Kohana v2.x - Activity - Kohana Development

Activity

From 03/03/2010 to 04/01/2010

04/01/2010

11:58 pm Feature Request #2605 (Closed): event core docs: Parnell Springmeyer
11:54 pm Revision 4846: Fixing #2605: Parnell Springmeyer
09:43 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: For my own curiosity, what are you using on the kohanaphp site? Hopefully it isn't the html purifier causing the xss... Rasmus Lerdorf
09:03 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: i think xss_clean should only support html purifier, and if it's called w/o html purifier found in the vendor directo... Ben Rogers
08:59 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: Not entirely related, but perhaps symptomatic. Try this URL with IE6/IE7 or IE8 with the built-in XSS prevention dis... Rasmus Lerdorf
07:00 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: Why does your default xss handling code have to be "filtering"? The default xss handling should be secure. That is ... Rasmus Lerdorf
06:53 pm Bug Report #2766 (Feedback): xss_clean() doesn't handle attribute injection: I agree that blacklisting is error prone, however replacing it with html::chars() doesn't make any sense to me. Encod... Isaiah DeRose-Wilson
06:37 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: I think there is a strong argument for making html::chars() the default. You want to make the default case the most ... Rasmus Lerdorf
06:21 pm Bug Report #2766 (Closed): xss_clean() doesn't handle attribute injection: Isaiah DeRose-Wilson
06:07 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: I agree that using html::chars() (a wrapper for htmlspecialchars()) is a much better solution when you don't want the... Isaiah DeRose-Wilson
05:33 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: If I could make a suggestion for a future version. Do not mix your default XSS prevention with html subset validatio... Rasmus Lerdorf
05:00 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: It's not so much whether I am confused or not. Someone using your framework in a high-profile application got this w... Rasmus Lerdorf
04:45 pm Bug Report #2766 (Assigned): xss_clean() doesn't handle attribute injection: Isaiah DeRose-Wilson
04:20 pm Bug Report #2766: xss_clean() doesn't handle attribute injection: I tested your example in 2.4 and Kohana correctly removes the onmouseover alert(). However, it sounds like you misund... Isaiah DeRose-Wilson
05:53 am Bug Report #2766 (Assigned): xss_clean() doesn't handle attribute injection: Helped a company the other day track down an XSS issue. It was caused by the fact that the xss_clean() method does n... Rasmus Lerdorf

03/31/2010

10:49 pm Revision 4845: Oops!: Parnell Springmeyer
10:47 pm Feature Request #2589 (Closed): file helper docs: Parnell Springmeyer
10:45 pm Revision 4844: Fixing #2589: Parnell Springmeyer
09:54 pm Feature Request #2601 (Closed): utf8 helper docs: Applied in changeset r4843. Ben Rogers
09:54 pm Revision 4843: fixing #2601: Ben Rogers
09:13 pm Bug Report #2765 (Closed): file::split() output_dir attribute is not honored: Parnell Springmeyer
08:38 pm Revision 4842: Half way done with these docs... Committing them so I can finish them: up on my other machine. Parnell Springmeyer
07:40 pm Bug Report #2765 (Closed): file::split() output_dir attribute is not honored: The method split() in the file helper is completely ignored in the writing of file chunks. Parnell Springmeyer
07:03 pm Feature Request #2589 (Review): file helper docs: Reformatting and cleaning up comments... Parnell Springmeyer
06:57 pm Feature Request #2599 (Closed): upload helper docs: Applied in changeset r4841. Parnell Springmeyer
06:56 pm Revision 4841: Fixing #2599: Parnell Springmeyer

03/30/2010

10:07 pm Feature Request #2593 (Closed): inflector helper docs: Okay... NOW it is done. Parnell Springmeyer
10:05 pm Revision 4840: Finishing and cleaning docs/examples.: Parnell Springmeyer
09:28 pm Feature Request #2597 (Closed): security helper docs: Parnell Springmeyer
09:27 pm Feature Request #2593 (Review): inflector helper docs: Oops! Meant to close the security helper doc ticket. Parnell Springmeyer
09:26 pm Feature Request #2593 (Closed): inflector helper docs: Parnell Springmeyer
08:07 pm Feature Request #2590 (Closed): form helper docs: Applied in changeset r4839. Parnell Springmeyer
08:07 pm Revision 4839: Fixing #2590: Parnell Springmeyer
07:19 pm Feature Request #2472: Remove database from Model class: Like the Template_Controller this should be moved to a Database_Model instead? David Pommer
06:02 pm Bug Report #2759 (New): Review form helper: A lot of the form helper methods are unnecessary and superfluous IMHO. For example, @form::open()@ and @form::open_mu... Parnell Springmeyer

03/26/2010

05:55 am Bug Report #2746 (Assigned): valid::numeric regex bug: valid::numeric returns TRUE for "-." and ".".
*Reproduce code*:... Cory Finnestad

