Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 11b1e51f8df7a1e47d002a14a76748f6f629f988 / system / core / Input.php
  1. 69fc4fc significant rewrite to Input class by Derek Jones · 15 years ago
  2. c68dfbf fixed EOF code comment file locations by Derek Jones · 15 years ago
  3. b97d21f moving core library files out of libraries into new core folder by Derek Jones · 15 years ago[Renamed from system/libraries/Input.php]
  4. 7f3719f updated copyrights by Derek Jones · 15 years ago
  5. e24f61a added hyphens to allowed characters in GET keys and vals in submitted URLs in xss_clean() by Derek Jones · 15 years ago
  6. 16d40d7 Fixed a case sensitive string replacement, simplified redundant string replacement by Derek Jones · 16 years ago
  7. fc395a1 updated copyrights to 2009 by Derek Jones · 16 years ago
  8. 42b2e17 ... replaced $CFG->item() with config_item() by Derek Jones · 16 years ago
  9. 97707cc replaced $this->config-> with $CFG-> in ip_address() by Derek Jones · 16 years ago
  10. c597228 added proxy_ips config item to whitelist reverse proxy servers to use the HTTP_X_FORWARDED_FOR header safely to determine the visitor's IP address by Derek Jones · 16 years ago
  11. 9959fed improvements to xss_clean() by Derek Jones · 16 years ago
  12. ab0e31f fixed a bug where whitespace would be lost if a string was forced into a character entity e.g. by Derek Jones · 16 years ago
  13. 2067d1a Changing EOL style to LF by Derek Allard · 16 years ago
  14. 85e65f6 Propset eol-style to CRLF by Derek Jones · 16 years ago
  15. 5f02da0 whitespace by Derek Allard · 16 years ago
  16. ff5d13b syntax simplification for testing first character of string by Derek Jones · 16 years ago
  17. dc50e11 added validation of IP segments to make sure they aren't empty, e.g. 127.0..1 by Derek Jones · 16 years ago
  18. 54d3ed6 removed a global by Rick Ellis · 16 years ago
  19. bfbe735 syntax error by Derek Jones · 16 years ago
  20. 98e2532 unset $Version, $Path, and $Domain cookie keys, to prevent Disallowed Key Characters from halting app execution on environments which improperly set these as keys by Derek Jones · 16 years ago
  21. d02b5bf by Rick Ellis · 16 years ago
  22. e0fc57b removed random invisible character (ASCII 194) from HTML and PHP files by Derek Jones · 16 years ago
  23. 0c734b5 added isindex to the list of naughty never allowed tags in xss_clean() by Derek Jones · 16 years ago
  24. 9dee6ec modified regex for image tag sanitization to retain trailing space and closing slash to remain valid XHTML by Derek Jones · 16 years ago
  25. cbde3f0 changed entity standardization to require at least two characters after an ampersand before forcing a semi-colon by Derek Jones · 16 years ago
  26. dd7f4a9 re-included URL encoded characters within _remove_invisible_characters() which were mistakenly pulled out in a previous commit, not released by Derek Jones · 17 years ago
  27. 68d7bd6 changed link and image regex to be more precise in matching tags, reducing false positive matches by Derek Jones · 17 years ago
  28. e8e18fe Changed regex for onfoo event handlers to prevent unwanted matching of text such as locatiON, cONtent, etc. by Derek Jones · 17 years ago
  29. 067e5dd whitespace by Derek Jones · 17 years ago
  30. 40f38f1 simplified regex for _remove_invisible_characters() - since we rawurldecode() the string, there's no need to go looking for url encoded characters here by Derek Jones · 17 years ago
  31. d6c6998 fixed accidental removal of $converted_string in xss_clean() for image comparison by Derek Jones · 17 years ago
  32. fc18b00 added a bit of leeway for images to avoid the more common false-positives that using xss_clean() on image files might trigger by Derek Jones · 17 years ago
  33. 7aae905 Further improvements to xss_clean() by Derek Jones · 17 years ago
  34. d3ee041 Added get_post() to the Input class. Documented get() in the Input class. by Derek Allard · 17 years ago
  35. 7a3b96e picky picky Jones adjusts some syntax by Derek Jones · 17 years ago
  36. c1acb41 a few tweaks for speed by Derek Allard · 17 years ago
  37. 144cb5b simplified and refactored input filtering and retrieval by Derek Jones · 17 years ago
  38. c04f0fc emendation to on* event handler removal by Derek Jones · 17 years ago
  39. 92bb3e6 decided just to kill all on*= event handlers, rather than trying to keep up with (and require users to do the same) with a blacklist. by Derek Jones · 17 years ago
