diff options
author | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-02-16 20:03:49 +0100 |
---|---|---|
committer | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-02-16 20:03:49 +0100 |
commit | 33ed0f37b6b8f2223cd3362bf8fca28102ab67c6 (patch) | |
tree | 99c613720a2fd8541764bb6fc893e0da28fa269b /system/core | |
parent | 154da11c5bb4b7dc5c225f4fa018852ee45cc6eb (diff) | |
parent | d8d1e24eee56d2466c91ecd72b3c8932eb3d0639 (diff) |
Merged CodeIgniter Core changes and integrated rob1's secure cookie change into my secure cookie change.
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/CodeIgniter.php | 25 | ||||
-rw-r--r-- | system/core/Common.php | 17 | ||||
-rw-r--r-- | system/core/Config.php | 72 | ||||
-rw-r--r-- | system/core/Input.php | 92 | ||||
-rw-r--r-- | system/core/Lang.php | 18 | ||||
-rw-r--r-- | system/core/Loader.php | 70 | ||||
-rw-r--r-- | system/core/Router.php | 14 | ||||
-rw-r--r-- | system/core/URI.php | 117 |
8 files changed, 283 insertions, 142 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 2d3f24958..567e67f65 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -80,7 +80,7 @@ { get_config(array('subclass_prefix' => $assign_to_config['subclass_prefix'])); } - + /* * ------------------------------------------------------ * Set a liberal script execution time limit @@ -289,7 +289,28 @@ // methods, so we'll use this workaround for consistent behavior if ( ! in_array(strtolower($method), array_map('strtolower', get_class_methods($CI)))) { - show_404("{$class}/{$method}"); + // Check and see if we are using a 404 override and use it. + if ( ! empty($RTR->routes['404_override'])) + { + $x = explode('/', $RTR->routes['404_override']); + $class = $x[0]; + $method = (isset($x[1]) ? $x[1] : 'index'); + if ( ! class_exists($class)) + { + if ( ! file_exists(APPPATH.'controllers/'.$class.EXT)) + { + show_404("{$class}/{$method}"); + } + + include_once(APPPATH.'controllers/'.$class.EXT); + unset($CI); + $CI = new $class(); + } + } + else + { + show_404("{$class}/{$method}"); + } } // Call the requested method. diff --git a/system/core/Common.php b/system/core/Common.php index b5adfacb3..cd6b93355 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -208,15 +208,20 @@ return $_config[0]; } + $file_path = APPPATH.'config/'.ENVIRONMENT.'/config'.EXT; + // Fetch the config file - if ( ! file_exists(APPPATH.'config/config'.EXT)) - { - exit('The configuration file does not exist.'); - } - else + if ( ! file_exists($file_path)) { - require(APPPATH.'config/config'.EXT); + $file_path = APPPATH.'config/config'.EXT; + + if ( ! file_exists($file_path)) + { + exit('The configuration file does not exist.'); + } } + + require($file_path); // Does the $config array exist in the file? if ( ! isset($config) OR ! is_array($config)) diff --git a/system/core/Config.php b/system/core/Config.php index 7fc804482..75f945efd 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -47,6 +47,24 @@ class CI_Config { { $this->config =& get_config(); log_message('debug', "Config Class Initialized"); + + // Set the base_url automatically if none was provided + if ($this->config['base_url'] == '') + { + if (isset($_SERVER['HTTP_HOST'])) + { + $base_url = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http'; + $base_url .= '://'. $_SERVER['HTTP_HOST']; + $base_url .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); + } + + else + { + $base_url = 'http://localhost/'; + } + + $this->set_item('base_url', $base_url); + } } // -------------------------------------------------------------------- @@ -56,6 +74,8 @@ class CI_Config { * * @access public * @param string the config file name + * @param boolean if configuration values should be loaded into their own section + * @param boolean true if errors should just return false, false if an error message should be displayed * @return boolean if the file was loaded correctly */ function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE) @@ -63,9 +83,9 @@ class CI_Config { $file = ($file == '') ? 'config' : str_replace(EXT, '', $file); $loaded = FALSE; - foreach($this->_config_paths as $path) - { - $file_path = $path.'config/'.$file.EXT; + foreach ($this->_config_paths as $path) + { + $file_path = $path.'config/'.ENVIRONMENT.'/'.