Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 209ac23cbe2e0d78c07e3696171db6e6c47f1cf2 / system / libraries / Input.php
  1. cbde3f0 changed entity standardization to require at least two characters after an ampersand before forcing a semi-colon by Derek Jones · 16 years ago
  2. dd7f4a9 re-included URL encoded characters within _remove_invisible_characters() which were mistakenly pulled out in a previous commit, not released by Derek Jones · 17 years ago
  3. 68d7bd6 changed link and image regex to be more precise in matching tags, reducing false positive matches by Derek Jones · 17 years ago
  4. e8e18fe Changed regex for onfoo event handlers to prevent unwanted matching of text such as locatiON, cONtent, etc. by Derek Jones · 17 years ago
  5. 067e5dd whitespace by Derek Jones · 17 years ago
  6. 40f38f1 simplified regex for _remove_invisible_characters() - since we rawurldecode() the string, there's no need to go looking for url encoded characters here by Derek Jones · 17 years ago
  7. d6c6998 fixed accidental removal of $converted_string in xss_clean() for image comparison by Derek Jones · 17 years ago
  8. fc18b00 added a bit of leeway for images to avoid the more common false-positives that using xss_clean() on image files might trigger by Derek Jones · 17 years ago
  9. 7aae905 Further improvements to xss_clean() by Derek Jones · 17 years ago
  10. d3ee041 Added get_post() to the Input class. Documented get() in the Input class. by Derek Allard · 17 years ago
  11. 7a3b96e picky picky Jones adjusts some syntax by Derek Jones · 17 years ago
  12. c1acb41 a few tweaks for speed by Derek Allard · 17 years ago
  13. 144cb5b simplified and refactored input filtering and retrieval by Derek Jones · 17 years ago
  14. c04f0fc emendation to on* event handler removal by Derek Jones · 17 years ago
  15. 92bb3e6 decided just to kill all on*= event handlers, rather than trying to keep up with (and require users to do the same) with a blacklist. by Derek Jones · 17 years ago
  16. 9f23e7c moved word compacting to a callback for clarity, added a few js event handlers for removal by Derek Jones · 17 years ago
  17. 908ecc6 more complete protection against malformed link tags to protect against hex entities and href=data:url exploits by Derek Jones · 17 years ago
  18. bd08d84 improved security in xss_clean(), added <audio> and <video> tags to naughty HTML tags, and the HTML5 event handlers onerror and onended by Derek Jones · 17 years ago
  19. 245038d addition xss protection against certain data urls, stripping of anything sent with utf-7 encoding by Derek Jones · 17 years ago
  20. 63fc5fe added ability to use xss_clean() to test images, and improved security for vectors particular to the Opera family of browsers by Derek Jones · 17 years ago
  21. 000ab69 Hey you! Yeah, you, that other set of hardcoded arrays in xss_clean(). You're coming with me, pal! by Derek Jones · 17 years ago
  22. e3332b0 increased security and performance of xss_clean(), added _sanitize_naughty_html() callback and removed "never allowed" items to a class property by Derek Jones · 17 years ago
  23. 0b59f27 Some sweeping syntax changes for consistency: by Derek Jones · 17 years ago
  24. 751506e fixed a misspelling in the Input library of CDATA by Derek Allard · 17 years ago
  25. 15dcf49 removed an ereg from config by Derek Allard · 17 years ago
  26. 53437de Added protection in xss_clean() for GET variables in URLs by Derek Jones · 17 years ago
  27. a3ffbbb Removed closing PHP tags, replaced with a comment block identifying the end of the file by Derek Jones · 17 years ago
  28. c7deac9 Undoing change committed in r1115 by Derek Jones · 17 years ago
  29. 5583e1a removed closing PHP tag from all framework files by Derek Jones · 17 years ago
  30. 7327499 Added get_dir_file_info(), get_file_info(), and get_mime_by_extension() to the File Helper. by Derek Allard · 17 years ago
  31. 0ea06fd * Fixed a bug (#3396) where certain POST variables would cause a PHP warning. by Derek Jones · 17 years ago
  32. ab32a42 changed URL decoding implementation of xss_clean() to use rawurldecode() to discontinue misconversion of characters to bad entities, and to continue avoidance of unwanted removal of + signs by Derek Jones · 17 years ago
  33. d85a11e added CI's global variables to the protected array in_sanitize_globals() by Derek Jones · 17 years ago
  34. 7a9193a replaced www.codeigniter.com with codeigniter.com by Derek Jones · 17 years ago
  35. 3d879d5 ExpressionEngine Dev Team in credit by Derek Allard · 17 years ago
  36. 6838f00 Fixed a typo in the docblock comments that had CodeIgniter spelled CodeIgnitor. by Derek Allard · 17 years ago
  37. 6159d1d Switched from CI super object to $CFG to fetch charset by Derek Jones · 18 years ago
  38. 303c9cb added attribute and html entity decode callbacks to xss_clean() by Derek Jones · 18 years ago
  39. 48bb32a further xss_clean() enhancements by Derek Jones · 18 years ago
  40. 01f0888 by paulburdick · 18 years ago
  41. 763064b *Added filename_security() method to Input library by paulburdick · 18 years ago
  42. 8816aaa by paulburdick · 18 years ago
  43. 391eb03 Improved XSS clean to not allowing this: by paulburdick · 18 years ago
  44. b614d39 by paulburdick · 18 years ago
  45. 033ef02 *Updated the XSS Filtering to take into account the IE expression() ability by paulburdick · 18 years ago
  46. 65e8f0e by Rick Ellis · 18 years ago
  47. 3921314 by Rick Ellis · 18 years ago
  48. ba64893 by Rick Ellis · 18 years ago
  49. e666afc by Rick Ellis · 18 years ago
  50. bb2041d by Rick Ellis · 18 years ago
  51. 01f72ca Modified XSS Cleaning routine to be more performance friendly and compatible with PHP 5.2's new PCRE backtrack and recursion limits. by Derek Jones · 18 years ago
  52. d2df9bc update pMachine to EllisLab by Derek Allard · 18 years ago
  53. 87d1eeb function post() duplicated, changed the second to function get() by Derek Allard · 18 years ago
  54. 112569d by Rick Ellis · 18 years ago
  55. a72b60d removed unescaped variable that could be used in XSS by Derek Allard · 18 years ago
  56. 40a7c68 by paulburdick · 18 years ago
  57. 325197e by Rick Ellis · 18 years ago
  58. afde68a by admin · 18 years ago
  59. e334c47 by admin · 18 years ago
  60. bd6bee7 by admin · 18 years ago
  61. 7099a58 by admin · 18 years ago
  62. 10c3f41 by admin · 18 years ago
  63. 04ea44e by admin · 18 years ago
  64. 2fcd16b by admin · 18 years ago
  65. 33de9a1 by admin · 18 years ago
  66. bc042dd by admin · 18 years ago
  67. b0dd10f Initial Import by admin · 18 years ago