diff options
| author | Greg Aker <greg@gregaker.net> | 2011-08-20 18:58:58 +0200 |
|---|---|---|
| committer | Greg Aker <greg@gregaker.net> | 2011-08-20 18:58:58 +0200 |
| commit | abbad9ea53e81c6e3211029711ac5b2ab4f1978d (patch) | |
| tree | 9a4d5a8587da1dd3a365251afa37be2f835a53c2 /system/core | |
| parent | 71644d683d0a15a6f7e04fabd0f51a4200d620b4 (diff) | |
| parent | d56be70257696d0bbf2dcc880888d8dc17cba21c (diff) | |
Merge branch 'develop' into feature/unit-tests
Conflicts:
.hgignore
Diffstat (limited to 'system/core')
| -rwxr-xr-x[-rw-r--r--] | system/core/Benchmark.php | 9 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/CodeIgniter.php | 114 | ||||
| -rw-r--r-- | system/core/Common.php | 89 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Config.php | 89 | ||||
| -rw-r--r-- | system/core/Controller.php | 8 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Exceptions.php | 23 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Hooks.php | 19 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Input.php | 50 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Lang.php | 15 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Loader.php | 154 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Model.php | 3 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Output.php | 81 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Router.php | 81 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/Security.php | 69 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/core/URI.php | 47 | ||||
| -rw-r--r-- | system/core/Utf8.php | 2 |
16 files changed, 669 insertions, 184 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index 3686c2d73..a200727ab 100644..100755 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -19,7 +19,7 @@ * CodeIgniter Benchmark Class * * This class enables you to mark points and calculate the time difference - * between them. Memory consumption can also be displayed. + * between them. Memory consumption can also be displayed. * * @package CodeIgniter * @subpackage Libraries @@ -29,6 +29,11 @@ */ class CI_Benchmark { + /** + * List of all benchmark markers and when they were added + * + * @var array + */ var $marker = array(); // -------------------------------------------------------------------- diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index b6f5e872c..0a1391d18 100644..100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -27,30 +27,44 @@ * @link http://codeigniter.com/user_guide/ */ -/* - * ------------------------------------------------------ - * Define the CodeIgniter Version - * ------------------------------------------------------ +/** + * CodeIgniter Version + * + * @var string + * */ + /** + * CodeIgniter Version + * + * @var string + * + */ define('CI_VERSION', '2.0.2'); -/* - * ------------------------------------------------------ - * Define the CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * ------------------------------------------------------ +/** + * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) + * + * @var boolean + * */ + /** + * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) + * + * @var string + * + */ define('CI_CORE', FALSE); /* * ------------------------------------------------------ - * Load the global functions + * Load the global functions * ------------------------------------------------------ */ require(BASEPATH.'core/Common.php'); /* * ------------------------------------------------------ - * Load the framework constants + * Load the framework constants * ------------------------------------------------------ */ if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php')) @@ -64,7 +78,7 @@ /* * ------------------------------------------------------ - * Define a custom error handler so we can log PHP errors + * Define a custom error handler so we can log PHP errors * ------------------------------------------------------ */ set_error_handler('_exception_handler'); @@ -76,7 +90,7 @@ /* * ------------------------------------------------------ - * Set the subclass_prefix + * Set the subclass_prefix * ------------------------------------------------------ * * Normally the "subclass_prefix" is set in the config file. @@ -85,7 +99,7 @@ * "libraries" folder. Since CI allows config items to be * overriden via data set in the main index. php file, * before proceeding we need to know if a subclass_prefix - * override exists. If so, we will set this value now, + * override exists. If so, we will set this value now, * before any classes are loaded * Note: Since the config file data is cached it doesn't * hurt to load it here. @@ -97,7 +111,7 @@ /* * ------------------------------------------------------ - * Set a liberal script execution time limit + * Set a liberal script execution time limit * ------------------------------------------------------ */ if (function_exists("set_time_limit") == TRUE AND @ini_get("safe_mode") == 0) @@ -107,7 +121,7 @@ /* * ------------------------------------------------------ - * Start the timer... tick tock tick tock... + * Start the timer... tick tock tick tock... * ------------------------------------------------------ */ $BM =& load_class('Benchmark', 'core'); @@ -116,21 +130,21 @@ /* * ------------------------------------------------------ - * Instantiate the hooks class + * Instantiate the hooks class * ------------------------------------------------------ */ $EXT =& load_class('Hooks', 'core'); /* * ------------------------------------------------------ - * Is there a "pre_system" hook? + * Is there a "pre_system" hook? * ------------------------------------------------------ */ $EXT->_call_hook('pre_system'); /* * ------------------------------------------------------ - * Instantiate the config class + * Instantiate the config class * ------------------------------------------------------ */ $CFG =& load_class('Config', 'core'); @@ -143,7 +157,7 @@ /* * ------------------------------------------------------ - * Instantiate the UTF-8 class + * Instantiate the UTF-8 class * ------------------------------------------------------ * * Note: Order here is rather important as the UTF-8 @@ -157,14 +171,14 @@ /* * ------------------------------------------------------ - * Instantiate the URI class + * Instantiate the URI class * ------------------------------------------------------ */ $URI =& load_class('URI', 'core'); /* * ------------------------------------------------------ - * Instantiate the routing class and set the routing + * Instantiate the routing class and set the routing * ------------------------------------------------------ */ $RTR =& load_class('Router', 'core'); @@ -178,14 +192,14 @@ /* * ------------------------------------------------------ - * Instantiate the output class + * Instantiate the output class * ------------------------------------------------------ */ $OUT =& load_class('Output', 'core'); /* * ------------------------------------------------------ - * Is there a valid cache file? If so, we're done... + * Is there a valid cache file? If so, we're done... * ------------------------------------------------------ */ if ($EXT->_call_hook('cache_override') === FALSE) @@ -205,21 +219,21 @@ /* * ------------------------------------------------------ - * Load the Input class and sanitize globals + * Load the Input class and sanitize globals * ------------------------------------------------------ */ $IN =& load_class('Input', 'core'); /* * ------------------------------------------------------ - * Load the Language class + * Load the Language class * ------------------------------------------------------ */ $LANG =& load_class('Lang', 'core'); /* * ------------------------------------------------------ - * Load the app controller and local controller + * Load the app controller and local controller * ------------------------------------------------------ * */ @@ -252,14 +266,14 @@ /* * ------------------------------------------------------ - * Security check + * Security check * ------------------------------------------------------ * - * None of the functions in the app controller or the - * loader class can be called via the URI, nor can - * controller functions that begin with an underscore + * None of the functions in the app controller or the + * loader class can be called via the URI, nor can + * controller functions that begin with an underscore */ - $class = $RTR->fetch_class(); + $class = $RTR->fetch_class(); $method = $RTR->fetch_method(); if ( ! class_exists($class) @@ -267,19 +281,37 @@ OR in_array(strtolower($method), array_map('strtolower', get_class_methods('CI_Controller'))) ) { - show_404("{$class}/{$method}"); + if ( ! empty($RTR->routes['404_override'])) + { + $x = explode('/', $RTR->routes['404_override']); + $class = $x[0]; + $method = (isset($x[1]) ? $x[1] : 'index'); + if ( ! class_exists($class)) + { + if ( ! file_exists(APPPATH.'controllers/'.$class.'.php')) + { + show_404("{$class}/{$method}"); + } + + include_once(APPPATH.'controllers/'.$class.'.php'); + } + } + else + { + show_404("{$class}/{$method}"); + } } /* * ------------------------------------------------------ - * Is there a "pre_controller" hook? + * Is there a "pre_controller" hook? * ------------------------------------------------------ */ $EXT->_call_hook('pre_controller'); /* * ------------------------------------------------------ - * Instantiate the requested controller + * Instantiate the requested controller * ------------------------------------------------------ */ // Mark a start point so we can benchmark the controller @@ -289,14 +321,14 @@ /* * ------------------------------------------------------ - * Is there a "post_controller_constructor" hook? + * Is there a "post_controller_constructor" hook? * ------------------------------------------------------ */ $EXT->_call_hook('post_controller_constructor'); /* * ------------------------------------------------------ - * Call the requested method + * Call the requested method * ------------------------------------------------------ */ // Is there a "remap" function? If so, we call it instead @@ -345,14 +377,14 @@ /* * ------------------------------------------------------ - * Is there a "post_controller" hook? + * Is there a "post_controller" hook? * ------------------------------------------------------ */ $EXT->_call_hook('post_controller'); /* * ------------------------------------------------------ - * Send the final rendered output to the browser + * Send the final rendered output to the browser * ------------------------------------------------------ */ if ($EXT->_call_hook('display_override') === FALSE) @@ -362,14 +394,14 @@ /* * ------------------------------------------------------ - * Is there a "post_system" hook? + * Is there a "post_system" hook? * ------------------------------------------------------ */ $EXT->_call_hook('post_system'); /* * ------------------------------------------------------ - * Close the DB connection if one exists + * Close the DB connection if one exists * ------------------------------------------------------ */ if (class_exists('CI_DB') AND isset($CI->db)) diff --git a/system/core/Common.php b/system/core/Common.php index eb9e14425..db9fbeb9f 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -39,6 +39,8 @@ * @param string * @return bool TRUE if the current version is $version or higher */ +if ( ! function_exists('is_php')) +{ function is_php($version = '5.0.0') { static $_is_php; @@ -51,6 +53,7 @@ return $_is_php[$version]; } +} // ------------------------------------------------------------------------ @@ -58,12 +61,14 @@ * Tests for file writability * * is_writable() returns TRUE on Windows servers when you really can't write to - * the file, based on the read-only attribute. is_writable() is also unreliable + * the file, based on the read-only attribute. is_writable() is also unreliable * on Unix servers if safe_mode is on. * * @access private * @return void */ +if ( ! function_exists('is_really_writable')) +{ function is_really_writable($file) { // If we're on a Unix server with safe_mode off we call is_writable @@ -73,7 +78,7 @@ } // For windows servers and safe_mode "on" installations we'll actually - // write a file then read it. Bah... + // write a file then read it. Bah... if (is_dir($file)) { $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100)); @@ -96,14 +101,15 @@ fclose($fp); return TRUE; } +} // ------------------------------------------------------------------------ /** * Class registry * -* This function acts as a singleton. If the requested class does not -* exist it is instantiated and set to a static variable. If it has +* This function acts as a singleton. If the requested class does not +* exist it is instantiated and set to a static variable. If it has * previously been instantiated the variable is returned. * * @access public @@ -112,11 +118,13 @@ * @param string the class name prefix * @return object */ +if ( ! function_exists('load_class')) +{ function &load_class($class, $directory = 'libraries', $prefix = 'CI_') { static $_classes = array(); - // Does the class exist? If so, we're done... + // Does the class exist? If so, we're done... if (isset($_classes[$class])) { return $_classes[$class]; @@ -141,7 +149,7 @@ } } - // Is the request a class extension? If so we load it too + // Is the request a class extension? If so we load it too if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php')) { $name = config_item('subclass_prefix').