diff options
author | Melounek <petr@heralecky.cz> | 2012-10-05 15:50:00 +0200 |
---|---|---|
committer | Melounek <petr@heralecky.cz> | 2012-10-05 15:50:00 +0200 |
commit | cc7c7c691ad16beb5040a8a1d07064e61b5e2167 (patch) | |
tree | f0ed98dc9f580bf38cfb13b72d8ab2cddfd69a3f /system/core | |
parent | 58dfc089bf5b0ca35c2ff244e5bfdff726f9adcd (diff) | |
parent | 6123b61e8ec95ac91f67bfbf442e34021c922319 (diff) |
update devel version
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Common.php | 50 | ||||
-rw-r--r-- | system/core/Config.php | 14 | ||||
-rw-r--r-- | system/core/Input.php | 31 | ||||
-rw-r--r-- | system/core/Loader.php | 59 | ||||
-rw-r--r-- | system/core/Output.php | 6 | ||||
-rw-r--r-- | system/core/Security.php | 27 |
6 files changed, 139 insertions, 48 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index c309d4192..e449dd2e0 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -172,7 +172,7 @@ if ( ! function_exists('load_class')) if ($name === FALSE) { // Note: We use exit() rather then show_error() in order to avoid a - // self-referencing loop with the Excptions class + // self-referencing loop with the Exceptions class set_status_header(503); exit('Unable to locate the specified class: '.$class.'.php'); } @@ -488,13 +488,9 @@ if ( ! function_exists('set_status_header')) { header('Status: '.$code.' '.$text, TRUE); } - elseif ($server_protocol === 'HTTP/1.0') - { - header('HTTP/1.0 '.$code.' '.$text, TRUE, $code); - } else { - header('HTTP/1.1 '.$code.' '.$text, TRUE, $code); + header(($server_protocol ? $server_protocol : 'HTTP/1.1').' '.$code.' '.$text, TRUE, $code); } } } @@ -526,7 +522,8 @@ if ( ! function_exists('_exception_handler')) // Should we display the error? We'll get the current error_reporting // level and add its bits with the severity bits to find out. - if (($severity & error_reporting()) === $severity) + // And respect display_errors + if (($severity & error_reporting()) === $severity && (bool) ini_get('display_errors') === TRUE) { $_error->show_php_error($severity, $message, $filepath, $line); } @@ -597,5 +594,44 @@ if ( ! function_exists('html_escape')) } } +// ------------------------------------------------------------------------ + +if ( ! function_exists('_stringify_attributes')) +{ + /** + * Stringify attributes for use in HTML tags. + * + * Helper function used to convert a string, array, or object + * of attributes to a string. + * + * @param mixed string, array, object + * @param bool + * @return string + */ + function _stringify_attributes($attributes, $js = FALSE) + { + $atts = NULL; + + if (empty($attributes)) + { + return $atts; + } + + if (is_string($attributes)) + { + return ' '.$attributes; + } + + $attributes = (array) $attributes; + + foreach ($attributes as $key => $val) + { + $atts .= ($js) ? $key.'='.$val.',' : ' '.$key.'="'.$val.'"'; + } + + return rtrim($atts, ','); + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */
\ No newline at end of file diff --git a/system/core/Config.php b/system/core/Config.php index 4b4e5a7ba..8e4f998ef 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -43,7 +43,7 @@ class CI_Config { * * @var array */ - public $config = array(); + public $config = array(); /** * List of all loaded config files @@ -103,12 +103,12 @@ class CI_Config { $file = ($file === '') ? 'config' : str_replace('.php', '', $file); $found = $loaded = FALSE; + $check_locations = defined('ENVIRONMENT') + ? array(ENVIRONMENT.'/'.$file, $file) + : array($file); + foreach ($this->_config_paths as $path) { - $check_locations = defined('ENVIRONMENT') - ? array(ENVIRONMENT.'/'.$file, $file) - : array($file); - foreach ($check_locations as $location) { $file_path = $path.'config/'.$location.'.php'; @@ -172,7 +172,7 @@ class CI_Config { { return FALSE; } - show_error('The configuration file '.$file.'.php'.' does not exist.'); + show_error('The configuration file '.$file.'