$file.EXT; if (in_array($file_path, $this->is_loaded, TRUE)) { @@ -73,11 +93,17 @@ class CI_Config { continue; } - if ( ! file_exists($path.'config/'.$file.EXT)) + if ( ! file_exists($file_path)) { - continue; + log_message('debug', 'Config for '.ENVIRONMENT.' environment is not found. Trying global config.'); + $file_path = $path.'config/'.$file.EXT; + + if ( ! file_exists($file_path)) + { + continue; + } } - + include($file_path); if ( ! isset($config) OR ! is_array($config)) @@ -118,9 +144,9 @@ class CI_Config { { return FALSE; } - show_error('The configuration file '.$file.EXT.' does not exist.'); + show_error('The configuration file '.ENVIRONMENT.'/'.$file.EXT.' and '.$file.EXT.' do not exist.'); } - + return TRUE; } @@ -185,14 +211,7 @@ class CI_Config { return FALSE; } - $pref = $this->config[$item]; - - if ($pref != '' && substr($pref, -1) != '/') - { - $pref .= '/'; - } - - return $pref; + return rtrim($this->config[$item], '/').'/'; } // -------------------------------------------------------------------- @@ -208,14 +227,7 @@ class CI_Config { { if ($uri == '') { - if ($this->item('base_url') == '') - { - return $this->item('index_page'); - } - else - { - return $this->slash_item('base_url').$this->item('index_page'); - } + return $this->slash_item('base_url').$this->item('index_page'); } if ($this->item('enable_query_strings') == FALSE) @@ -225,8 +237,9 @@ class CI_Config { $uri = implode('/', $uri); } + $index = $this->item('index_page') == '' ? '' : $this->slash_item('index_page'); $suffix = ($this->item('url_suffix') == FALSE) ? '' : $this->item('url_suffix'); - return $this->slash_item('base_url').$this->slash_item('index_page').trim($uri, '/').$suffix; + return $this->slash_item('base_url').$index.trim($uri, '/').$suffix; } else { @@ -244,14 +257,7 @@ class CI_Config { $uri = $str; } - if ($this->item('base_url') == '') - { - return $this->item('index_page').'?'.$uri; - } - else - { - return $this->slash_item('base_url').$this->item('index_page').'?'.$uri; - } + return $this->slash_item('base_url').$this->item('index_page').'?'.$uri; } } diff --git a/system/core/Input.php b/system/core/Input.php index c2db94d64..25fe102b5 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -30,7 +30,7 @@ class CI_Input { var $ip_address = FALSE; var $user_agent = FALSE; - var $_allow_get_array = FALSE; + var $_allow_get_array = TRUE; var $_standardize_newlines = TRUE; var $_enable_xss = FALSE; // Set automatically based on config setting var $_enable_csrf = FALSE; // Set automatically based on config setting @@ -49,9 +49,9 @@ class CI_Input { { log_message('debug', "Input Class Initialized"); - $this->_allow_get_array = (config_item('enable_query_strings') === TRUE) ? TRUE : FALSE; - $this->_enable_xss = (config_item('global_xss_filtering') === TRUE) ? TRUE : FALSE; - $this->_enable_csrf = (config_item('csrf_protection') === TRUE) ? TRUE : FALSE; + $this->_allow_get_array = (config_item('allow_get_array') === TRUE); + $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); + $this->_enable_csrf = (config_item('csrf_protection') === TRUE); // Do we need to load the security class? if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE) @@ -109,8 +109,21 @@ class CI_Input { * @param bool * @return string */ - function get($index = '', $xss_clean = FALSE) + function get($index = NULL, $xss_clean = FALSE) { + // Check if a field has been provided + if ($index === NULL AND ! empty($_GET)) + { + $get = array(); + + // loop through the full _GET array + foreach (array_keys($_GET) as $key) + { + $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean); + } + return $get; + } + return $this->_fetch_from_array($_GET, $index, $xss_clean); } @@ -124,8 +137,21 @@ class CI_Input { * @param bool * @return string */ - function post($index = '', $xss_clean = FALSE) + function post($index = NULL, $xss_clean = FALSE) { + // Check if a field has been provided + if ($index === NULL AND ! empty($_POST)) + { + $post = array(); + + // Loop through the full _POST array and return it + foreach (array_keys($_POST) as $key) + { + $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean); + } + return $post; + } + return $this->_fetch_from_array($_POST, $index, $xss_clean); } @@ -182,13 +208,14 @@ class CI_Input { * @param string the cookie domain. Usually: .yourdomain.com * @param string the cookie path * @param string the cookie prefix + * @param bool true makes the cookie secure * @return void */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '') + function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL) { if (is_array($name)) { - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'name', 'secure') as $item) { if (isset($name[$item])) { @@ -216,19 +243,16 @@ class CI_Input { } else { - if ($expire > 0) - { - $expire = time() + $expire; - } - else - { - $expire = 0; - } + $expire = ($expire > 0) ? time() + $expire : 0; + } + + // If TRUE/FALSE is not provided, use the config + if ( ! is_bool($secure)) + { + $secure = (bool) (config_item('cookie_secure') === TRUE); } - - $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure_cookie); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); } // -------------------------------------------------------------------- @@ -422,7 +446,7 @@ class CI_Input { { if (is_array($_GET) AND count($_GET) > 0) { - foreach($_GET as $key => $val) + foreach ($_GET as $key => $val) { $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } @@ -432,7 +456,7 @@ class CI_Input { // Clean $_POST Data if (is_array($_POST) AND count($_POST) > 0) { - foreach($_POST as $key => $val) + foreach ($_POST as $key => $val) { $_POST[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } @@ -450,7 +474,7 @@ class CI_Input { unset($_COOKIE['$Path']); unset($_COOKIE['$Domain']); - foreach($_COOKIE as $key => $val) + foreach ($_COOKIE as $key => $val) { $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } @@ -494,7 +518,7 @@ class CI_Input { } // We strip slashes if magic quotes is on to keep things consistent - if (get_magic_quotes_gpc()) + if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) { $str = stripslashes($str); } @@ -516,7 +540,7 @@ class CI_Input { { if (strpos($str, "\r") !== FALSE) { - $str = str_replace(array("\r\n", "\r"), "\n", $str); + $str = str_replace(array("\r\n", "\r"), PHP_EOL, $str); } } @@ -627,21 +651,35 @@ class CI_Input { } // -------------------------------------------------------------------- - + /** * Is ajax Request? * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @return boolean + * @return boolean */ public function is_ajax_request() { return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest'); } + // -------------------------------------------------------------------- + + /** + * Is cli Request? + * + * Test to see if a request was made from the command line + * + * @return boolean + */ + public function is_cli_request() + { + return (bool) defined('STDIN'); + } + } // END Input class /* End of file Input.php */ -/* Location: ./system/core/Input.php */
\ No newline at end of file +/* Location: ./system/core/Input.php */ diff --git a/system/core/Lang.php b/system/core/Lang.php index 6805d0e4a..fb177902e 100644 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -78,17 +78,21 @@ class CI_Lang { { include($alt_path.'language/'.$idiom.'/'.$langfile); } - elseif (file_exists(APPPATH.'language/'.$idiom.'/'.$langfile)) - { - include(APPPATH.'language/'.$idiom.'/'.$langfile); - } else { - if (file_exists(BASEPATH.'language/'.$idiom.'/'.$langfile)) + $found = FALSE; + + foreach (get_instance()->load->get_package_paths(TRUE) as $package_path) { - include(BASEPATH.'language/'.$idiom.'/'.$langfile); + if (file_exists($package_path.'language/'.$idiom.'/'.$langfile)) + { + include($package_path.'language/'.$idiom.'/'.$langfile); + $found = TRUE; + break; + } } - else + + if ($found !== TRUE) { show_error('Unable to load the requested language file: language/'.$idiom.'/'.$langfile); } diff --git a/system/core/Loader.php b/system/core/Loader.php index 8b1986b9d..7003318ee 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -79,14 +79,14 @@ class CI_Loader { { if (is_array($library)) { - foreach($library as $read) + foreach ($library as $read) { - $this->library($read); + $this->library($read); } - + return; } - + if ($library == '' OR isset($this->_base_classes[$library])) { return FALSE; @@ -127,7 +127,7 @@ class CI_Loader { { if (is_array($model)) { - foreach($model as $babe) + foreach ($model as $babe) { $this->model($babe); } @@ -527,7 +527,7 @@ class CI_Loader { function add_package_path($path) { $path = rtrim($path, '/').'