$class; @@ -166,16 +174,19 @@ $_classes[$class] = new $name(); return $_classes[$class]; } +} // -------------------------------------------------------------------- /** -* Keeps track of which libraries have been loaded. This function is +* Keeps track of which libraries have been loaded. This function is * called by the load_class() function above * * @access public * @return array */ +if ( ! function_exists('is_loaded')) +{ function is_loaded($class = '') { static $_is_loaded = array(); @@ -187,6 +198,7 @@ return $_is_loaded; } +} // ------------------------------------------------------------------------ @@ -199,6 +211,8 @@ * @access private * @return array */ +if ( ! function_exists('get_config')) +{ function &get_config($replace = array()) { static $_config; @@ -242,6 +256,7 @@ return $_config[0] =& $config; } +} // ------------------------------------------------------------------------ @@ -251,6 +266,8 @@ * @access public * @return mixed */ +if ( ! function_exists('config_item')) +{ function config_item($item) { static $_config_item = array(); @@ -268,6 +285,7 @@ return $_config_item[$item]; } +} // ------------------------------------------------------------------------ @@ -283,12 +301,15 @@ * @access public * @return void */ +if ( ! function_exists('show_error')) +{ function show_error($message, $status_code = 500, $heading = 'An Error Was Encountered') { $_error =& load_class('Exceptions', 'core'); echo $_error->show_error($heading, $message, 'error_general', $status_code); exit; } +} // ------------------------------------------------------------------------ @@ -302,12 +323,15 @@ * @access public * @return void */ +if ( ! function_exists('show_404')) +{ function show_404($page = '', $log_error = TRUE) { $_error =& load_class('Exceptions', 'core'); $_error->show_404($page, $log_error); exit; } +} // ------------------------------------------------------------------------ @@ -320,6 +344,8 @@ * @access public * @return void */ +if ( ! function_exists('log_message')) +{ function log_message($level = 'error', $message, $php_error = FALSE) { static $_log; @@ -332,6 +358,7 @@ $_log =& load_class('Log'); $_log->write_log($level, $message, $php_error); } +} // ------------------------------------------------------------------------ @@ -343,6 +370,8 @@ * @param string * @return void */ +if ( ! function_exists('set_status_header')) +{ function set_status_header($code = 200, $text = '') { $stati = array( @@ -399,7 +428,7 @@ if ($text == '') { - show_error('No status text available. Please check your status code number or supply your own message text.', 500); + show_error('No status text available. Please check your status code number or supply your own message text.', 500); } $server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; @@ -417,6 +446,7 @@ header("HTTP/1.1 {$code} {$text}", TRUE, $code); } } +} // -------------------------------------------------------------------- @@ -424,7 +454,7 @@ * Exception Handler * * This is the custom exception handler that is declaired at the top -* of Codeigniter.php. The main reason we use this is to permit +* of Codeigniter.php. The main reason we use this is to permit * PHP errors to be logged in our own log files since the user may * not have access to server logs. Since this function * effectively intercepts PHP errors, however, we also need @@ -434,6 +464,8 @@ * @access private * @return void */ +if ( ! function_exists('_exception_handler')) +{ function _exception_handler($severity, $message, $filepath, $line) { // We don't bother with "strict" notices since they tend to fill up @@ -455,7 +487,7 @@ $_error->show_php_error($severity, $message, $filepath, $line); } - // Should we log the error? No? We're done... + // Should we log the error? No? We're done... if (config_item('log_threshold') == 0) { return; @@ -463,32 +495,35 @@ $_error->log_exception($severity, $message, $filepath, $line); } +} - // -------------------------------------------------------------------- - - /** - * Remove Invisible Characters - * - * This prevents sandwiching null characters - * between ascii characters, like Java\0script. - * - * @access public - * @param string - * @return string - */ +// -------------------------------------------------------------------- + +/** + * Remove Invisible Characters + * + * This prevents sandwiching null characters + * between ascii characters, like Java\0script. + * + * @access public + * @param string + * @return string + */ +if ( ! function_exists('remove_invisible_characters')) +{ function remove_invisible_characters($str, $url_encoded = TRUE) { $non_displayables = array(); - + // every control character except newline (dec 10) // carriage return (dec 13), and horizontal tab (dec 09) - + if ($url_encoded) { $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15 $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31 } - + $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127 do @@ -499,7 +534,7 @@ return $str; } - +} /* End of file Common.php */ /* Location: ./system/core/Common.php */
\ No newline at end of file diff --git a/system/core/Config.php b/system/core/Config.php index 55c623b3c..9c5e22fb2 100644..100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -28,8 +28,23 @@ */ class CI_Config { + /** + * List of all loaded config values + * + * @var array + */ var $config = array(); + /** + * List of all loaded config files + * + * @var array + */ var $is_loaded = array(); + /** + * List of paths to search when trying to load a config file + * + * @var array + */ var $_config_paths = array(APPPATH); /** @@ -37,11 +52,11 @@ class CI_Config { * * Sets the $config data from the primary config.php file as a class variable * - * @access public - * @param string the config file name - * @param boolean if configuration values should be loaded into their own section - * @param boolean true if errors should just return false, false if an error message should be displayed - * @return boolean if the file was successfully loaded or not + * @access public + * @param string the config file name + * @param boolean if configuration values should be loaded into their own section + * @param boolean true if errors should just return false, false if an error message should be displayed + * @return boolean if the file was successfully loaded or not */ function __construct() { @@ -74,8 +89,8 @@ class CI_Config { * * @access public * @param string the config file name - * @param boolean if configuration values should be loaded into their own section - * @param boolean true if errors should just return false, false if an error message should be displayed + * @param boolean if configuration values should be loaded into their own section + * @param boolean true if errors should just return false, false if an error message should be displayed * @return boolean if the file was loaded correctly */ function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE) @@ -203,10 +218,7 @@ class CI_Config { // -------------------------------------------------------------------- /** - * Fetch a config file item - adds slash after item - * - * The second parameter allows a slash to be added to the end of - * the item, in the case of a path. + * Fetch a config file item - adds slash after item (if item is not empty) * * @access public * @param string the config item name @@ -219,6 +231,10 @@ class CI_Config { { return FALSE; } + if( trim($this->config[$item]) == '') + { + return ''; + } return rtrim($this->config[$item], '/').'