SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for codeigniter2-2.2.6-lp150.1.2.noarch.rpm :

* Thu Dec 17 2015 tuukka.pasanenAATTilmi.fi- Update to version 2.2.6
* Fixes - Fixed an XSS attack vector in Security Library method xss_clean(). - Changed Config Library method base_url() to fallback to ``$_SERVER[\'SERVER_ADDR\']`` in order to avoid Host header injections. - Changed CAPTCHA Helper to try to use the operating system\'s PRNG first. - Fixed a number of XSS attack vectors in Security Library method xss_clean() (thanks to Frans Rosén from Detectify).
* Tue Sep 22 2015 tuukka.pasanenAATTilmi.fi- Version updated to 2.2.4
* Fixes - Fixed an SQL injection vulnerability in Active Record method offset(). - Removed a fallback to mysql_escape_string() in the \'mysql\' database driver (escape_str() method) when there\'s no active database connection.
* Tue Jun 16 2015 tuukka.pasanenAATTilmi.fi- New version 2.2.2. Possible the last 2.2 version that will come
* Fixes
* Too huge to put here check from: - https://github.com/bcit-ci/CodeIgniter/compare/2.2.2...develop-
* Thu Feb 19 2015 tuukka.pasanenAATTilmi.fi- New version 2.2.1 and separare Codeingiter 2.2 and Codeingiter 3.0
* Fixes
* General Changes
* Improved security in xss_clean().
* Updated timezones in Date Helper.
* Bug fixes:
* Fixed a bug (#3094) - CI_Input::_clean_input_data() breaks encrypted session cookies.
* Fixed a bug (#2268) - CI_Security::xss_clean() didn\'t properly match JavaScript events.
* Fixed a bug (#3309) - CI_Security::xss_clean() used an overly-invasive pattern to strip JS event handlers.
* Fixed a bug (#2771) - CI_Security::xss_clean() didn\'t take into account HTML5 entities.
* Fixed a bug (#73) - CI_Security::sanitize_filename() could be tricked by an XSS attack.
* Fixed a bug (#2681) - CI_Security::entity_decode() used the PREG_REPLACE_EVAL flag, which is deprecated since PHP 5.5.
* Fixed a bug (#3302) - Internal function get_config() triggered an E_NOTICE message on PHP 5.6.
* Fixed a bug (#2508) - Config Library didn\'t properly detect if the current request is via HTTPS.
* Fixed a bug (#3314) - SQLSRV Database driver\'s method count_all() didn\'t escape the supplied table name.
* Fixed a bug (#3404) - MySQLi Database driver\'s method escape_str() had a wrong fallback to mysql_escape_string() when there was no active connection.
* Fixed a bug in the Session Library where session ID regeneration occurred during AJAX requests.
  
ICM