  40. 9f23e7c moved word compacting to a callback for clarity, added a few js event handlers for removal by Derek Jones · 17 years ago
  41. 908ecc6 more complete protection against malformed link tags to protect against hex entities and href=data:url exploits by Derek Jones · 17 years ago
  42. bd08d84 improved security in xss_clean(), added <audio> and <video> tags to naughty HTML tags, and the HTML5 event handlers onerror and onended by Derek Jones · 17 years ago
  43. 245038d addition xss protection against certain data urls, stripping of anything sent with utf-7 encoding by Derek Jones · 17 years ago
  44. 63fc5fe added ability to use xss_clean() to test images, and improved security for vectors particular to the Opera family of browsers by Derek Jones · 17 years ago
  45. 000ab69 Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). You're coming with me, pal! by Derek Jones · 17 years ago
  46. e3332b0 increased security and performance of xss_clean(), added _sanitize_naughty_html() callback and removed "never allowed" items to a class property by Derek Jones · 17 years ago
  47. 0b59f27 Some sweeping syntax changes for consistency: by Derek Jones · 17 years ago
  48. 751506e fixed a misspelling in the Input library of CDATA by Derek Allard · 17 years ago
  49. 15dcf49 removed an ereg from config by Derek Allard · 17 years ago
  50. 53437de Added protection in xss_clean() for GET variables in URLs by Derek Jones · 17 years ago
  51. a3ffbbb Removed closing PHP tags, replaced with a comment block identifying the end of the file by Derek Jones · 17 years ago
  52. c7deac9 Undoing change committed in r1115 by Derek Jones · 17 years ago
  53. 5583e1a removed closing PHP tag from all framework files by Derek Jones · 17 years ago
  54. 7327499 Added get_dir_file_info(), get_file_info(), and get_mime_by_extension() to the File Helper. by Derek Allard · 17 years ago
  55. 0ea06fd * Fixed a bug (#3396) where certain POST variables would cause a PHP warning. by Derek Jones · 17 years ago
  56. ab32a42 changed URL decoding implementation of xss_clean() to use rawurldecode() to discontinue misconversion of characters to bad entities, and to continue avoidance of unwanted removal of + signs by Derek Jones · 17 years ago
  57. d85a11e added CI's global variables to the protected array in_sanitize_globals() by Derek Jones · 17 years ago
  58. 7a9193a replaced www.codeigniter.com with codeigniter.com by Derek Jones · 17 years ago
  59. 3d879d5 ExpressionEngine Dev Team in credit by Derek Allard · 17 years ago
  60. 6838f00 Fixed a typo in the docblock comments that had CodeIgniter spelled CodeIgnitor. by Derek Allard · 17 years ago
  61. 6159d1d Switched from CI super object to $CFG to fetch charset by Derek Jones · 18 years ago
  62. 303c9cb added attribute and html entity decode callbacks to xss_clean() by Derek Jones · 18 years ago
  63. 48bb32a further xss_clean() enhancements by Derek Jones · 18 years ago
  64. 01f0888 by paulburdick · 18 years ago
  65. 763064b *Added filename_security() method to Input library by paulburdick · 18 years ago
  66. 8816aaa by paulburdick · 18 years ago
  67. 391eb03 Improved XSS clean to not allowing this: by paulburdick · 18 years ago
  68. b614d39 by paulburdick · 18 years ago
  69. 033ef02 *Updated the XSS Filtering to take into account the IE expression() ability by paulburdick · 18 years ago
  70. 65e8f0e by Rick Ellis · 18 years ago
  71. 3921314 by Rick Ellis · 18 years ago
  72. ba64893 by Rick Ellis · 18 years ago
  73. e666afc by Rick Ellis · 18 years ago
  74. bb2041d by Rick Ellis · 18 years ago
  75. 01f72ca Modified XSS Cleaning routine to be more performance friendly and compatible with PHP 5.2's new PCRE backtrack and recursion limits. by Derek Jones · 18 years ago
  76. d2df9bc update pMachine to EllisLab by Derek Allard · 18 years ago
  77. 87d1eeb function post() duplicated, changed the second to function get() by Derek Allard · 18 years ago
  78. 112569d by Rick Ellis · 18 years ago
  79. a72b60d removed unescaped variable that could be used in XSS by Derek Allard · 18 years ago
  80. 40a7c68 by paulburdick · 18 years ago
  81. 325197e by Rick Ellis · 18 years ago
  82. afde68a by admin · 18 years ago
  83. e334c47 by admin · 18 years ago
  84. bd6bee7 by admin · 18 years ago
  85. 7099a58 by admin · 18 years ago
  86. 10c3f41 by admin · 18 years ago
  87. 04ea44e by admin · 18 years ago
  88. 2fcd16b by admin · 18 years ago
  89. 33de9a1 by admin · 18 years ago
  90. bc042dd by admin · 18 years ago
  91. b0dd10f Initial Import by admin · 18 years ago