Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,626 Commits 1 Branch 74 Tags
a029eceb9db13a6d4340d98ce65f5bdca6e28f2a
Commit Graph

10 Commits

Author SHA1 Message Date
Matt Pass
a029eceb9d Set session_save_path & fix logout URL 
Some hosts have a loop around issue with no session being available
after a header location redirect
After much research, I've found this is due to some hosts not having a
session save path and it needs to be set using PHP
Setting this means ICEcoder works on those few hosts
Fix to bad URL on logout
 2014-09-29 10:55:46 +01:00
Matt Pass
0d4ca6a483 Final language replacement placeholders 2014-08-21 14:29:11 +01:00
Matt Pass
8ec0d518ad Largely adjusted XSS protection 
Adjusted to match that implemented by Ashar Javed
(https://twitter.com/soaj1664ashar, demo:
http://xssplaygroundforfunandlearn.netai.net/final.html). Was
unbreakable against 78k XSS attempts, so seems very solid
 2014-06-27 11:22:32 +01:00
Matt Pass
a470daf9f5 No need for other chars to be replaced 
Impossible to output an XSS without < or > alone
 2014-05-03 14:13:48 +01:00
Matt Pass
75885aecf5 strClean now replaces javascript: 
htmlentities doesn't cover : and str_replace on : is too vague
regex is case insensitive
 2014-04-26 12:25:12 +01:00
Matt Pass
9a2881cd7b Remove comma 2014-04-24 12:10:17 +01:00
Matt Pass
c88d4f46e3 Rewrite of xssClean function to be neater 2014-04-23 07:41:30 +01:00
Matt Pass
d6a7db8f3e xssClean function added 
Had 4 different contexts, the first 2 alter parts of strings, the last 2
remove those parts
 2014-04-22 08:05:40 +01:00
Matt Pass
6030e9a4ca This is now set, in headers.php 2014-04-18 17:59:27 +01:00
Matt Pass
03c0842ba2 Common settings/functions now in own file 2014-01-11 15:14:04 +00:00