summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorftwbzhao <b.zhao1@gmail.com>2015-04-09 16:32:41 +0200
committerftwbzhao <b.zhao1@gmail.com>2015-04-09 16:32:41 +0200
commitb587698dd45396b91106bd7c894a79747b1fb7a9 (patch)
tree76a1d614976dd0b695e513a40f9235e3b9f7f82c /system/core
parent9b9a06c9635cd3b4fce0aebe4d2eead4809999a5 (diff)
parentfd363f224d7886eb686434d7a835eaa49183d8e6 (diff)
Merge branch 'develop' of https://github.com/bcit-ci/CodeIgniter into develop
Diffstat (limited to 'system/core')
-rw-r--r--system/core/CodeIgniter.php2
-rw-r--r--system/core/Common.php2
-rw-r--r--system/core/Hooks.php2
-rw-r--r--system/core/Loader.php7
-rw-r--r--system/core/Router.php2
-rw-r--r--system/core/URI.php15
-rw-r--r--system/core/compat/hash.php51
7 files changed, 64 insertions, 17 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index d830c1829..ddf322749 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @var string
*
*/
- define('CI_VERSION', '3.0-dev');
+ define('CI_VERSION', '3.0.1-dev');
/*
* ------------------------------------------------------
diff --git a/system/core/Common.php b/system/core/Common.php
index f28272b5b..a96828e96 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -181,7 +181,7 @@ if ( ! function_exists('load_class'))
// Did we find the class?
if ($name === FALSE)
{
- // Note: We use exit() rather then show_error() in order to avoid a
+ // Note: We use exit() rather than show_error() in order to avoid a
// self-referencing loop with the Exceptions class
set_status_header(503);
echo 'Unable to locate the specified class: '.$class.'.php';
diff --git a/system/core/Hooks.php b/system/core/Hooks.php
index 08479b133..3b4fb2250 100644
--- a/system/core/Hooks.php
+++ b/system/core/Hooks.php
@@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @subpackage Libraries
* @category Libraries
* @author EllisLab Dev Team
- * @link http://codeigniter.com/user_guide/libraries/encryption.html
+ * @link http://codeigniter.com/user_guide/general/hooks.html
*/
class CI_Hooks {
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 254ad0d6d..9205ad1b6 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -1118,7 +1118,7 @@ class CI_Loader {
}
else
{
- log_message('debug', APPPATH.'libraries/'.$file_path.$subclass.'.php exists, but does not declare '.$subclass);
+ log_message('debug', $path.' exists, but does not declare '.$subclass);
}
}
}
@@ -1307,10 +1307,7 @@ class CI_Loader {
}
// Load all other libraries
- foreach ($autoload['libraries'] as $item)
- {
- $this->library($item);
- }
+ $this->library($autoload['libraries']);
}
// Autoload models
diff --git a/system/core/Router.php b/system/core/Router.php
index eb3da2285..f91d3f6ec 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -493,7 +493,7 @@ class CI_Router {
* Set directory name
*
* @param string $dir Directory name
- * @param bool $appent Whether we're appending rather then setting the full value
+ * @param bool $appent Whether we're appending rather than setting the full value
* @return void
*/
public function set_directory($dir, $append = FALSE)
diff --git a/system/core/URI.php b/system/core/URI.php
index e96749456..2211e3665 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -205,13 +205,16 @@ class CI_URI {
$query = isset($uri['query']) ? $uri['query'] : '';
$uri = isset($uri['path']) ? $uri['path'] : '';
- if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0)
+ if (isset($_SERVER['SCRIPT_NAME'][0]))
{
- $uri = (string) substr($uri, strlen($_SERVER['SCRIPT_NAME']));
- }
- elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0)
- {
- $uri = (string) substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME'])));
+ if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0)
+ {
+ $uri = (string) substr($uri, strlen($_SERVER['SCRIPT_NAME']));
+ }
+ elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0)
+ {
+ $uri = (string) substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME'])));
+ }
}
// This section ensures that even on servers that require the URI to be in the query string (Nginx) a correct
diff --git a/system/core/compat/hash.php b/system/core/compat/hash.php
index 477535dca..15954559c 100644
--- a/system/core/compat/hash.php
+++ b/system/core/compat/hash.php
@@ -174,9 +174,56 @@ if ( ! function_exists('hash_pbkdf2'))
}
$hash_length = strlen(hash($algo, NULL, TRUE));
- if (empty($length))
+ empty($length) && $length = $hash_length;
+
+ // Pre-hash password inputs longer than the algorithm's block size
+ // (i.e. prepare HMAC key) to mitigate potential DoS attacks.
+ static $block_sizes;
+ empty($block_sizes) && $block_sizes = array(
+ 'gost' => 32,
+ 'haval128,3' => 128,
+ 'haval160,3' => 128,
+ 'haval192,3' => 128,
+ 'haval224,3' => 128,
+ 'haval256,3' => 128,
+ 'haval128,4' => 128,
+ 'haval160,4' => 128,
+ 'haval192,4' => 128,
+ 'haval224,4' => 128,
+ 'haval256,4' => 128,
+ 'haval128,5' => 128,
+ 'haval160,5' => 128,
+ 'haval192,5' => 128,
+ 'haval224,5' => 128,
+ 'haval256,5' => 128,
+ 'md2' => 16,
+ 'md4' => 64,
+ 'md5' => 64,
+ 'ripemd128' => 64,
+ 'ripemd160' => 64,
+ 'ripemd256' => 64,
+ 'ripemd320' => 64,
+ 'salsa10' => 64,
+ 'salsa20' => 64,
+ 'sha1' => 64,
+ 'sha224' => 64,
+ 'sha256' => 64,
+ 'sha384' => 128,
+ 'sha512' => 128,
+ 'snefru' => 32,
+ 'snefru256' => 32,
+ 'tiger128,3' => 64,
+ 'tiger160,3' => 64,
+ 'tiger192,3' => 64,
+ 'tiger128,4' => 64,
+ 'tiger160,4' => 64,
+ 'tiger192,4' => 64,
+ 'whirlpool' => 64
+ );
+
+ if (isset($block_sizes[$algo]) && strlen($password) > $block_sizes[$algo])
{
- $length = $hash_length;
+ $password = hash($algo, $password, TRUE);
}
$hash = '';