/'; } @@ -227,6 +243,7 @@ class CI_Config { /** * Site URL + * Returns base_url . index_page [. uri_string] * * @access public * @param string the URI string @@ -241,14 +258,48 @@ class CI_Config { if ($this->item('enable_query_strings') == FALSE) { + $suffix = ($this->item('url_suffix') == FALSE) ? '' : $this->item('url_suffix'); + return $this->slash_item('base_url').$this->slash_item('index_page').$this->_uri_string($uri).$suffix; + } + else + { + return $this->slash_item('base_url').$this->item('index_page').'?'.$this->_uri_string($uri); + } + } + + // ------------------------------------------------------------- + + /** + * Base URL + * Returns base_url [. uri_string] + * + * @access public + * @param string $uri + * @return string + */ + function base_url($uri = '') + { + return $this->slash_item('base_url').ltrim($this->_uri_string($uri),'/'); + } + + // ------------------------------------------------------------- + + /** + * Build URI string for use in Config::site_url() and Config::base_url() + * + * @access protected + * @param $uri + * @return string + */ + protected function _uri_string($uri) + { + if ($this->item('enable_query_strings') == FALSE) + { if (is_array($uri)) { $uri = implode('/', $uri); } - - $index = $this->item('index_page') == '' ? '' : $this->slash_item('index_page'); - $suffix = ($this->item('url_suffix') == FALSE) ? '' : $this->item('url_suffix'); - return $this->slash_item('base_url').$index.trim($uri, '/').$suffix; + $uri = trim($uri, '/'); } else { @@ -262,12 +313,10 @@ class CI_Config { $str .= $prefix.$key.'='.$val; $i++; } - $uri = $str; } - - return $this->slash_item('base_url').$this->item('index_page').'?'.$uri; } + return $uri; } // -------------------------------------------------------------------- @@ -305,7 +354,7 @@ class CI_Config { * Assign to Config * * This function is called by the front controller (CodeIgniter.php) - * after the Config class is instantiated. It permits config items + * after the Config class is instantiated. It permits config items * to be assigned or overriden by variables contained in the index.php file * * @access private diff --git a/system/core/Controller.php b/system/core/Controller.php index 107d3f346..fddb81e19 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -37,7 +37,7 @@ class CI_Controller { public function __construct() { self::$instance =& $this; - + // Assign all the class objects that were instantiated by the // bootstrap file (CodeIgniter.php) to local class variables // so that CI can run as one big super object. @@ -48,8 +48,8 @@ class CI_Controller { $this->load =& load_class('Loader', 'core'); - $this->load->set_base_classes()->ci_autoloader(); - + $this->load->initialize(); + log_message('debug', "Controller Class Initialized"); } diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index 2503c907f..869739a5a 100644..100755 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -30,8 +30,21 @@ class CI_Exceptions { var $message; var $filename; var $line; + + /** + * Nesting level of the output buffering mechanism + * + * @var int + * @access public + */ var $ob_level; + /** + * List if available error levels + * + * @var array + * @access public + */ var $levels = array( E_ERROR => 'Error', E_WARNING => 'Warning', @@ -54,7 +67,7 @@ class CI_Exceptions { public function __construct() { $this->ob_level = ob_get_level(); - // Note: Do not log messages from this constructor. + // Note: Do not log messages from this constructor. } // -------------------------------------------------------------------- @@ -75,7 +88,7 @@ class CI_Exceptions { { $severity = ( ! isset($this->levels[$severity])) ? $severity : $this->levels[$severity]; - log_message('error', 'Severity: '.$severity.' --> '.$message. ' '.$filepath.' '.$line, TRUE); + log_message('error', 'Severity: '.$severity.' --> '.$message. ' '.$filepath.' '.$line, TRUE); } // -------------------------------------------------------------------- @@ -84,7 +97,8 @@ class CI_Exceptions { * 404 Page Not Found Handler * * @access private - * @param string + * @param string the page + * @param bool log error yes/no * @return string */ function show_404($page = '', $log_error = TRUE) @@ -115,6 +129,7 @@ class CI_Exceptions { * @param string the heading * @param string the message * @param string the template name + * @param int the status code * @return string */ function show_error($heading, $message, $template = 'error_general', $status_code = 500) diff --git a/system/core/Hooks.php b/system/core/Hooks.php index ffb3258d8..33f1c034c 100644..100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -28,8 +28,23 @@ */ class CI_Hooks { + /** + * Determines wether hooks are enabled + * + * @var bool + */ var $enabled = FALSE; + /** + * List of all hooks set in config/hooks.php + * + * @var array + */ var $hooks = array(); + /** + * Determines wether hook is in progress, used to prevent infinte loops + * + * @var bool + */ var $in_progress = FALSE; /** @@ -67,7 +82,7 @@ class CI_Hooks { if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) { - include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); + include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); } elseif (is_file(APPPATH.'config/hooks.php')) { diff --git a/system/core/Input.php b/system/core/Input.php index 89eda56b0..5a033e7b8 100644..100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -28,13 +28,49 @@ */ class CI_Input { + /** + * IP address of the current user + * + * @var string + */ var $ip_address = FALSE; + /** + * user agent (web browser) being used by the current user + * + * @var string + */ var $user_agent = FALSE; + /** + * If FALSE, then $_GET will be set to an empty array + * + * @var bool + */ var $_allow_get_array = TRUE; + /** + * If TRUE, then newlines are standardized + * + * @var bool + */ var $_standardize_newlines = TRUE; - var $_enable_xss = FALSE; // Set automatically based on config setting - var $_enable_csrf = FALSE; // Set automatically based on config setting - + /** + * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered + * Set automatically based on config setting + * + * @var bool + */ + var $_enable_xss = FALSE; + /** + * Enables a CSRF cookie token to be set. + * Set automatically based on config setting + * + * @var bool + */ + var $_enable_csrf = FALSE; + /** + * List of all HTTP request headers + * + * @var array + */ protected $headers = array(); @@ -201,7 +237,7 @@ class CI_Input { * @param mixed * @param string the value of the cookie * @param string the number of seconds until expiration - * @param string the cookie domain. Usually: .yourdomain.com + * @param string the cookie domain. Usually: .yourdomain.com * @param string the cookie path * @param string the cookie prefix * @param bool true makes the cookie secure @@ -582,6 +618,8 