CSRF cookie value was allowed to be any (non-empty) string before being written to the output, making code injection a risk.
  • -- cgit v1.2.3-24-g4f1b