03/25/2010

06:18 pm Feature Request #2735 (Closed): Allow Passing Table name to table_prefix(): Yeah it doesn't look like there is a good way to do this in 2.3.x. I'm going to close this issue because 2.3.4 is the... Isaiah DeRose-Wilson
02:14 am Bug Report #2710 (Closed): Security::xss_clean vulnerable to IE style attributes: Applied in changeset r4837. Isaiah DeRose-Wilson
02:14 am Revision 4837: Fixed IE xss clean vulnerability, closes #2710: Isaiah DeRose-Wilson
02:09 am Feature Request #2737 (Review): Kohana_Log should use time formatted with gmdate: Isaiah DeRose-Wilson

03/24/2010

11:07 pm Feature Request #2735: Allow Passing Table name to table_prefix(): Yeah, I'm running 2.3, which doesn't have quote_table(). Chris Meller -
09:47 pm Feature Request #2740 (New): Missing mime types for MS Office docx, xlsx and pptx: The mimes config array does not include some MS mime types for docx, xlsx and pptx Anonymous
03:57 pm Feature Request #2735 (Assigned): Allow Passing Table name to table_prefix(): quote_table() should add the prefix, and escape the table name correctly, normally you would want something like this... Isaiah DeRose-Wilson

03/23/2010

10:23 pm Feature Request #2735 (Closed): Allow Passing Table name to table_prefix(): It'd be nice if you could pass the name of the table to the table_prefix() method and get back your concatenated stri... Chris Meller -
09:08 pm ORM - K2 Bug Report #2733 (New): change how relationships are created: best way to explain is through an example
user has_many orders
$order = ORM::factory('user',1)->orders;
$order... Ben Rogers
02:30 am Feature Request #2737 (Review): Kohana_Log should use time formatted with gmdate: I have multi-timezone application, so for each user date(...) returns date in his own timezone. it's obfuscating logs... Ivan Kurnosov

03/22/2010

08:16 pm ORM - K2 Bug Report #2730 (Closed): delete_all should respect where: There is a reason you remembered this issue ;) Isaiah DeRose-Wilson
07:09 pm ORM - K2 Bug Report #2730 (Closed): delete_all should respect where: i seem to remember this being reported before, but i think we should have delete_all respect where arguments Ben Rogers
07:06 pm ORM - K2 Bug Report #2729 (New): lazy loading should be done properly: this is more for the experimental branch, but i'd like to do lazy loading properly.
i noticed a bug where $this->l... Ben Rogers
05:47 pm Revision 4836: Fixing a small bug in the error output.: Parnell Springmeyer

03/19/2010

10:17 pm Bug Report #2726: utf8::stristr error for non-ASCII strings: Thanks for the report. This has been fixed in 2.4, please feel free to backport this fix to 2.3.x if you need it. Isaiah DeRose-Wilson
10:16 pm Bug Report #2726 (Closed): utf8::stristr error for non-ASCII strings: Applied in changeset r4835. Isaiah DeRose-Wilson
10:15 pm Revision 4835: Fixed issue with utf8::stristr() not being case insensitive, fixes #2726: Isaiah DeRose-Wilson
10:02 pm Bug Report #2726 (Assigned): utf8::stristr error for non-ASCII strings: Isaiah DeRose-Wilson
09:57 pm Bug Report #2725 (Closed): ORM cannot change values from NULL: Isaiah DeRose-Wilson
05:52 pm Bug Report #2726 (Closed): utf8::stristr error for non-ASCII strings: I discovered utf8::stristr always returns FALSE if the search string contains a capitalized non-ASCII character. Foun... John Reisig
12:58 pm Bug Report #2725: ORM cannot change values from NULL: Oops, my mistake. I thought the old bug has regressed.
My test was casting a value to float, so it looked like cha... Drarok -
12:27 pm Bug Report #2725 (Closed): ORM cannot change values from NULL: I can't reopen the previous ticket, but in Kohana 2.3.4, a field cannot be changed from NULL. Drarok -

03/16/2010

03:43 am Feature Request #2738 (Assigned): Inflector: Add 'was' => 'were' to Irregular: Not very important, but might as well have a complete list as possible.
For example:
"Corey and Dillon were tagge... Corey W

03/15/2010

04:14 pm Bug Report #2710 (Assigned): Security::xss_clean vulnerable to IE style attributes: Isaiah DeRose-Wilson