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * + * @param bool XSS cleaning + * * @return array */ public function request_headers($xss_clean = FALSE) @@ -672,7 +710,7 @@ class CI_Input { */ public function is_cli_request() { - return (bool) defined('STDIN'); + return (php_sapi_name() == 'cli') or defined('STDIN'); } } diff --git a/system/core/Lang.php b/system/core/Lang.php index 79eb443a0..5ac671838 100644..100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -26,7 +26,17 @@ */ class CI_Lang { + /** + * List of translations + * + * @var array + */ var $language = array(); + /** + * List of loaded language files + * + * @var array + */ var $is_loaded = array(); /** @@ -47,6 +57,9 @@ class CI_Lang { * @access public * @param mixed the name of the language file to be loaded. Can be an array * @param string the language (english, etc.) + * @param bool return loaded array of translations + * @param bool add suffix to $langfile + * @param string alternative path to look for language file * @return mixed */ function load($langfile = '', $idiom = '', $return = FALSE, $add_suffix = TRUE, $alt_path = '') diff --git a/system/core/Loader.php b/system/core/Loader.php index 87f05d86e..e7fa3d3f6 100644..100755 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -29,17 +29,90 @@ class CI_Loader { // All these are set automatically. Don't mess with them. + /** + * Nesting level of the output buffering mechanism + * + * @var int + * @access protected + */ protected $_ci_ob_level; + /** + * List of paths to load views from + * + * @var array + * @access protected + */ protected $_ci_view_paths = array(); + /** + * List of paths to load libraries from + * + * @var array + * @access protected + */ protected $_ci_library_paths = array(); + /** + * List of paths to load models from + * + * @var array + * @access protected + */ protected $_ci_model_paths = array(); + /** + * List of paths to load helpers from + * + * @var array + * @access protected + */ protected $_ci_helper_paths = array(); + /** + * List of loaded base classes + * Set by the controller class + * + * @var array + * @access protected + */ protected $_base_classes = array(); // Set by the controller class + /** + * List of cached variables + * + * @var array + * @access protected + */ protected $_ci_cached_vars = array(); + /** + * List of loaded classes + * + * @var array + * @access protected + */ protected $_ci_classes = array(); + /** + * List of loaded files + * + * @var array + * @access protected + */ protected $_ci_loaded_files = array(); + /** + * List of loaded models + * + * @var array + * @access protected + */ protected $_ci_models = array(); + /** + * List of loaded helpers + * + * @var array + * @access protected + */ protected $_ci_helpers = array(); + /** + * List of class name mappings + * + * @var array + * @access protected + */ protected $_ci_varmap = array('unit_test' => 'unit', 'user_agent' => 'agent'); @@ -50,7 +123,7 @@ class CI_Loader { */ public function __construct() { - $this->_ci_ob_level = ob_get_level(); + $this->_ci_ob_level = ob_get_level(); $this->_ci_library_paths = array(APPPATH, BASEPATH); $this->_ci_helper_paths = array(APPPATH, BASEPATH); $this->_ci_model_paths = array(APPPATH); @@ -62,17 +135,22 @@ class CI_Loader { // -------------------------------------------------------------------- /** - * Set _base_classes variable + * Initialize the Loader * * This method is called once in CI_Controller. * * @param array * @return object */ - public function set_base_classes() + public function initialize() { + $this->_ci_classes = array(); + $this->_ci_loaded_files = array(); + $this->_ci_models = array(); $this->_base_classes =& is_loaded(); + $this->_ci_autoloader(); + return $this; } @@ -260,7 +338,7 @@ class CI_Loader { return DB($params, $active_record); } - // Initialize the db variable. Needed to prevent + // Initialize the db variable. Needed to prevent // reference errors with some configurations $CI->db = ''; @@ -323,11 +401,11 @@ class CI_Loader { /** * Load View * - * This function is used to load a "view" file. It has three parameters: + * This function is used to load a "view" file. It has three parameters: * * 1. The name of the "view" file to be included. * 2. An associative array of data to be extracted for use in the view. - * 3. TRUE/FALSE - whether to return the data or load it. In + * 3. TRUE/FALSE - whether to return the data or load it. In * some cases it's advantageous to be able to return data so that * a developer can process it in some way. * @@ -366,6 +444,7 @@ class CI_Loader { * the controller class and its "view" files. * * @param array + * @param string * @return void */ public function vars($vars = array(), $val = '') @@ -389,6 +468,21 @@ class CI_Loader { // -------------------------------------------------------------------- /** + * Get Variable + * + * Check if a variable is set and retrieve it. + * + * @param array + * @return void + */ + public function get_var($key) + { + return isset($this->_ci_cached_vars[$key]) ? $this->_ci_cached_vars[$key] : NULL; + } + + // -------------------------------------------------------------------- + + /** * Load Helper * * This function loads the specified helper file. @@ -492,6 +586,8 @@ class CI_Loader { * Loads a config file * * @param string + * @param bool + * @param bool * @return void */ public function config($file = '', $use_sections = FALSE, $fail_gracefully = FALSE) @@ -580,6 +676,7 @@ class CI_Loader { * If no path is provided, the most recently added path is removed. * * @param type + * @param bool * @return type */ public function remove_package_path($path = '', $remove_config_path = TRUE) @@ -710,9 +807,9 @@ class CI_Loader { * We buffer the output for two reasons: * 1. Speed. You get a significant speed boost. * 2. So that the final rendered template can be - * post-processed by the output class. Why do we - * need post processing? For one thing, in order to - * show the elapsed page load time. Unless we + * post-processed by the output class. Why do we + * need post processing? For one thing, in order to + * show the elapsed page load time. Unless we * can intercept the content right before it's sent to * the browser and then stop the timer it won't be accurate. */ @@ -809,11 +906,11 @@ class CI_Loader { show_error("Unable to load the requested class: ".$class); } - // Safety: Was the class already loaded by a previous call? + // Safety: Was the class already loaded by a previous call? if (in_array($subclass, $this->_ci_loaded_files)) { // Before we deem this to be a duplicate request, let's see - // if a custom object name is being supplied. If so, we'll + // if a custom object name is being supplied. If so, we'll // return a new instance of the object if ( ! is_null($object_name)) { @@ -842,17 +939,17 @@ class CI_Loader { { $filepath = $path.'libraries/'.$subdir.$class.'