Add CI_Security::get_random_bytes() for CSRF & XSS token generation

commit: 487ccc9c8a21cb6338aab7173b3adda194d29c26 [log] [tgz]
author: Andrey Andreev <narf@devilix.net> Wed Aug 27 16:26:23 2014 +0300
committer: Andrey Andreev <narf@devilix.net> Wed Aug 27 16:26:23 2014 +0300
tree: 1c8661b246337fa71348d687795a8c500f7897b3
parent: d4afe4a074015af109f1ab482f486d71e0b883f4 [diff] [blame]
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 5c233ef..64a7689 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst

@@ -508,9 +508,10 @@
 
    -  :doc:`Security Library <libraries/security>` changes include:
 
-      -  Added method ``strip_image_tags()``.
       -  Added ``$config['csrf_regeneration']``, which makes CSRF token regeneration optional.
       -  Added ``$config['csrf_exclude_uris']``, allowing for exclusion of URIs from the CSRF protection (regular expressions are supported).
+      -  Added method ``strip_image_tags()``.
+      -  Added method ``get_random_bytes()`` and switched CSRF & XSS token generation to use it.
       -  Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list.
       -  Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request.
commit	487ccc9c8a21cb6338aab7173b3adda194d29c26	[log] [tgz]
author	Andrey Andreev <narf@devilix.net>	Wed Aug 27 16:26:23 2014 +0300
committer	Andrey Andreev <narf@devilix.net>	Wed Aug 27 16:26:23 2014 +0300
tree	1c8661b246337fa71348d687795a8c500f7897b3
parent	d4afe4a074015af109f1ab482f486d71e0b883f4 [diff] [blame]