.php does not exist.'); } return TRUE; @@ -271,7 +271,7 @@ class CI_Config { */ public function base_url($uri = '') { - return $this->slash_item('base_url').ltrim($this->_uri_string($uri),'/'); + return $this->slash_item('base_url').ltrim($this->_uri_string($uri), '/'); } // ------------------------------------------------------------- diff --git a/system/core/Input.php b/system/core/Input.php index 162e40c85..657fce625 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,10 +330,37 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { + $has_ranges = strpos($proxies, '/') !== FALSE; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + if ($has_ranges) + { + $long_ip = ip2long($_SERVER['REMOTE_ADDR']); + $bit_32 = 1 << 32; + + // Go through each of the IP Addresses to check for and + // test against range notation + foreach ($proxies as $ip) + { + list($address, $mask_length) = explode('/', $ip, 2); + + // Generate the bitmask for a 32 bit IP Address + $bitmask = $bit_32 - (1 << (32 - (int) $mask_length)); + if (($long_ip & $bitmask) === $address) + { + $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; + break; + } + } + + } + else + { + $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) + ? $_SERVER['HTTP_X_FORWARDED_FOR'] + : $_SERVER['REMOTE_ADDR']; + } } elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { @@ -360,7 +387,7 @@ class CI_Input { if (strpos($this->ip_address, ',') !== FALSE) { $x = explode(',', $this->ip_address); - $this->ip_address = trim(end($x)); + $this->ip_address = trim($x[0]); } if ( ! $this->valid_ip($this->ip_address)) diff --git a/system/core/Loader.php b/system/core/Loader.php index 94739c74a..75e93608a 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -237,9 +237,9 @@ class CI_Loader { { if (is_array($model)) { - foreach ($model as $babe) + foreach ($model as $class) { - $this->model($babe); + $this->model($class); } return; } @@ -409,8 +409,8 @@ class CI_Loader { * 1. The name of the "view" file to be included. * 2. An associative array of data to be extracted for use in the view. * 3. TRUE/FALSE - whether to return the data or load it. In - * some cases it's advantageous to be able to return data so that - * a developer can process it in some way. + * some cases it's advantageous to be able to return data so that + * a developer can process it in some way. * * @param string * @param array @@ -633,13 +633,7 @@ class CI_Loader { { $this->driver($driver); } - return FALSE; - } - - if ( ! class_exists('CI_Driver_Library')) - { - // we aren't instantiating an object here, that'll be done by the Library itself - require BASEPATH.'libraries/Driver.php'; + return; } if ($library === '') @@ -785,11 +779,11 @@ class CI_Loader { $_ci_ext = pathinfo($_ci_view, PATHINFO_EXTENSION); $_ci_file = ($_ci_ext === '') ? $_ci_view.'.php' : $_ci_view; - foreach ($this->_ci_view_paths as $view_file => $cascade) + foreach ($this->_ci_view_paths as $_ci_view_file => $cascade) { - if (file_exists($view_file.$_ci_file)) + if (file_exists($_ci_view_file.$_ci_file)) { - $_ci_path = $view_file.$_ci_file; + $_ci_path = $_ci_view_file.$_ci_file; $file_exists = TRUE; break; } @@ -820,7 +814,7 @@ class CI_Loader { /* * Extract and cache variables * - * You can either set variables using the dedicated $this->load_vars() + * You can either set variables using the dedicated $this->load->vars() * function or via the second parameter of this function. We'll merge * the two types and cache them so that views that are embedded within * other views can have access to these variables. @@ -837,10 +831,10 @@ class CI_Loader { * We buffer the output for two reasons: * 1. Speed. You get a significant speed boost. * 2. So that the final rendered template can be post-processed by - * the output class. Why do we need post processing? For one thing, - * in order to show the elapsed page load time. Unless we can - * intercept the content right before it's sent to the browser and - * then stop the timer it won't be accurate. + * the output class. Why do we need post processing? For one thing, + * in order to show the elapsed page load time. Unless we can + * intercept the content right before it's sent to the browser and + * then stop the timer it won't be accurate. */ ob_start(); @@ -915,6 +909,13 @@ class CI_Loader { // Get the filename from the path $class = substr($class, $last_slash); + + // Check for match and driver base class + if (strtolower(trim($subdir, '/')) == strtolower($class) && ! class_exists('CI_Driver_Library')) + { + // We aren't instantiating an object here, just making the base class available + require BASEPATH.'libraries/Driver.php'; + } } // We'll test for both lowercase and capitalized versions of the file name @@ -996,14 +997,19 @@ class CI_Loader { $this->_ci_loaded_files[] = $filepath; return $this->_ci_init_class($class, '', $params, $object_name); } - } // END FOREACH // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified? if ($subdir === '') { $path = strtolower($class).'