.php'; - // Does the file exist? No? Bummer... + // Does the file exist? No? Bummer... if ( ! file_exists($filepath)) { continue; } - // Safety: Was the class already loaded by a previous call? + // Safety: Was the class already loaded by a previous call? if (in_array($filepath, $this->_ci_loaded_files)) { // Before we deem this to be a duplicate request, let's see - // if a custom object name is being supplied. If so, we'll + // if a custom object name is being supplied. If so, we'll // return a new instance of the object if ( ! is_null($object_name)) { @@ -875,7 +972,7 @@ class CI_Loader { } // END FOREACH - // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified? + // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified? if ($subdir == '') { $path = strtolower($class).'/'.$class; @@ -898,12 +995,13 @@ class CI_Loader { * * @param string * @param string + * @param bool * @param string an optional object name * @return null */ protected function _ci_init_class($class, $prefix = '', $config = FALSE, $object_name = NULL) { - // Is there an associated config file for this class? Note: these should always be lowercase + // Is there an associated config file for this class? Note: these should always be lowercase if ($config === NULL) { // Fetch the config paths containing any package paths @@ -920,22 +1018,22 @@ class CI_Loader { // first, global next if (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php')) { - include_once($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php'); + include($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php'); break; } elseif (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php')) { - include_once($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php'); + include($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php'); break; } elseif (file_exists($path .'config/'.strtolower($class).'.php')) { - include_once($path .'config/'.strtolower($class).'.php'); + include($path .'config/'.strtolower($class).'.php'); break; } elseif (file_exists($path .'config/'.ucfirst(strtolower($class)).'.php')) { - include_once($path .'config/'.ucfirst(strtolower($class)).'.php'); + include($path .'config/'.ucfirst(strtolower($class)).'.php'); break; } } @@ -970,7 +1068,7 @@ class CI_Loader { } // Set the variable name we will assign the class to - // Was a custom class name supplied? If so we'll use it + // Was a custom class name supplied? If so we'll use it $class = strtolower($class); if (is_null($object_name)) @@ -1005,24 +1103,20 @@ class CI_Loader { * The config/autoload.php file contains an array that permits sub-systems, * libraries, and helpers to be loaded automatically. * - * This function is public, as it's used in the CI_Controller class. - * However, there is no reason you should ever needs to use it. - * * @param array * @return void */ - public function ci_autoloader() + private function _ci_autoloader() { if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) { - include_once(APPPATH.'config/'.ENVIRONMENT.'/autoload.php'); + include(APPPATH.'config/'.ENVIRONMENT.'/autoload.php'); } else { - include_once(APPPATH.'config/autoload.php'); + include(APPPATH.'config/autoload.php'); } - if ( ! isset($autoload)) { return FALSE; @@ -1107,6 +1201,7 @@ class CI_Loader { /** * Get a reference to a specific library or model * + * @param string * @return bool */ protected function &_ci_get_component($component) @@ -1123,6 +1218,7 @@ class CI_Loader { * This function preps the name of various items to make loading them more reliable. * * @param mixed + * @param string * @return array */ protected function _ci_prep_filename($filename, $extension) diff --git a/system/core/Model.php b/system/core/Model.php index 61c71b672..e15ffbebc 100644..100755 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -42,6 +42,7 @@ class CI_Model { * Allows models to access CI's loaded classes using the same * syntax as controllers. * + * @param string * @access private */ function __get($key) diff --git a/system/core/Output.php b/system/core/Output.php index 562dbb86b..ccecafd2b 100644..100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -28,15 +28,67 @@ */ class CI_Output { + /** + * Current output string + * + * @var string + * @access protected + */ protected $final_output; + /** + * Cache expiration time + * + * @var int + * @access protected + */ protected $cache_expiration = 0; + /** + * List of server headers + * + * @var array + * @access protected + */ protected $headers = array(); - protected $mime_types = array(); + /** + * List of mime types + * + * @var array + * @access protected + */ + protected $mime_types = array(); + /** + * Determines wether profiler is enabled + * + * @var book + * @access protected + */ protected $enable_profiler = FALSE; + /** + * Determines if output compression is enabled + * + * @var bool + * @access protected + */ protected $_zlib_oc = FALSE; + /** + * List of profiler sections + * + * @var array + * @access protected + */ protected $_profiler_sections = array(); - protected $parse_exec_vars = TRUE; // whether or not to parse variables like {elapsed_time} and {memory_usage} + /** + * Whether or not to parse variables like {elapsed_time} and {memory_usage} + * + * @var bool + * @access protected + */ + protected $parse_exec_vars = TRUE; + /** + * Constructor + * + */ function __construct() { $this->_zlib_oc = @ini_get('zlib.output_compression'); @@ -44,7 +96,7 @@ class CI_Output { // Get mime types for later if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { - include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; + include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; } else { @@ -122,11 +174,12 @@ class CI_Output { * * Lets you set a server header which will be outputted with the final display. * - * Note: If a file is cached, headers will not be sent. We need to figure out + * Note: If a file is cached, headers will not be sent. We need to figure out * how to permit header data to be saved with the cache data... * * @access public * @param string + * @param bool * @return void */ function set_header($header, $replace = TRUE) @@ -261,15 +314,16 @@ class CI_Output { * $this->final_output * * This function sends the finalized output data to the browser along - * with any server headers and profile data. It also stops the + * with any server headers and profile data. It also stops the * benchmark timer so the page rendering speed and memory usage can be shown. * * @access public + * @param string * @return mixed */ function _display($output = '') { - // Note: We use globals because we can't use $CI =& get_instance() + // Note: We use globals because we can't use $CI =& get_instance() // since this function is sometimes called by the caching mechanism, // which happens before the CI super object is available. global $BM, $CFG; @@ -290,7 +344,7 @@ class CI_Output { // -------------------------------------------------------------------- - // Do we need to write a cache file? Only if the controller does not have its + // Do we need to write a cache file? Only if the controller does not have its // own _output() method and we are not dealing with a cache file, which we // can determine by the existence of the $CI object above if ($this->cache_expiration > 0 && isset($CI) && ! method_exists($CI, '_output')) @@ -368,7 +422,7 @@ class CI_Output { // we will remove them and add them back after we insert the profile data if (preg_match("|</body>.