summaryrefslogtreecommitdiffstats
path: root/system/core/Security.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-01-12 16:23:26 +0100
committerAndrey Andreev <narf@devilix.net>2015-01-12 16:23:26 +0100
commit45a8afaabc6d09ad59bbb3c89a6cdfe8cbc3312c (patch)
tree7ca4207099f9225b5ef74b31f48627a282e7fdf2 /system/core/Security.php
parentcd94dd7e1d8969658810ccc4158a75d2936d0a44 (diff)
parent934d6d9797f4dadd4e4d05b12bc4d7309fedb6c3 (diff)
Merge branch 'develop' into feature/session
Diffstat (limited to 'system/core/Security.php')
-rw-r--r--[-rwxr-xr-x]system/core/Security.php19
1 files changed, 12 insertions, 7 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 6ed0f8d4f..2bf0f6284 100755..100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -2,11 +2,11 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.2.4 or newer
+ * An open source application development framework for PHP
*
* This content is released under the MIT License (MIT)
*
- * Copyright (c) 2014, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2015, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://opensource.org/licenses/MIT MIT License
* @link http://codeigniter.com
* @since Version 1.0.0
@@ -644,7 +644,12 @@ class CI_Security {
{
if ( ! isset($_entities))
{
- $_entities = array_map('strtolower', get_html_translation_table(HTML_ENTITIES, $flag, $charset));
+ $_entities = array_map(
+ 'strtolower',
+ is_php('5.3.4')
+ ? get_html_translation_table(HTML_ENTITIES, $flag, $charset)
+ : get_html_translation_table(HTML_ENTITIES, $flag)
+ );
// If we're not on PHP 5.4+, add the possibly dangerous HTML 5
// entities to the array manually
@@ -673,7 +678,7 @@ class CI_Security {
// Decode numeric & UTF16 two byte entities
$str = html_entity_decode(
- preg_replace('/(&#(?:x0*[0-9a-f]{2,5}(?![0-9a-f;]))|(?:0*\d{2,4}(?![0-9;])))/iS', '$1;', $str),
+ preg_replace('/(&#(?:x0*[0-9a-f]{2,5}(?![0-9a-f;])|(?:0*\d{2,4}(?![0-9;]))))/iS', '$1;', $str),
$flag,
$charset
);
@@ -977,8 +982,8 @@ class CI_Security {
// We don't necessarily want to regenerate it with
// each page load since a page could contain embedded
// sub-pages causing this feature to fail
- if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
- preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
+ if (isset($_COOKIE[$this->_csrf_cookie_name]) && is_string($_COOKIE[$this->_csrf_cookie_name])
+ && preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1)
{
return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
}