Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / fd5fe1a64c03ae7204a7e72d936215f7a61d8c30 / system / core / Security.php
  1. 5afa348 Use PHP7's random_bytes() when possible by Andrey Andreev · 9 years ago
  2. 71b1b3f Harden xss_clean() by Andrey Andreev · 9 years ago
  3. f0f47da Some more intrusive XSS cleaning by Andrey Andreev · 9 years ago
  4. 249580e More XSS stuff by Andrey Andreev · 9 years ago
  5. 4fbf2d1 More XSS stuff by Andrey Andreev · 9 years ago
  6. 088e57d Don't allow open-ended tags to pass through xss_clean() by Andrey Andreev · 9 years ago
  7. 3ceb14a Refactor 'evil attributes' sanitization logic by Andrey Andreev · 9 years ago
  8. e079203 Missing character in the evil attributes pattern by Andrey Andreev · 9 years ago
  9. 1e6d4d6 Another addition to tag detection patterns in xss_clean() by Andrey Andreev · 9 years ago
  10. 2a2578b Add 'eval' to a JS blacklist in xss_clean() by Andrey Andreev · 9 years ago
  11. 70f60d0 Move _remove_evil_attributes() call by Andrey Andreev · 9 years ago
  12. bc78748 Harden xss_clean() more by Andrey Andreev · 9 years ago
  13. 2f71c62 Improve on previous commit by Andrey Andreev · 9 years ago
  14. 58c7bcb Replace the latest XSS patches by Andrey Andreev · 9 years ago
  15. 12023a7 Last commit didn't adjust a RE index by Andrey Andreev · 9 years ago
  16. abc6006 Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 by Andrey Andreev · 9 years ago
  17. 700619c Fix #4106 by Andrey Andreev · 9 years ago
  18. 7881fd1 Fix a Typo by Mohammad Sadegh Dehghan Niri · 10 years ago
  19. 068ab20 Minor fixes in CI_Security::entity_decode() by Andrey Andreev · 10 years ago
  20. aebd039 Add FSCommand and seekSegmentTime to evil HTML attributes list by Andrey Andreev · 10 years ago
  21. af8665d Fix #3572: CI_Security::_remove_evil_attributes() by Andrey Andreev · 10 years ago
  22. 074a214 Fix #3579 by Andrey Andreev · 10 years ago
  23. 325d22d fix typo in comments by Claudio Galdiolo · 10 years ago
  24. 4cbe463 Remove closing blocks at end of PHP files by vlakoff · 10 years ago
  25. 90726b8 [ci skip] Change some log messages' level by Andrey Andreev · 10 years ago
  26. fe9309d Bulk (mostly documentation) update by Andrey Andreev · 10 years ago
  27. 93455e3 Fix E_WARNING in CI_Security::entity_decode() on PHP<5.3.4 by Andrey Andreev · 10 years ago
  28. e11657c Remove trailing newline by Jason Taylor · 10 years ago
  29. bb17798 Fix Issue #3417 by warpcode · 10 years ago
  30. 162b1a9 Fix 'Array to string conversion' notice in CSRF validation by Andrey Andreev · 10 years ago
  31. bdb96ca [ci skip] Switch to MIT license; close #3293 by Andrey Andreev · 10 years ago
  32. 7cc3e99 Update a config_item() use case for the new NULL return value by Andrey Andreev · 10 years ago
  33. d444d44 config_item() to return NULL instead of FALSE for non-existing items by Andrey Andreev · 10 years ago
  34. e4b9cd6 stream_set_chunk_size() requires PHP 5.4 by Andrey Andreev · 10 years ago
  35. b627430 Make sure we don't waste entropy by Andrey Andreev · 10 years ago
  36. f9a615a [ci skip] Remove references to 'PHP5' from comments by Andrey Andreev · 10 years ago
  37. 607d5e2 Fix a defined() check by Andrey Andreev · 10 years ago
  38. a135a18 Fix #3228 by Andrey Andreev · 10 years ago
  39. efe33a2 Fix CI_Security::get_random_bytes() length validation by Andrey Andreev · 10 years ago
  40. 487ccc9 Add CI_Security::get_random_bytes() for CSRF & XSS token generation by Andrey Andreev · 10 years ago
  41. 6c52096 [ci skip] Polish changes from PR #3176 by Andrey Andreev · 10 years ago
  42. 5ac7c77 Alter Pull #3176 to follow discussion by caseyh · 10 years ago
  43. 2f4c3bc CSRF whitelist supports regex by Casey Hancock · 10 years ago
  44. 9b8286c Fix #3123 by Andrey Andreev · 10 years ago
  45. 2761ff4 Add changelog entry for CSRF status code; remove line at EOF by Kyle Valade · 11 years ago
  46. 05fcc09 Return 403 instead of 500 if no CSRF token given by Kyle Valade · 11 years ago
  47. 3820b5a Fixed eof by Graham Campbell · 11 years ago
  48. eb93e73 Fixed typo by Graham Campbell · 11 years ago
  49. 487d1ae Fix #3057 by Andrey Andreev · 11 years ago
  50. 9457841 xss_clean is not protecting GET requests that &item=/startwithslash by Documentopia.com · 11 years ago
  51. 46d2072 More xss_clean() improvements by Andrey Andreev · 11 years ago
  52. ebb3aa0 Another xss_clean() improvement by Andrey Andreev · 11 years ago