*?</html>|is", $output)) { - $output = preg_replace("|</body>.*?</html>|is", '', $output); + $output = preg_replace("|</body>.*?</html>|is", '', $output); $output .= $CI->profiler->run(); $output .= '</body></html>'; } @@ -381,14 +435,14 @@ class CI_Output { // -------------------------------------------------------------------- // Does the controller contain a function named _output()? - // If so send the output there. Otherwise, echo it. + // If so send the output there. Otherwise, echo it. if (method_exists($CI, '_output')) { $CI->_output($output); } else { - echo $output; // Send it to the browser! + echo $output; // Send it to the browser! } log_message('debug', "Final output sent to browser"); @@ -401,6 +455,7 @@ class CI_Output { * Write a Cache File * * @access public + * @param string * @return void */ function _write_cache($output) @@ -452,13 +507,15 @@ class CI_Output { * Update/serve a cached file * * @access public + * @param object config class + * @param object uri class * @return void */ function _display_cache(&$CFG, &$URI) { $cache_path = ($CFG->item('cache_path') == '') ? APPPATH.'cache/' : $CFG->item('cache_path'); - // Build the file path. The file name is an MD5 hash of the full URI + // Build the file path. The file name is an MD5 hash of the full URI $uri = $CFG->item('base_url'). $CFG->item('index_page'). $URI->uri_string; diff --git a/system/core/Router.php b/system/core/Router.php index a76a7bd0a..6da667472 100644..100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -28,12 +28,54 @@ */ class CI_Router { + /** + * Config class + * + * @var object + * @access public + */ var $config; + /** + * List of routes + * + * @var array + * @access public + */ var $routes = array(); + /** + * List of error routes + * + * @var array + * @access public + */ var $error_routes = array(); + /** + * Current class name + * + * @var string + * @access public + */ var $class = ''; + /** + * Current method name + * + * @var string + * @access public + */ var $method = 'index'; + /** + * Sub-directory that contains the requested controller class + * + * @var string + * @access public + */ var $directory = ''; + /** + * Default controller (and method if specific) + * + * @var string + * @access public + */ var $default_controller; /** @@ -61,7 +103,7 @@ class CI_Router { */ function _set_routing() { - // Are query strings enabled in the config file? Normally CI doesn't utilize query strings + // Are query strings enabled in the config file? Normally CI doesn't utilize query strings // since URI segments are more search-engine friendly, but they can optionally be used. // If this feature is enabled, we will gather the directory/class/method a little differently $segments = array(); @@ -103,7 +145,7 @@ class CI_Router { // the URI doesn't correlated to a valid controller. $this->default_controller = ( ! isset($this->routes['default_controller']) OR $this->routes['default_controller'] == '') ? FALSE : strtolower($this->routes['default_controller']); - // Were there any query string segments? If so, we'll validate them and bail out since we're done. + // Were there any query string segments? If so, we'll validate them and bail out since we're done. if (count($segments) > 0) { return $this->_validate_request($segments); @@ -212,7 +254,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Validates the supplied segments. Attempts to determine the path to + * Validates the supplied segments. Attempts to determine the path to * the controller. * * @access private @@ -244,7 +286,20 @@ class CI_Router { // Does the requested controller exist in the sub-folder? if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$segments[0].'.php')) { - show_404($this->fetch_directory().$segments[0]); + if ( ! empty($this->routes['404_override'])) + { + $x = explode('/', $this->routes['404_override']); + + $this->set_directory(''); + $this->set_class($x[0]); + $this->set_method(isset($x[1]) ? $x[1] : 'index'); + + return $x; + } + else + { + show_404($this->fetch_directory().$segments[0]); + } } } else @@ -277,7 +332,7 @@ class CI_Router { // If we've gotten this far it means that the URI does not correlate to a valid - // controller class. We will now see if there is an override + // controller class. We will now see if there is an override if ( ! empty($this->routes['404_override'])) { $x = explode('/', $this->routes['404_override']); @@ -296,7 +351,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Parse Routes + * Parse Routes * * This function matches any routes that may exist in * the config/routes.php file against the URI to @@ -310,7 +365,7 @@ class CI_Router { // Turn the segment array into a URI string $uri = implode('/', $this->uri->segments); - // Is there a literal match? If so we're done + // Is there a literal match? If so we're done if (isset($this->routes[$uri])) { return $this->_set_request(explode('/', $this->routes[$uri])); @@ -370,7 +425,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Set the method name + * Set the method name * * @access public * @param string @@ -384,7 +439,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Fetch the current method + * Fetch the current method * * @access public * @return string @@ -402,7 +457,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Set the directory name + * Set the directory name * * @access public * @param string @@ -416,7 +471,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Fetch the sub-directory (if any) that contains the requested controller class + * Fetch the sub-directory (if any) that contains the requested controller class * * @access public * @return string @@ -429,7 +484,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Set the controller overrides + * Set the controller overrides * * @access public * @param array diff --git a/system/core/Security.php b/system/core/Security.php index f5bfafd9b..dcc680a11 100644..100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -26,13 +26,48 @@ */ class CI_Security { + /** + * Random Hash for protecting URLs + * + * @var string + * @access protected + */ protected $_xss_hash = ''; + /** + * Random Hash for Cross Site Request Forgery Protection Cookie + * + * @var string + * @access protected + */ protected $_csrf_hash = ''; - protected $_csrf_expire = 7200; // Two hours (in seconds) + /** + * Expiration time for Cross Site Request Forgery Protection Cookie + * Defaults to two hours (in seconds) + * + * @var int + * @access protected + */ + protected $_csrf_expire = 7200; + /** + * Token