Changed the algorithm used in _reset_post_array() to no longer rely on eval(), plugging an arbitrary script execution hole http://codeigniter.com/bug_tracker/bug/6068/

commit: 63eeae3357b94edfdd5b652fd97fe878403be9f8 [log] [tgz]
author: Derek Jones <derek.jones@ellislab.com> Tue Feb 10 19:08:56 2009 +0000
committer: Derek Jones <derek.jones@ellislab.com> Tue Feb 10 19:08:56 2009 +0000
tree: a02daec6f2111d8ce605bbc00655f7bba0bc1a6d
parent: 0b2145f96b6c05aefb51cccb643d203b83a0d761 [diff] [blame]
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 457db56..63eb75c 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html

@@ -64,6 +64,7 @@
 <ul>
 	<li>Libraries
 		<ul>
+			<li>Fixed an arbitrary script execution security flaw (#6068) in the Form Validation library (thanks to hkk)</li>
 			<li>Changed default current page indicator in the Pagination library to use &lt;strong&gt; instead of &lt;b&gt;</li>
 			<li>A "HTTP/1.1 400 Bad Request" header is now sent when disallowed characters are encountered.</li>
 			<li>Added &lt;big&gt;, &lt;small&gt;, &lt;q&gt;, and &lt;tt&gt; to the Typography parser's inline elements.</li>
commit	63eeae3357b94edfdd5b652fd97fe878403be9f8	[log] [tgz]
author	Derek Jones <derek.jones@ellislab.com>	Tue Feb 10 19:08:56 2009 +0000
committer	Derek Jones <derek.jones@ellislab.com>	Tue Feb 10 19:08:56 2009 +0000
tree	a02daec6f2111d8ce605bbc00655f7bba0bc1a6d
parent	0b2145f96b6c05aefb51cccb643d203b83a0d761 [diff] [blame]