  53. e7a2aa0 xss_clean() improvement by Andrey Andreev · 11 years ago
  54. 871754a 2013 > 2014 by darwinel · 11 years ago
  55. 29e1264 CI_Security: URL-decode until possible by Andrey Andreev · 11 years ago
  56. f7f9dca [ci skip] Fix a typo by Andrey Andreev · 11 years ago
  57. 3b9990c CI_Security: Expect a backslash as a tag separator by Andrey Andreev · 11 years ago
  58. a30a717 CI_Security: Filter jscript, wscript, vbs, confirm, prompt the same way as javascript, alert by Andrey Andreev · 11 years ago
  59. 505431a Add <math> to 'naughty' HTML elements by Andrey Andreev · 11 years ago
  60. dbd999f Previous commit caused side effects ... by Andrey Andreev · 11 years ago
  61. b69103e Fix CI_Security::_remove_evil_attributes() being way too aggressive by Andrey Andreev · 11 years ago
  62. adf3bde Re-add 'on\w*' to evil attributes (rel #2667) by Andrey Andreev · 11 years ago
  63. 12445ca Partially fix #2667 by Andrey Andreev · 11 years ago
  64. c53a178 CI_Security: Also add <svg> to 'naughty' HTML elements by Andrey Andreev · 11 years ago
  65. c715b22 CI_Security: Add <select> and <keygen> tags to the list of 'naughty' HTML elements by Andrey Andreev · 11 years ago
  66. ee7633c Fix syntax errors by Andrey Andreev · 11 years ago
  67. 25ca235 CI_Security: Add 'form' and 'xlink:href' to evil attributes by Andrey Andreev · 11 years ago
  68. d98cbb8 Add &newline; and &tab; to CI_Security:: by Andrey Andreev · 11 years ago
  69. c67c3fb CI_Security::_decode_entity() to replace dangerous HTML5 entities by Andrey Andreev · 11 years ago
  70. 4356806 Add <button> to the list of 'naugthy' html elements in CI_Security::xss_clean() by Andrey Andreev · 11 years ago
  71. 4d05716 Fix #2729 by Andrey Andreev · 11 years ago
  72. 99e2f8e Fix #2829 by Andrey Andreev · 11 years ago
  73. 1bbc564 Fix #2268 (manually implementing PR #2269) by Andrey Andreev · 11 years ago
  74. e08411d Eh ... preg_replace() needs a replacement by Andrey Andreev · 11 years ago
  75. 3fa729d Fix issue #2681 (alternative to PR #2690) by Andrey Andreev · 11 years ago
  76. 3a3d5f6 Replace the last rand() with mt_rand() by vlakoff · 11 years ago
  77. 46e77e0 partial fix #2667 by David Cox Jr · 11 years ago
  78. 4495cc7 Rename bad chars property to filename_bad_chars, remove the setter and add changelog entry by Hunter Wu · 11 years ago
  79. a8d6d3b Make the bad filename array public in Security library by Hunter Wu · 11 years ago
  80. 8df3352 Revert "Add windows filename rule as an option for upload files" by Hunter Wu · 11 years ago
  81. 23719ab Add windows filename rule as an option for upload files by Hunter Wu · 11 years ago
  82. 0612756 Some cleanup related to mt_rand() by vlakoff · 12 years ago
  83. 7e55977 Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename() by Andrey Andreev · 12 years ago
  84. 80500af [ci skip] Happy new year by Andrey Andreev · 12 years ago
  85. 72ed4c3 [ci skip] Some micro-optimizations and style changes by Andrey Andreev · 12 years ago
  86. 638a9d2 Replaced spaces with tabs for indentation and || with OR by brian978 · 12 years ago
  87. 0fb1018 Merge remote-tracking branch 'upstream/develop' into develop by brian978 · 12 years ago
  88. 4296a65 update for Issue #2064 (changed docblocks which return $this or only call a method that returns $this to @return CI_DB_class_name) by Andrew Podner · 12 years ago
  89. 07ccbe5 Modified regexp to match partial tags by brian978 · 12 years ago
  90. 6caeaad Removed boundary from regexp by brian978 · 12 years ago
  91. 0a83fcc Fixed bug with regexp that matched tags by brian978 · 12 years ago
  92. f50fc73 All the HEX code must be replaced or else some XSS attacks can be successful by brian978 · 12 years ago
  93. 160c7d1 Added small improvement to the _remove_evil_attributes function by brian978 · 12 years ago
  94. 838a9d6 [ci skip] Cleaned some spaces by Andrey Andreev · 12 years ago
  95. c5536aa Manually apply PR #1594 (fixing phpdoc page-level generation/warnings) by Andrey Andreev · 12 years ago
  96. 6435410 [ci skip] DocBlock improvements for Security library by Andrey Andreev · 12 years ago
  97. f795ab5 [ci skip] Document get_csrf_token_name(), get_csrf_hash() (issue #715) by Andrey Andreev · 12 years ago
  98. 3fb0267 Add is_https() as a common function by Andrey Andreev · 12 years ago
  99. a81f60c Clean up regexes in Security->xss_clean() by vlakoff · 13 years ago
  100. 1a24a9d Fix issue #427 by Andrey Andreev · 13 years ago