name for Cross Site Request Forgery Protection Cookie + * + * @var string + * @access protected + */ protected $_csrf_token_name = 'ci_csrf_token'; + /** + * Cookie name for Cross Site Request Forgery Protection Cookie + * + * @var string + * @access protected + */ protected $_csrf_cookie_name = 'ci_csrf_token'; - - /* never allowed, string replacement */ + /** + * List of never allowed strings + * + * @var array + * @access protected + */ protected $_never_allowed_str = array( 'document.cookie' => '[removed]', 'document.write' => '[removed]', @@ -46,6 +81,12 @@ class CI_Security { ); /* never allowed, regex replacement */ + /** + * List of never allowed regex replacement + * + * @var array + * @access protected + */ protected $_never_allowed_regex = array( "javascript\s*:" => '[removed]', "expression\s*(\(|&\#40;)" => '[removed]', // CSS and IE @@ -196,14 +237,14 @@ class CI_Security { * XSS Clean * * Sanitizes data so that Cross Site Scripting Hacks can be - * prevented. This function does a fair amount of work but + * prevented. This function does a fair amount of work but * it is extremely thorough, designed to prevent even the - * most obscure XSS attempts. Nothing is ever 100% foolproof, + * most obscure XSS attempts. Nothing is ever 100% foolproof, * of course, but I haven't been able to get anything passed * the filter. * * Note: This function should only be used to deal with data - * upon submission. It's not something that should + * upon submission. It's not something that should * be used for general runtime processing. * * This function was based in part on some code and ideas I @@ -215,6 +256,7 @@ class CI_Security { * http://ha.ckers.org/xss.html * * @param mixed string or array + * @param bool * @return string */ public function xss_clean($str, $is_image = FALSE) @@ -311,13 +353,13 @@ class CI_Security { } else { - $str = str_replace(array('<?', '?'.'>'), array('<?', '?>'), $str); + $str = str_replace(array('<?', '?'.'>'), array('<?', '?>'), $str); } /* * Compact any exploded words * - * This corrects words like: j a v a s c r i p t + * This corrects words like: j a v a s c r i p t * These words are compacted back to their correct state. */ $words = array( @@ -388,7 +430,7 @@ class CI_Security { * * Similar to above, only instead of looking for * tags it looks for PHP and JavaScript commands - * that are disallowed. Rather than removing the + * that are disallowed. Rather than removing the * code, it simply converts the parenthesis to entities * rendering the code un-executable. * @@ -457,7 +499,7 @@ class CI_Security { * * In some versions of PHP the native function does not work * when UTF-8 is the specified character set, so this gives us - * a work-around. More info here: + * a work-around. More info here: * http://bugs.php.net/bug.php?id=25670 * * NOTE: html_entity_decode() has a bug in some PHP versions when UTF-8 is the @@ -475,7 +517,7 @@ class CI_Security { // The reason we are not using html_entity_decode() by itself is because // while it is not technically correct to leave out the semicolon // at the end of an entity most browsers will still interpret the entity - // correctly. html_entity_decode() does not convert entities without + // correctly. html_entity_decode() does not convert entities without // semicolons, so we are left with our own little solution here. Bummer. if (function_exists('html_entity_decode') && @@ -505,6 +547,7 @@ class CI_Security { * Filename Security * * @param string + * @param bool * @return string */ public function sanitize_filename($str, $relative_path = FALSE) @@ -751,7 +794,7 @@ class CI_Security { /* * Validate standard character entities * - * Add a semicolon if missing. We do this to enable + * Add a semicolon if missing. We do this to enable * the conversion of entities to ASCII later. * */ diff --git a/system/core/URI.php b/system/core/URI.php index 94fac59ac..a3ae20cc3 100644..100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -28,15 +28,40 @@ */ class CI_URI { + /** + * List of cached uri segments + * + * @var array + * @access public + */ var $keyval = array(); + /** + * Current uri string + * + * @var string + * @access public + */ var $uri_string; + /** + * List of uri segments + * + * @var array + * @access public + */ var $segments = array(); + /** + * Re-indexed list of uri segments + * Starts at 1 instead of 0 + * + * @var array + * @access public + */ var $rsegments = array(); /** * Constructor * - * Simply globalizes the $RTR object. The front + * Simply globalizes the $RTR object. The front * loads the Router class early on so it's not available * normally as other classes are. * @@ -62,7 +87,7 @@ class CI_URI { if (strtoupper($this->config->item('uri_protocol')) == 'AUTO') { // Is the request coming from the command line? - if (defined('STDIN')) + if (php_sapi_name() == 'cli' or defined('STDIN')) { $this->_set_uri_string($this->_parse_cli_args()); return; @@ -85,7 +110,7 @@ class CI_URI { } // No PATH_INFO?... What about QUERY_STRING? - $path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING'); + $path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING'); if (trim($path, '/') != '') { $this->_set_uri_string($path); @@ -127,6 +152,7 @@ class CI_URI { * Set the URI String * * @access public + * @param string * @return string */ function _set_uri_string($str) @@ -251,7 +277,7 @@ class CI_URI { */ function _remove_url_suffix() { - if ($this->config->item('url_suffix') != "") + if ($this->config->item('url_suffix') != "") { $this->uri_string = preg_replace("|".preg_quote($this->config->item('url_suffix'))."$|", "", $this->uri_string); } @@ -285,7 +311,7 @@ class CI_URI { * Re-index Segments * * This function re-indexes the $this->segment array so that it - * starts at 1 rather than 0. Doing so makes it simpler to + * starts at 1 rather than 0. Doing so makes it simpler to * use functions like $this->uri->segment(n) since there is * a 1:1 relationship between the segment array and the actual segments. * @@ -323,7 +349,7 @@ class CI_URI { * Fetch a URI "routed" Segment * * This function returns the re-routed URI segment (assuming routing rules are used) - * based on the number provided. If there is no routing this function returns the + * based on the number provided. If there is no routing this function returns the * same result as $this->segment() * * @access public @@ -366,6 +392,11 @@ class CI_URI { /** * Identical to above only it uses the re-routed segment array * + * @access public + * @param integer the starting segment number + * @param array an array of default values + * @return array + * */ function ruri_to_assoc($n = 3, $default = array()) { @@ -425,7 +456,7 @@ class CI_URI { $i = 0; $lastval = ''; - $retval = array(); + $retval = array(); foreach ($segments as $seg) { if ($i % 2) diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 738d7e9d8..2a27d1f35 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * |