summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-03-10 14:44:57 +0100
committerAndrey Andreev <narf@bofh.bg>2012-03-10 14:44:57 +0100
commitc857bc23d35840a9c3b13ce752ae832385639f73 (patch)
treea864a7600d37ca110c3e44c06cc1b55170ad272c /system/core
parent172331d40c991741c76fcf70f4262c2db821c6f8 (diff)
parent52a31ba3acc5f5be16692ac25c70780775e548e0 (diff)
Merge branch 'develop' of github.com:EllisLab/CodeIgniter into develop-dh-date-range
Diffstat (limited to 'system/core')
-rwxr-xr-xsystem/core/Benchmark.php2
-rwxr-xr-xsystem/core/CodeIgniter.php2
-rw-r--r--system/core/Common.php2
-rwxr-xr-xsystem/core/Config.php2
-rw-r--r--system/core/Controller.php2
-rwxr-xr-xsystem/core/Exceptions.php2
-rwxr-xr-xsystem/core/Hooks.php2
-rwxr-xr-xsystem/core/Input.php19
-rwxr-xr-xsystem/core/Lang.php2
-rw-r--r--system/core/Loader.php4
-rwxr-xr-xsystem/core/Model.php2
-rwxr-xr-xsystem/core/Output.php2
-rwxr-xr-xsystem/core/Router.php2
-rwxr-xr-xsystem/core/Security.php45
-rwxr-xr-xsystem/core/URI.php2
-rw-r--r--system/core/Utf8.php2
16 files changed, 56 insertions, 38 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php
index f4dfd3dab..f6b634deb 100755
--- a/system/core/Benchmark.php
+++ b/system/core/Benchmark.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 7af3c485d..a79a69590 100755
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Common.php b/system/core/Common.php
index 491979350..f20acafd4 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Config.php b/system/core/Config.php
index 68417435d..1e149d005 100755
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Controller.php b/system/core/Controller.php
index 0dc131701..05e1bf5bf 100644
--- a/system/core/Controller.php
+++ b/system/core/Controller.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php
index bf9901252..d7282b1f3 100755
--- a/system/core/Exceptions.php
+++ b/system/core/Exceptions.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Hooks.php b/system/core/Hooks.php
index e1ac58e6e..493822f36 100755
--- a/system/core/Hooks.php
+++ b/system/core/Hooks.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Input.php b/system/core/Input.php
index ee15f4013..54b7e0923 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
@@ -699,6 +699,23 @@ class CI_Input {
return (php_sapi_name() === 'cli' OR defined('STDIN'));
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Get Request Method
+ *
+ * Return the Request Method
+ *
+ * @param bool uppercase or lowercase
+ * @return bool
+ */
+ public function method($upper = FALSE)
+ {
+ return ($upper)
+ ? strtoupper($this->server('REQUEST_METHOD'))
+ : strtolower($this->server('REQUEST_METHOD'));
+ }
+
}
/* End of file Input.php */
diff --git a/system/core/Lang.php b/system/core/Lang.php
index c40a6856e..9ef76f4d6 100755
--- a/system/core/Lang.php
+++ b/system/core/Lang.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 12daaa928..3d91915c4 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
@@ -833,7 +833,7 @@ class CI_Loader {
// If the PHP installation does not support short tags we'll
// do a little string replacement, changing the short tags
// to standard PHP echo statements.
- if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE)
+ if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE)
{
echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path))));
}
diff --git a/system/core/Model.php b/system/core/Model.php
index a595a6ae2..49b8d34e4 100755
--- a/system/core/Model.php
+++ b/system/core/Model.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Output.php b/system/core/Output.php
index abd8a0ea9..faebbbe72 100755
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Router.php b/system/core/Router.php
index d21319565..b251abb4b 100755
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Security.php b/system/core/Security.php
index 1007f61f4..cd8a61028 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Security Class
*
@@ -106,23 +104,27 @@ class CI_Security {
public function __construct()
{
- // CSRF config
- foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
+ // Is CSRF protection enabled?
+ if (config_item('csrf_protection') === TRUE)
{
- if (FALSE !== ($val = config_item($key)))
+ // CSRF config
+ foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
{
- $this->{'_'.$key} = $val;
+ if (FALSE !== ($val = config_item($key)))
+ {
+ $this->{'_'.$key} = $val;
+ }
}
- }
- // Append application specific cookie prefix
- if (config_item('cookie_prefix'))
- {
- $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
- }
+ // Append application specific cookie prefix
+ if (config_item('cookie_prefix'))
+ {
+ $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
+ }
- // Set the CSRF hash
- $this->_csrf_set_hash();
+ // Set the CSRF hash
+ $this->_csrf_set_hash();
+ }
log_message('debug', 'Security Class Initialized');
}
@@ -136,8 +138,8 @@ class CI_Security {
*/
public function csrf_verify()
{
- // If no POST data exists we will set the CSRF cookie
- if (count($_POST) === 0)
+ // If it's not a POST request we will set the CSRF cookie
+ if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST')
{
return $this->csrf_set_cookie();
}
@@ -189,7 +191,7 @@ class CI_Security {
$expire = time() + $this->_csrf_expire;
$secure_cookie = (bool) config_item('cookie_secure');
- if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS']))
+ if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off'))
{
return FALSE;
}
@@ -358,7 +360,7 @@ class CI_Security {
foreach ($words as $word)
{
- $word = implode("\s*", str_split($word)) . "\s*";
+ $word = implode('\s*', str_split($word)).'\s*';
// We only want to do this when it is followed by a non-word character
// That way valid stuff like "dealer to" does not become "dealerto"
@@ -425,7 +427,6 @@ class CI_Security {
'\\1\\2&#40;\\3&#41;',
$str);
-
// Final clean up
// This adds a bit of extra precaution in case
// something got through the above filters
@@ -601,7 +602,7 @@ class CI_Security {
}
// find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
@@ -633,7 +634,7 @@ class CI_Security {
{
return '&lt;'.$matches[1].$matches[2].$matches[3] // encode opening brace
// encode captured opening or closing brace to prevent recursive vectors:
- . str_replace(array('>', '<'), array('&gt;', '&lt;'), $matches[4]);
+ .str_replace(array('>', '<'), array('&gt;', '&lt;'), $matches[4]);
}
// --------------------------------------------------------------------
diff --git a/system/core/URI.php b/system/core/URI.php
index b28ee198b..db5b8e44b 100755
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Utf8.php b/system/core/Utf8.php
index 0e180d36f..ba3567453 100644
--- a/system/core/Utf8.php
+++ b/system/core/Utf8.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*