/'; - + array_unshift($this->_ci_library_paths, $path); array_unshift($this->_ci_model_paths, $path); array_unshift($this->_ci_helper_paths, $path); @@ -540,6 +540,22 @@ class CI_Loader { // -------------------------------------------------------------------- /** + * Get Package Paths + * + * Return a list of all package paths, by default it will ignore BASEPATH. + * + * @access public + * @param string + * @return void + */ + function get_package_paths($include_base = FALSE) + { + return $include_base === TRUE ? $this->_ci_library_paths : $this->_ci_model_paths; + } + + // -------------------------------------------------------------------- + + /** * Remove Package Path * * Remove a path from the library, model, and helper path arrays if it exists @@ -563,7 +579,7 @@ class CI_Loader { else { $path = rtrim($path, '/').'/'; - + foreach (array('_ci_library_paths', '_ci_model_paths', '_ci_helper_paths') as $var) { if (($key = array_search($path, $this->{$var})) !== FALSE) @@ -854,15 +870,39 @@ class CI_Loader { // Is there an associated config file for this class? Note: these should always be lowercase if ($config === NULL) { - // We test for both uppercase and lowercase, for servers that - // are case-sensitive with regard to file names - if (file_exists(APPPATH.'config/'.strtolower($class).EXT)) - { - include_once(APPPATH.'config/'.strtolower($class).EXT); - } - elseif (file_exists(APPPATH.'config/'.ucfirst(strtolower($class)).EXT)) + // Fetch the config paths containing any package paths + $config_component = $this->_ci_get_component('config'); + + if (is_array($config_component->_config_paths)) { - include_once(APPPATH.'config/'.ucfirst(strtolower($class)).EXT); + // Break on the first found file, thus package files + // are not overridden by default paths + foreach ($config_component->_config_paths as $path) + { + // We test for both uppercase and lowercase, for servers that + // are case-sensitive with regard to file names. Check for environment + // first, global next + if (file_exists($path .'config/'.ENVIRONMENT.'/'.strtolower($class).EXT)) + { + include_once($path .'config/'.ENVIRONMENT.'/'.strtolower($class).EXT); + break; + } + elseif (file_exists($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).EXT)) + { + include_once($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).EXT); + break; + } + elseif (file_exists($path .'config/'.strtolower($class).EXT)) + { + include_once($path .'config/'.strtolower($class).EXT); + break; + } + elseif (file_exists($path .'config/'.ucfirst(strtolower($class)).EXT)) + { + include_once($path .'config/'.ucfirst(strtolower($class)).EXT); + break; + } + } } } diff --git a/system/core/Router.php b/system/core/Router.php index bb4eb0e1c..6893e6e92 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -270,19 +270,17 @@ class CI_Router { // If we've gotten this far it means that the URI does not correlate to a valid // controller class. We will now see if there is an override - if (isset($this->routes['404_override']) AND $this->routes['404_override'] != '') + if ( ! empty($this->routes['404_override'])) { - if (strpos($this->routes['404_override'], '/') !== FALSE) - { - $x = explode('/', $this->routes['404_override']); + $x = explode('/', $this->routes['404_override']); - $this->set_class($x[0]); - $this->set_method($x[1]); + $this->set_class($x[0]); + $this->set_method(isset($x[1]) ? $x[1] : 'index'); - return $x; - } + return $x; } + // Nothing else to do at this point but show a 404 show_404($segments[0]); } diff --git a/system/core/URI.php b/system/core/URI.php index a991118e8..c43cde005 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -61,13 +61,17 @@ class CI_URI { { if (strtoupper($this->config->item('uri_protocol')) == 'AUTO') { - // If the URL has a question mark then it's simplest to just - // build the URI string from the zero index of the $_GET array. - // This avoids having to deal with $_SERVER variables, which - // can be unreliable in some environments - if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') + // Is the request coming from the command line? + if (defined('STDIN')) { - $this->uri_string = key($_GET); + $this->uri_string = $this->_parse_cli_args(); + return; + } + + // Let's try the