03/13/2010

10:06 am Bug Report #2710 (Closed): Security::xss_clean vulnerable to IE style attributes: The first string gets cleaned correctly. The second string doesn't.... Geert De Deckere
05:53 am Feature Request #2616 (Assigned): profiler library docs: Isaiah DeRose-Wilson
05:52 am Feature Request #2620 (Closed): validation library docs: Isaiah DeRose-Wilson
05:51 am Revision 4834: Validation docs cleanup. Closes #2620: Isaiah DeRose-Wilson
05:44 am Feature Request #2664 (Closed): .htaccess should redirect protected folders: Isaiah DeRose-Wilson
05:40 am Feature Request #2703 (Closed): .htaccess should redirect protected folders: Isaiah DeRose-Wilson
05:39 am Revision 4833: Updated example htaccess file, fixes #2703: Isaiah DeRose-Wilson

03/12/2010

12:09 pm Bug Report #2778 (Review): HTML::anchor() not proper handle external links: HTML::anchor() consider links starts '//' as internal site links, but this is wrong. Links starts with '//' is extern... Alexandr Karpinsky

03/11/2010

08:07 pm Feature Request #2703 (Review): .htaccess should redirect protected folders: Isaiah DeRose-Wilson

03/09/2010

05:37 pm Feature Request #2699 (Review): HTML::entities(): Bob (Chillax) implemented a helper method for htmlentities()
utf8 support and whatnot..
Commit: http://github.com... Lorenzo Pisani
02:53 am Bug Report #2696 (Assigned): File Cache should check if ID is valid: Have you tested this in the Kohana 2.4 cache library? Isaiah DeRose-Wilson
12:47 am Bug Report #2696 (Assigned): File Cache should check if ID is valid: Currently using File Cache on a Windows machine.
If the cache ID is invalid (not a valid filename), in most cases ... Joseph C

03/07/2010

05:16 pm Bug Report #2678 (Closed): MySQLi driver with invalid parameter on connect: Isaiah DeRose-Wilson
11:18 am Bug Report #2678: MySQLi driver with invalid parameter on connect: Ah, it was the config file being outdated, thought I had solved all 2.3.4 -> 2.4 issues a month ago as this didn't co... Antti Qvickström

03/06/2010

05:53 pm Bug Report #2679 (Assigned): Xcache get with invalid parameters: Isaiah DeRose-Wilson
05:52 pm Bug Report #2678: MySQLi driver with invalid parameter on connect: Also please make sure you've updated your "database config file":http://dev.kohanaphp.com/projects/kohana2/repository... Isaiah DeRose-Wilson
05:49 pm Bug Report #2678 (Assigned): MySQLi driver with invalid parameter on connect: $params is the connection flag parameter, this is used for creating a ssl connection or to change other connection op... Isaiah DeRose-Wilson
01:11 pm Bug Report #2679 (Assigned): Xcache get with invalid parameters: /system/libraries/drivers/Cache/Xcache.php lines 51 and 53 in the get() refers to $id variable, should use $key inste... Antti Qvickström
12:21 pm Bug Report #2678 (Closed): MySQLi driver with invalid parameter on connect: Database_Mysqli.php line 32:
if ( ! $mysqli->real_connect($host, $user, $pass, $database, $port, $socket, $params))
... Antti Qvickström
12:59 am Bug Report #2675 (Assigned): Remove ASCII control characters from global data automatically: We should remove ASCII control characters in Input::clean_input_data() instead of Input::clean(). Input::clean_input_... Isaiah DeRose-Wilson
12:47 am Bug Report #2669 (Closed): XSS does not clean or check for NULL byte injection: Applied in changeset r4832. Isaiah DeRose-Wilson
12:46 am Revision 4832: Fixed issue with null bytes in the default xss filter. Fixes #2669: Isaiah DeRose-Wilson

03/04/2010

07:45 pm Bug Report #2669: XSS does not clean or check for NULL byte injection: Nathan Bentley wrote:
> If needed, I have a small script that will allow you to inject NULL bytes (normal browsers t... Jeremy Bush
06:37 pm Bug Report #2669 (Assigned): XSS does not clean or check for NULL byte injection: Isaiah DeRose-Wilson
06:25 pm Bug Report #2669: XSS does not clean or check for NULL byte injection: If needed, I have a small script that will allow you to inject NULL bytes (normal browsers tend to filter it out) - I... Nathan Bentley
06:23 pm Bug Report #2669 (Closed): XSS does not clean or check for NULL byte injection: The current 2.3/2.4 Input library's xss_clean() method does not detect for or remove NULL byte injection.
I've tes... Nathan Bentley

03/03/2010

04:49 pm Revision 4831: Squash some whitespace and use CSS instead of cellspacing: Chris Bandy

« Previous

Also available in: Atom

KohanaPHP » Kohana v2.x

Activity

Activity

04/01/2010

03/31/2010

03/30/2010

03/29/2010

03/28/2010

03/27/2010

03/26/2010

03/25/2010

03/24/2010

03/23/2010

03/22/2010

03/19/2010

03/16/2010

03/15/2010

03/13/2010

03/12/2010

03/11/2010

03/09/2010

03/07/2010

03/06/2010

03/04/2010

03/03/2010