/'.$class; - return $this->_ci_load_class($path, $params); + return $this->_ci_load_class($path, $params, $object_name); + } + else if (ucfirst($subdir) != $subdir) + { + // Lowercase subdir failed - retry capitalized + $path = ucfirst($subdir).$class; + return $this->_ci_load_class($path, $params, $object_name); } // If we got this far we were unable to find the requested class. @@ -1091,7 +1097,7 @@ class CI_Loader { if ( ! class_exists($name)) { log_message('error', 'Non-existent class: '.$name); - show_error('Non-existent class: '.$class); + show_error('Non-existent class: '.$name); } // Set the variable name we will assign the class to @@ -1193,6 +1199,15 @@ class CI_Loader { } } + // Autoload drivers + if (isset($autoload['drivers'])) + { + foreach ($autoload['drivers'] as $item) + { + $this->driver($item); + } + } + // Autoload models if (isset($autoload['model'])) { diff --git a/system/core/Output.php b/system/core/Output.php index 5ec8c4bc0..052367ed6 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -552,13 +552,13 @@ class CI_Output { fclose($fp); // Strip out the embedded timestamp - if ( ! preg_match('/(\d+TS--->)/', $cache, $match)) + if ( ! preg_match('/^(\d+)TS--->/', $cache, $match)) { return FALSE; } $last_modified = filemtime($cache_path); - $expire = trim(str_replace('TS--->', '', $match[1])); + $expire = $match[1]; // Has the file expired? if ($_SERVER['REQUEST_TIME'] >= $expire && is_really_writable($cache_path)) @@ -575,7 +575,7 @@ class CI_Output { } // Display the cache - $this->_display(str_replace($match[0], '', $cache)); + $this->_display(substr($cache, strlen($match[0]))); log_message('debug', 'Cache file is current. Sending it to browser.'); return TRUE; } diff --git a/system/core/Security.php b/system/core/Security.php index 4593a1090..b22d2cf19 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -395,20 +395,20 @@ class CI_Security { if (preg_match('/<a/i', $str)) { - $str = preg_replace_callback('#<a\s+([^>]*?)(>|$)#si', array($this, '_js_link_removal'), $str); + $str = preg_replace_callback('#<a\s+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); } if (preg_match('/<img/i', $str)) { - $str = preg_replace_callback('#<img\s+([^>]*?)(\s?/?>|$)#si', array($this, '_js_img_removal'), $str); + $str = preg_replace_callback('#<img\s+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str); } - if (preg_match('/(script|xss)/i', $str)) + if (preg_match('/script|xss/i', $str)) { - $str = preg_replace('#<(/*)(script|xss)(.*?)\>#si', '[removed]', $str); + $str = preg_replace('#</*(?:script|xss).*?>#si', '[removed]', $str); } } - while($original !== $str); + while ($original !== $str); unset($original); @@ -561,6 +561,19 @@ class CI_Security { // ---------------------------------------------------------------- /** + * Strip Image Tags + * + * @param string + * @return string + */ + public function strip_image_tags($str) + { + return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + } + + // ---------------------------------------------------------------- + + /** * Compact Exploded Words * * Callback function for xss_clean() to remove whitespace from @@ -670,7 +683,7 @@ class CI_Security { protected function _js_link_removal($match) { return str_replace($match[1], - preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', + preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), @@ -693,7 +706,7 @@ class CI_Security { protected function _js_img_removal($match) { return str_replace($match[1], - preg_replace('#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', + preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), |