REQUEST_URI first, this will work in most situations + if ($uri = $this->_detect_uri()) + { + $this->uri_string = $uri; return; } @@ -88,12 +92,10 @@ class CI_URI { return; } - // No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists? - $path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO')); - if (trim($path, '/') != '' && $path != "/".SELF) + // As a last ditch effort lets try using the $_GET array + if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') { - // remove path and script information so we have good URI data - $this->uri_string = $path; + $this->uri_string = key($_GET); return; } @@ -106,7 +108,12 @@ class CI_URI { if ($uri == 'REQUEST_URI') { - $this->uri_string = $this->_parse_request_uri(); + $this->uri_string = $this->_detect_uri(); + return; + } + elseif ($uri == 'CLI') + { + $this->uri_string = $this->_parse_cli_args(); return; } @@ -123,54 +130,76 @@ class CI_URI { // -------------------------------------------------------------------- /** - * Parse the REQUEST_URI + * Detects the URI * - * Due to the way REQUEST_URI works it usually contains path info - * that makes it unusable as URI data. We'll trim off the unnecessary - * data, hopefully arriving at a valid URI that we can use. + * This function will detect the URI automatically and fix the query string + * if necessary. * * @access private * @return string */ - function _parse_request_uri() + private function _detect_uri() { - if ( ! isset($_SERVER['REQUEST_URI']) OR $_SERVER['REQUEST_URI'] == '') + if ( ! isset($_SERVER['REQUEST_URI'])) { return ''; } - $request_uri = preg_replace("|/(.*)|", "\\1", str_replace("\\", "/", $_SERVER['REQUEST_URI'])); - - if ($request_uri == '' OR $request_uri == SELF) + $uri = $_SERVER['REQUEST_URI']; + if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0) { - return ''; + $uri = substr($uri, strlen($_SERVER['SCRIPT_NAME'])); } - - $fc_path = FCPATH.SELF; - if (strpos($request_uri, '?') !== FALSE) + elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0) { - $fc_path .= '?'; + $uri = substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME']))); } - $parsed_uri = explode("/", $request_uri); - - $i = 0; - foreach(explode("/", $fc_path) as $segment) + // This section ensures that even on servers that require the URI to be in the query string (Nginx) a correct + // URI is found, and also fixes the QUERY_STRING server var and $_GET array. + if (strncmp($uri, '?/', 2) === 0) { - if (isset($parsed_uri[$i]) && $segment == $parsed_uri[$i]) - { - $i++; - } + $uri = substr($uri, 2); } - - $parsed_uri = implode("/", array_slice($parsed_uri, $i)); - - if ($parsed_uri != '') + $parts = preg_split('#\?#i', $uri, 2); + $uri = $parts[0]; + if (isset($parts[1])) { - $parsed_uri = '/'.$parsed_uri; + $_SERVER['QUERY_STRING'] = $parts[1]; + parse_str($_SERVER['QUERY_STRING'], $_GET); } + else + { + $_SERVER['QUERY_STRING'] = ''; + $_GET = array(); + } + + if ($uri == '/' || empty($uri)) + { + return '/'; + } + + $uri = parse_url($uri, PHP_URL_PATH); + + // Do some final cleaning of the URI and return it + return str_replace(array('//', '../'), '/', trim($uri, '/')); + } + + // -------------------------------------------------------------------- + + /** + * Parse cli arguments + * + * Take each command line argument and assume it is a URI segment. + * + * @access private + * @return string + */ + private function _parse_cli_args() + { + $args = array_slice($_SERVER['argv'], 1); - return $parsed_uri; + return $args ? '/' . implode('/', $args) : ''; } // -------------------------------------------------------------------- @@ -228,7 +257,7 @@ class CI_URI { */ function _explode_segments() { - foreach(explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val) + foreach (explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val) { // Filter segments for security $val = trim($this->_filter_uri($val)); @@ -484,7 +513,7 @@ class CI_URI { { $leading = '/'; $trailing = '/'; - + if ($where == 'trailing') { $leading = ''; @@ -493,7 +522,7 @@ class CI_URI { { $trailing = ''; } - + return $leading.$this->$which($n).$trailing; } @@ -573,7 +602,7 @@ class CI_URI { */ function ruri_string() { - return '/'.implode('/', $this->rsegment_array()).'/'; + return '/'.implode('/', $this->rsegment_array()); } } |