summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorPhil Sturgeon <email@philsturgeon.co.uk>2011-05-08 17:23:36 +0200
committerPhil Sturgeon <email@philsturgeon.co.uk>2011-05-08 17:23:36 +0200
commit0854d91fd2848266ec37a37c8a1ccfd13a8a4eda (patch)
tree1433f1db86920fae6e6286c6cc517ba64cda2aba /system/core
parent0cb8c59f91567af9aa6530f8764abafe1ae935c0 (diff)
parent3ef65bd7491f847fecdab1acc9687f0e90eee09b (diff)
Merged tip.
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Benchmark.php4
-rw-r--r--system/core/CodeIgniter.php99
-rw-r--r--system/core/Common.php123
-rw-r--r--system/core/Config.php27
-rw-r--r--system/core/Controller.php9
-rw-r--r--system/core/Exceptions.php10
-rw-r--r--system/core/Hooks.php10
-rw-r--r--system/core/Input.php38
-rw-r--r--system/core/Lang.php14
-rw-r--r--system/core/Loader.php285
-rw-r--r--system/core/Model.php2
-rw-r--r--system/core/Output.php26
-rw-r--r--system/core/Router.php40
-rw-r--r--system/core/Security.php832
-rw-r--r--system/core/URI.php77
-rw-r--r--system/core/Utf8.php4
16 files changed, 1261 insertions, 339 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php
index 515550e9f..3686c2d73 100644
--- a/system/core/Benchmark.php
+++ b/system/core/Benchmark.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -19,7 +19,7 @@
* CodeIgniter Benchmark Class
*
* This class enables you to mark points and calculate the time difference
- * between them. Memory consumption can also be displayed.
+ * between them. Memory consumption can also be displayed.
*
* @package CodeIgniter
* @subpackage Libraries
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 143faec15..b6f5e872c 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -29,42 +29,42 @@
/*
* ------------------------------------------------------
- * Define the CodeIgniter Version
+ * Define the CodeIgniter Version
* ------------------------------------------------------
*/
- define('CI_VERSION', '2.0.1');
+ define('CI_VERSION', '2.0.2');
/*
* ------------------------------------------------------
- * Define the CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
+ * Define the CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
* ------------------------------------------------------
*/
define('CI_CORE', FALSE);
/*
* ------------------------------------------------------
- * Load the global functions
+ * Load the global functions
* ------------------------------------------------------
*/
- require(BASEPATH.'core/Common'.EXT);
+ require(BASEPATH.'core/Common.php');
/*
* ------------------------------------------------------
- * Load the framework constants
+ * Load the framework constants
* ------------------------------------------------------
*/
- if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants'.EXT))
+ if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php'))
{
- require(APPPATH.'config/'.ENVIRONMENT.'/constants'.EXT);
+ require(APPPATH.'config/'.ENVIRONMENT.'/constants.php');
}
else
{
- require(APPPATH.'config/constants'.EXT);
+ require(APPPATH.'config/constants.php');
}
/*
* ------------------------------------------------------
- * Define a custom error handler so we can log PHP errors
+ * Define a custom error handler so we can log PHP errors
* ------------------------------------------------------
*/
set_error_handler('_exception_handler');
@@ -76,7 +76,7 @@
/*
* ------------------------------------------------------
- * Set the subclass_prefix
+ * Set the subclass_prefix
* ------------------------------------------------------
*
* Normally the "subclass_prefix" is set in the config file.
@@ -85,7 +85,7 @@
* "libraries" folder. Since CI allows config items to be
* overriden via data set in the main index. php file,
* before proceeding we need to know if a subclass_prefix
- * override exists. If so, we will set this value now,
+ * override exists. If so, we will set this value now,
* before any classes are loaded
* Note: Since the config file data is cached it doesn't
* hurt to load it here.
@@ -97,7 +97,7 @@
/*
* ------------------------------------------------------
- * Set a liberal script execution time limit
+ * Set a liberal script execution time limit
* ------------------------------------------------------
*/
if (function_exists("set_time_limit") == TRUE AND @ini_get("safe_mode") == 0)
@@ -107,7 +107,7 @@
/*
* ------------------------------------------------------
- * Start the timer... tick tock tick tock...
+ * Start the timer... tick tock tick tock...
* ------------------------------------------------------
*/
$BM =& load_class('Benchmark', 'core');
@@ -116,21 +116,21 @@
/*
* ------------------------------------------------------
- * Instantiate the hooks class
+ * Instantiate the hooks class
* ------------------------------------------------------
*/
$EXT =& load_class('Hooks', 'core');
/*
* ------------------------------------------------------
- * Is there a "pre_system" hook?
+ * Is there a "pre_system" hook?
* ------------------------------------------------------
*/
$EXT->_call_hook('pre_system');
/*
* ------------------------------------------------------
- * Instantiate the config class
+ * Instantiate the config class
* ------------------------------------------------------
*/
$CFG =& load_class('Config', 'core');
@@ -143,7 +143,7 @@
/*
* ------------------------------------------------------
- * Instantiate the UTF-8 class
+ * Instantiate the UTF-8 class
* ------------------------------------------------------
*
* Note: Order here is rather important as the UTF-8
@@ -157,14 +157,14 @@
/*
* ------------------------------------------------------
- * Instantiate the URI class
+ * Instantiate the URI class
* ------------------------------------------------------
*/
$URI =& load_class('URI', 'core');
/*
* ------------------------------------------------------
- * Instantiate the routing class and set the routing
+ * Instantiate the routing class and set the routing
* ------------------------------------------------------
*/
$RTR =& load_class('Router', 'core');
@@ -178,14 +178,14 @@
/*
* ------------------------------------------------------
- * Instantiate the output class
+ * Instantiate the output class
* ------------------------------------------------------
*/
$OUT =& load_class('Output', 'core');
/*
* ------------------------------------------------------
- * Is there a valid cache file? If so, we're done...
+ * Is there a valid cache file? If so, we're done...
* ------------------------------------------------------
*/
if ($EXT->_call_hook('cache_override') === FALSE)
@@ -197,27 +197,34 @@
}
/*
+ * -----------------------------------------------------
+ * Load the security class for xss and csrf support
+ * -----------------------------------------------------
+ */
+ $SEC =& load_class('Security', 'core');
+
+/*
* ------------------------------------------------------
- * Load the Input class and sanitize globals
+ * Load the Input class and sanitize globals
* ------------------------------------------------------
*/
$IN =& load_class('Input', 'core');
/*
* ------------------------------------------------------
- * Load the Language class
+ * Load the Language class
* ------------------------------------------------------
*/
$LANG =& load_class('Lang', 'core');
/*
* ------------------------------------------------------
- * Load the app controller and local controller
+ * Load the app controller and local controller
* ------------------------------------------------------
*
*/
// Load the base controller class
- require BASEPATH.'core/Controller'.EXT;
+ require BASEPATH.'core/Controller.php';
function &get_instance()
{
@@ -225,34 +232,34 @@
}
- if (file_exists(APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller'.EXT))
+ if (file_exists(APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller.php'))
{
- require APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller'.EXT;
+ require APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller.php';
}
// Load the local application controller
// Note: The Router class automatically validates the controller path using the router->_validate_request().
// If this include fails it means that the default controller in the Routes.php file is not resolving to something valid.
- if ( ! file_exists(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().EXT))
+ if ( ! file_exists(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php'))
{
show_error('Unable to load your default controller. Please make sure the controller specified in your Routes.php file is valid.');
}
- include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().EXT);
+ include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php');
// Set a mark point for benchmarking
$BM->mark('loading_time:_base_classes_end');
/*
* ------------------------------------------------------
- * Security check
+ * Security check
* ------------------------------------------------------
*
- * None of the functions in the app controller or the
- * loader class can be called via the URI, nor can
- * controller functions that begin with an underscore
+ * None of the functions in the app controller or the
+ * loader class can be called via the URI, nor can
+ * controller functions that begin with an underscore
*/
- $class = $RTR->fetch_class();
+ $class = $RTR->fetch_class();
$method = $RTR->fetch_method();
if ( ! class_exists($class)
@@ -265,14 +272,14 @@
/*
* ------------------------------------------------------
- * Is there a "pre_controller" hook?
+ * Is there a "pre_controller" hook?
* ------------------------------------------------------
*/
$EXT->_call_hook('pre_controller');
/*
* ------------------------------------------------------
- * Instantiate the requested controller
+ * Instantiate the requested controller
* ------------------------------------------------------
*/
// Mark a start point so we can benchmark the controller
@@ -282,14 +289,14 @@
/*
* ------------------------------------------------------
- * Is there a "post_controller_constructor" hook?
+ * Is there a "post_controller_constructor" hook?
* ------------------------------------------------------
*/
$EXT->_call_hook('post_controller_constructor');
/*
* ------------------------------------------------------
- * Call the requested method
+ * Call the requested method
* ------------------------------------------------------
*/
// Is there a "remap" function? If so, we call it instead
@@ -311,12 +318,12 @@
$method = (isset($x[1]) ? $x[1] : 'index');
if ( ! class_exists($class))
{
- if ( ! file_exists(APPPATH.'controllers/'.$class.EXT))
+ if ( ! file_exists(APPPATH.'controllers/'.$class.'.php'))
{
show_404("{$class}/{$method}");
}
- include_once(APPPATH.'controllers/'.$class.EXT);
+ include_once(APPPATH.'controllers/'.$class.'.php');
unset($CI);
$CI = new $class();
}
@@ -338,14 +345,14 @@
/*
* ------------------------------------------------------
- * Is there a "post_controller" hook?
+ * Is there a "post_controller" hook?
* ------------------------------------------------------
*/
$EXT->_call_hook('post_controller');
/*
* ------------------------------------------------------
- * Send the final rendered output to the browser
+ * Send the final rendered output to the browser
* ------------------------------------------------------
*/
if ($EXT->_call_hook('display_override') === FALSE)
@@ -355,14 +362,14 @@
/*
* ------------------------------------------------------
- * Is there a "post_system" hook?
+ * Is there a "post_system" hook?
* ------------------------------------------------------
*/
$EXT->_call_hook('post_system');
/*
* ------------------------------------------------------
- * Close the DB connection if one exists
+ * Close the DB connection if one exists
* ------------------------------------------------------
*/
if (class_exists('CI_DB') AND isset($CI->db))
diff --git a/system/core/Common.php b/system/core/Common.php
index d7054ebe6..e50f7794a 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -39,6 +39,8 @@
* @param string
* @return bool TRUE if the current version is $version or higher
*/
+if ( ! function_exists('is_php'))
+{
function is_php($version = '5.0.0')
{
static $_is_php;
@@ -51,6 +53,7 @@
return $_is_php[$version];
}
+}
// ------------------------------------------------------------------------
@@ -58,12 +61,14 @@
* Tests for file writability
*
* is_writable() returns TRUE on Windows servers when you really can't write to
- * the file, based on the read-only attribute. is_writable() is also unreliable
+ * the file, based on the read-only attribute. is_writable() is also unreliable
* on Unix servers if safe_mode is on.
*
* @access private
* @return void
*/
+if ( ! function_exists('is_really_writable'))
+{
function is_really_writable($file)
{
// If we're on a Unix server with safe_mode off we call is_writable
@@ -73,7 +78,7 @@
}
// For windows servers and safe_mode "on" installations we'll actually
- // write a file then read it. Bah...
+ // write a file then read it. Bah...
if (is_dir($file))
{
$file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100));
@@ -96,14 +101,15 @@
fclose($fp);
return TRUE;
}
+}
// ------------------------------------------------------------------------
/**
* Class registry
*
-* This function acts as a singleton. If the requested class does not
-* exist it is instantiated and set to a static variable. If it has
+* This function acts as a singleton. If the requested class does not
+* exist it is instantiated and set to a static variable. If it has
* previously been instantiated the variable is returned.
*
* @access public
@@ -112,11 +118,13 @@
* @param string the class name prefix
* @return object
*/
+if ( ! function_exists('load_class'))
+{
function &load_class($class, $directory = 'libraries', $prefix = 'CI_')
{
static $_classes = array();
- // Does the class exist? If so, we're done...
+ // Does the class exist? If so, we're done...
if (isset($_classes[$class]))
{
return $_classes[$class];
@@ -128,27 +136,27 @@
// thenin the local application/libraries folder
foreach (array(BASEPATH, APPPATH) as $path)
{
- if (file_exists($path.$directory.'/'.$class.EXT))
+ if (file_exists($path.$directory.'/'.$class.'.php'))
{
$name = $prefix.$class;
if (class_exists($name) === FALSE)
{
- require($path.$directory.'/'.$class.EXT);
+ require($path.$directory.'/'.$class.'.php');
}
break;
}
}
- // Is the request a class extension? If so we load it too
- if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.EXT))
+ // Is the request a class extension? If so we load it too
+ if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php'))
{
$name = config_item('subclass_prefix').$class;
if (class_exists($name) === FALSE)
{
- require(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.EXT);
+ require(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php');
}
}
@@ -157,7 +165,7 @@
{
// Note: We use exit() rather then show_error() in order to avoid a
// self-referencing loop with the Excptions class
- exit('Unable to locate the specified class: '.$class.EXT);
+ exit('Unable to locate the specified class: '.$class.'.php');
}
// Keep track of what we just loaded
@@ -166,16 +174,19 @@
$_classes[$class] = new $name();
return $_classes[$class];
}
+}
// --------------------------------------------------------------------
/**
-* Keeps track of which libraries have been loaded. This function is
+* Keeps track of which libraries have been loaded. This function is
* called by the load_class() function above
*
* @access public
* @return array
*/
+if ( ! function_exists('is_loaded'))
+{
function is_loaded($class = '')
{
static $_is_loaded = array();
@@ -187,6 +198,7 @@
return $_is_loaded;
}
+}
// ------------------------------------------------------------------------
@@ -199,6 +211,8 @@
* @access private
* @return array
*/
+if ( ! function_exists('get_config'))
+{
function &get_config($replace = array())
{
static $_config;
@@ -209,9 +223,9 @@
}
// Is the config file in the environment folder?
- if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config'.EXT))
+ if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php'))
{
- $file_path = APPPATH.'config/config'.EXT;
+ $file_path = APPPATH.'config/config.php';
}
// Fetch the config file
@@ -242,6 +256,7 @@
return $_config[0] =& $config;
}
+}
// ------------------------------------------------------------------------
@@ -251,6 +266,8 @@
* @access public
* @return mixed
*/
+if ( ! function_exists('config_item'))
+{
function config_item($item)
{
static $_config_item = array();
@@ -268,6 +285,7 @@
return $_config_item[$item];
}
+}
// ------------------------------------------------------------------------
@@ -283,12 +301,15 @@
* @access public
* @return void
*/
+if ( ! function_exists('show_error'))
+{
function show_error($message, $status_code = 500, $heading = 'An Error Was Encountered')
{
$_error =& load_class('Exceptions', 'core');
echo $_error->show_error($heading, $message, 'error_general', $status_code);
exit;
}
+}
// ------------------------------------------------------------------------
@@ -302,12 +323,15 @@
* @access public
* @return void
*/
+if ( ! function_exists('show_404'))
+{
function show_404($page = '', $log_error = TRUE)
{
$_error =& load_class('Exceptions', 'core');
$_error->show_404($page, $log_error);
exit;
}
+}
// ------------------------------------------------------------------------
@@ -320,6 +344,8 @@
* @access public
* @return void
*/
+if ( ! function_exists('log_message'))
+{
function log_message($level = 'error', $message, $php_error = FALSE)
{
static $_log;
@@ -332,6 +358,7 @@
$_log =& load_class('Log');
$_log->write_log($level, $message, $php_error);
}
+}
// ------------------------------------------------------------------------
@@ -343,6 +370,8 @@
* @param string
* @return void
*/
+if ( ! function_exists('set_status_header'))
+{
function set_status_header($code = 200, $text = '')
{
$stati = array(
@@ -399,7 +428,7 @@
if ($text == '')
{
- show_error('No status text available. Please check your status code number or supply your own message text.', 500);
+ show_error('No status text available. Please check your status code number or supply your own message text.', 500);
}
$server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE;
@@ -417,6 +446,7 @@
header("HTTP/1.1 {$code} {$text}", TRUE, $code);
}
}
+}
// --------------------------------------------------------------------
@@ -424,7 +454,7 @@
* Exception Handler
*
* This is the custom exception handler that is declaired at the top
-* of Codeigniter.php. The main reason we use this is to permit
+* of Codeigniter.php. The main reason we use this is to permit
* PHP errors to be logged in our own log files since the user may
* not have access to server logs. Since this function
* effectively intercepts PHP errors, however, we also need
@@ -434,6 +464,8 @@
* @access private
* @return void
*/
+if ( ! function_exists('_exception_handler'))
+{
function _exception_handler($severity, $message, $filepath, $line)
{
// We don't bother with "strict" notices since they tend to fill up
@@ -455,7 +487,7 @@
$_error->show_php_error($severity, $message, $filepath, $line);
}
- // Should we log the error? No? We're done...
+ // Should we log the error? No? We're done...
if (config_item('log_threshold') == 0)
{
return;
@@ -463,45 +495,46 @@
$_error->log_exception($severity, $message, $filepath, $line);
}
+}
- // --------------------------------------------------------------------
-
- /**
- * Remove Invisible Characters
- *
- * This prevents sandwiching null characters
- * between ascii characters, like Java\0script.
- *
- * @access public
- * @param string
- * @return string
- */
- function remove_invisible_characters($str)
+// --------------------------------------------------------------------
+
+/**
+ * Remove Invisible Characters
+ *
+ * This prevents sandwiching null characters
+ * between ascii characters, like Java\0script.
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+if ( ! function_exists('remove_invisible_characters'))
+{
+ function remove_invisible_characters($str, $url_encoded = TRUE)
{
- static $non_displayables;
+ $non_displayables = array();
+
+ // every control character except newline (dec 10)
+ // carriage return (dec 13), and horizontal tab (dec 09)
- if ( ! isset($non_displayables))
+ if ($url_encoded)
{
- // every control character except newline (dec 10), carriage return (dec 13), and horizontal tab (dec 09),
- $non_displayables = array(
- '/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
- '/%1[0-9a-f]/', // url encoded 16-31
- '/[\x00-\x08]/', // 00-08
- '/\x0b/', '/\x0c/', // 11, 12
- '/[\x0e-\x1f]/' // 14-31
- );
+ $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15
+ $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31
}
+ $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127
+
do
{
- $cleaned = $str;
- $str = preg_replace($non_displayables, '', $str);
+ $str = preg_replace($non_displayables, '', $str, -1, $count);
}
- while ($cleaned != $str);
+ while ($count);
return $str;
}
-
+}
/* End of file Common.php */
/* Location: ./system/core/Common.php */ \ No newline at end of file
diff --git a/system/core/Config.php b/system/core/Config.php
index 863c5ef4b..fa71f4d3d 100644
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -37,11 +37,11 @@ class CI_Config {
*
* Sets the $config data from the primary config.php file as a class variable
*
- * @access public
- * @param string the config file name
- * @param boolean if configuration values should be loaded into their own section
- * @param boolean true if errors should just return false, false if an error message should be displayed
- * @return boolean if the file was successfully loaded or not
+ * @access public
+ * @param string the config file name
+ * @param boolean if configuration values should be loaded into their own section
+ * @param boolean true if errors should just return false, false if an error message should be displayed
+ * @return boolean if the file was successfully loaded or not
*/
function __construct()
{
@@ -74,13 +74,13 @@ class CI_Config {
*
* @access public
* @param string the config file name
- * @param boolean if configuration values should be loaded into their own section
- * @param boolean true if errors should just return false, false if an error message should be displayed
+ * @param boolean if configuration values should be loaded into their own section
+ * @param boolean true if errors should just return false, false if an error message should be displayed
* @return boolean if the file was loaded correctly
*/
function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE)
{
- $file = ($file == '') ? 'config' : str_replace(EXT, '', $file);
+ $file = ($file == '') ? 'config' : str_replace('.php', '', $file);
$found = FALSE;
$loaded = FALSE;
@@ -92,7 +92,7 @@ class CI_Config {
foreach ($check_locations as $location)
{
- $file_path = $path.'config/'.$location.EXT;
+ $file_path = $path.'config/'.$location.'.php';
if (in_array($file_path, $this->is_loaded, TRUE))
{
@@ -144,6 +144,7 @@ class CI_Config {
$loaded = TRUE;
log_message('debug', 'Config file loaded: '.$file_path);
+ break;
}
if ($loaded === FALSE)
@@ -152,7 +153,7 @@ class CI_Config {
{
return FALSE;
}
- show_error('The configuration file '.$file.EXT.' does not exist.');
+ show_error('The configuration file '.$file.'.php'.' does not exist.');
}
return TRUE;
@@ -304,7 +305,7 @@ class CI_Config {
* Assign to Config
*
* This function is called by the front controller (CodeIgniter.php)
- * after the Config class is instantiated. It permits config items
+ * after the Config class is instantiated. It permits config items
* to be assigned or overriden by variables contained in the index.php file
*
* @access private
@@ -326,4 +327,4 @@ class CI_Config {
// END CI_Config class
/* End of file Config.php */
-/* Location: ./system/core/Config.php */ \ No newline at end of file
+/* Location: ./system/core/Config.php */
diff --git a/system/core/Controller.php b/system/core/Controller.php
index 469663f09..107d3f346 100644
--- a/system/core/Controller.php
+++ b/system/core/Controller.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -37,7 +37,7 @@ class CI_Controller {
public function __construct()
{
self::$instance =& $this;
-
+
// Assign all the class objects that were instantiated by the
// bootstrap file (CodeIgniter.php) to local class variables
// so that CI can run as one big super object.
@@ -48,12 +48,9 @@ class CI_Controller {
$this->load =& load_class('Loader', 'core');
- $this->load->_base_classes =& is_loaded();
-
- $this->load->_ci_autoloader();
+ $this->load->set_base_classes()->ci_autoloader();
log_message('debug', "Controller Class Initialized");
-
}
public static function &get_instance()
diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php
index f5659561c..2503c907f 100644
--- a/system/core/Exceptions.php
+++ b/system/core/Exceptions.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -54,7 +54,7 @@ class CI_Exceptions {
public function __construct()
{
$this->ob_level = ob_get_level();
- // Note: Do not log messages from this constructor.
+ // Note: Do not log messages from this constructor.
}
// --------------------------------------------------------------------
@@ -75,7 +75,7 @@ class CI_Exceptions {
{
$severity = ( ! isset($this->levels[$severity])) ? $severity : $this->levels[$severity];
- log_message('error', 'Severity: '.$severity.' --> '.$message. ' '.$filepath.' '.$line, TRUE);
+ log_message('error', 'Severity: '.$severity.' --> '.$message. ' '.$filepath.' '.$line, TRUE);
}
// --------------------------------------------------------------------
@@ -128,7 +128,7 @@ class CI_Exceptions {
ob_end_flush();
}
ob_start();
- include(APPPATH.'errors/'.$template.EXT);
+ include(APPPATH.'errors/'.$template.'.php');
$buffer = ob_get_contents();
ob_end_clean();
return $buffer;
@@ -164,7 +164,7 @@ class CI_Exceptions {
ob_end_flush();
}
ob_start();
- include(APPPATH.'errors/error_php'.EXT);
+ include(APPPATH.'errors/error_php.php');
$buffer = ob_get_contents();
ob_end_clean();
echo $buffer;
diff --git a/system/core/Hooks.php b/system/core/Hooks.php
index 24fa1055b..ffb3258d8 100644
--- a/system/core/Hooks.php
+++ b/system/core/Hooks.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -65,13 +65,13 @@ class CI_Hooks {
// Grab the "hooks" definition file.
// If there are no hooks, we're done.
- if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks'.EXT))
+ if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'))
{
- include(APPPATH.'config/'.ENVIRONMENT.'/hooks'.EXT);
+ include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php');
}
- elseif (is_file(APPPATH.'config/hooks'.EXT))
+ elseif (is_file(APPPATH.'config/hooks.php'))
{
- include(APPPATH.'config/hooks'.EXT);
+ include(APPPATH.'config/hooks.php');
}
diff --git a/system/core/Input.php b/system/core/Input.php
index 18131350f..89eda56b0 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -36,7 +36,7 @@ class CI_Input {
var $_enable_csrf = FALSE; // Set automatically based on config setting
protected $headers = array();
-
+
/**
* Constructor
@@ -53,11 +53,8 @@ class CI_Input {
$this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
$this->_enable_csrf = (config_item('csrf_protection') === TRUE);
- // Do we need to load the security class?
- if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE)
- {
- $this->security =& load_class('Security');
- }
+ global $SEC;
+ $this->security =& $SEC;
// Do we need the UTF-8 class?
if (UTF8_ENABLED === TRUE)
@@ -92,8 +89,7 @@ class CI_Input {
if ($xss_clean === TRUE)
{
- $_security =& load_class('Security');
- return $_security->xss_clean($array[$index]);
+ return $this->security->xss_clean($array[$index]);
}
return $array[$index];
@@ -151,7 +147,7 @@ class CI_Input {
}
return $post;
}
-
+
return $this->_fetch_from_array($_POST, $index, $xss_clean);
}
@@ -205,7 +201,7 @@ class CI_Input {
* @param mixed
* @param string the value of the cookie
* @param string the number of seconds until expiration
- * @param string the cookie domain. Usually: .yourdomain.com
+ * @param string the cookie domain. Usually: .yourdomain.com
* @param string the cookie path
* @param string the cookie prefix
* @param bool true makes the cookie secure
@@ -406,9 +402,9 @@ class CI_Input {
function _sanitize_globals()
{
// It would be "wrong" to unset any of these GLOBALS.
- $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST',
+ $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST',
'_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
- 'system_folder', 'application_folder', 'BM', 'EXT',
+ 'system_folder', 'application_folder', 'BM', 'EXT',
'CFG', 'URI', 'RTR', 'OUT', 'IN');
// Unset globals for securiy.
@@ -528,6 +524,9 @@ class CI_Input {
$str = $this->uni->clean_string($str);
}
+ // Remove control characters
+ $str = remove_invisible_characters($str);
+
// Should we filter the input data?
if ($this->_enable_xss === TRUE)
{
@@ -580,7 +579,7 @@ class CI_Input {
/**
* Request Headers
*
- * In Apache, you can simply call apache_request_headers(), however for
+ * In Apache, you can simply call apache_request_headers(), however for
* people running other webservers the function is undefined.
*
* @return array
@@ -610,10 +609,10 @@ class CI_Input {
{
$key = str_replace('_', ' ', strtolower($key));
$key = str_replace(' ', '-', ucwords($key));
-
+
$this->headers[$key] = $val;
}
-
+
return $this->headers;
}
@@ -634,7 +633,7 @@ class CI_Input {
{
$this->request_headers();
}
-
+
if ( ! isset($this->headers[$index]))
{
return FALSE;
@@ -642,11 +641,10 @@ class CI_Input {
if ($xss_clean === TRUE)
{
- $_security =& load_class('Security');
- return $_security->xss_clean($this->headers[$index]);
+ return $this->security->xss_clean($this->headers[$index]);
}
- return $this->headers[$index];
+ return $this->headers[$index];
}
// --------------------------------------------------------------------
diff --git a/system/core/Lang.php b/system/core/Lang.php
index 0b926a303..79eb443a0 100644
--- a/system/core/Lang.php
+++ b/system/core/Lang.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -51,14 +51,14 @@ class CI_Lang {
*/
function load($langfile = '', $idiom = '', $return = FALSE, $add_suffix = TRUE, $alt_path = '')
{
- $langfile = str_replace(EXT, '', $langfile);
+ $langfile = str_replace('.php', '', $langfile);
if ($add_suffix == TRUE)
{
$langfile = str_replace('_lang.', '', $langfile).'_lang';
}
- $langfile .= EXT;
+ $langfile .= '.php';
if (in_array($langfile, $this->is_loaded, TRUE))
{
@@ -129,19 +129,19 @@ class CI_Lang {
*/
function line($line = '')
{
- $line = ($line == '' OR ! isset($this->language[$line])) ? FALSE : $this->language[$line];
+ $value = ($line == '' OR ! isset($this->language[$line])) ? FALSE : $this->language[$line];
// Because killer robots like unicorns!
- if ($line === FALSE)
+ if ($value === FALSE)
{
log_message('error', 'Could not find the language line "'.$line.'"');
}
- return $line;
+ return $value;
}
}
// END Language Class
/* End of file Lang.php */
-/* Location: ./system/core/Lang.php */ \ No newline at end of file
+/* Location: ./system/core/Lang.php */
diff --git a/system/core/Loader.php b/system/core/Loader.php
index e75805d0e..87f05d86e 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -29,34 +29,32 @@
class CI_Loader {
// All these are set automatically. Don't mess with them.
- var $_ci_ob_level;
- var $_ci_view_path = '';
- var $_ci_library_paths = array();
- var $_ci_model_paths = array();
- var $_ci_helper_paths = array();
- var $_base_classes = array(); // Set by the controller class
- var $_ci_cached_vars = array();
- var $_ci_classes = array();
- var $_ci_loaded_files = array();
- var $_ci_models = array();
- var $_ci_helpers = array();
- var $_ci_varmap = array('unit_test' => 'unit', 'user_agent' => 'agent');
-
+ protected $_ci_ob_level;
+ protected $_ci_view_paths = array();
+ protected $_ci_library_paths = array();
+ protected $_ci_model_paths = array();
+ protected $_ci_helper_paths = array();
+ protected $_base_classes = array(); // Set by the controller class
+ protected $_ci_cached_vars = array();
+ protected $_ci_classes = array();
+ protected $_ci_loaded_files = array();
+ protected $_ci_models = array();
+ protected $_ci_helpers = array();
+ protected $_ci_varmap = array('unit_test' => 'unit',
+ 'user_agent' => 'agent');
/**
* Constructor
*
* Sets the path to the view files and gets the initial output buffering level
- *
- * @access public
*/
- function __construct()
+ public function __construct()
{
- $this->_ci_view_path = APPPATH.'views/';
- $this->_ci_ob_level = ob_get_level();
+ $this->_ci_ob_level = ob_get_level();
$this->_ci_library_paths = array(APPPATH, BASEPATH);
$this->_ci_helper_paths = array(APPPATH, BASEPATH);
$this->_ci_model_paths = array(APPPATH);
+ $this->_ci_view_paths = array(APPPATH.'views/' => TRUE);
log_message('debug', "Loader Class Initialized");
}
@@ -64,18 +62,58 @@ class CI_Loader {
// --------------------------------------------------------------------
/**
+ * Set _base_classes variable
+ *
+ * This method is called once in CI_Controller.
+ *
+ * @param array
+ * @return object
+ */
+ public function set_base_classes()
+ {
+ $this->_base_classes =& is_loaded();
+
+ return $this;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Is Loaded
+ *
+ * A utility function to test if a class is in the self::$_ci_classes array.
+ * This function returns the object name if the class tested for is loaded,
+ * and returns FALSE if it isn't.
+ *
+ * It is mainly used in the form_helper -> _get_validation_object()
+ *
+ * @param string class being checked for
+ * @return mixed class object name on the CI SuperObject or FALSE
+ */
+ public function is_loaded($class)
+ {
+ if (isset($this->_ci_classes[$class]))
+ {
+ return $this->_ci_classes[$class];
+ }
+
+ return FALSE;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Class Loader
*
* This function lets users load and instantiate classes.
* It is designed to be called from a user's app controllers.
*
- * @access public
* @param string the name of the class
* @param mixed the optional parameters
* @param string an optional object name
* @return void
*/
- function library($library = '', $params = NULL, $object_name = NULL)
+ public function library($library = '', $params = NULL, $object_name = NULL)
{
if (is_array($library))
{
@@ -107,13 +145,12 @@ class CI_Loader {
*
* This function lets users load and instantiate models.
*
- * @access public
* @param string the name of the class
* @param string name for the model
* @param bool database connection
* @return void
*/
- function model($model, $name = '', $db_conn = FALSE)
+ public function model($model, $name = '', $db_conn = FALSE)
{
if (is_array($model))
{
@@ -161,7 +198,7 @@ class CI_Loader {
foreach ($this->_ci_model_paths as $mod_path)
{
- if ( ! file_exists($mod_path.'models/'.$path.$model.EXT))
+ if ( ! file_exists($mod_path.'models/'.$path.$model.'.php'))
{
continue;
}
@@ -181,7 +218,7 @@ class CI_Loader {
load_class('Model', 'core');
}
- require_once($mod_path.'models/'.$path.$model.EXT);
+ require_once($mod_path.'models/'.$path.$model.'.php');
$model = ucfirst($model);
@@ -200,13 +237,12 @@ class CI_Loader {
/**
* Database Loader
*
- * @access public
* @param string the DB credentials
* @param bool whether to return the DB object
* @param bool whether to enable active record (this allows us to override the config setting)
* @return object
*/
- function database($params = '', $return = FALSE, $active_record = NULL)
+ public function database($params = '', $return = FALSE, $active_record = NULL)
{
// Grab the super object
$CI =& get_instance();
@@ -217,14 +253,14 @@ class CI_Loader {
return FALSE;
}
- require_once(BASEPATH.'database/DB'.EXT);
+ require_once(BASEPATH.'database/DB.php');
if ($return === TRUE)
{
return DB($params, $active_record);
}
- // Initialize the db variable. Needed to prevent
+ // Initialize the db variable. Needed to prevent
// reference errors with some configurations
$CI->db = '';
@@ -237,10 +273,9 @@ class CI_Loader {
/**
* Load the Utilities Class
*
- * @access public
* @return string
*/
- function dbutil()
+ public function dbutil()
{
if ( ! class_exists('CI_DB'))
{
@@ -253,8 +288,8 @@ class CI_Loader {
// this use is deprecated and strongly discouraged
$CI->load->dbforge();
- require_once(BASEPATH.'database/DB_utility'.EXT);
- require_once(BASEPATH.'database/drivers/'.$CI->db->dbdriver.'/'.$CI->db->dbdriver.'_utility'.EXT);
+ require_once(BASEPATH.'database/DB_utility.php');
+ require_once(BASEPATH.'database/drivers/'.$CI->db->dbdriver.'/'.$CI->db->dbdriver.'_utility.php');
$class = 'CI_DB_'.$CI->db->dbdriver.'_utility';
$CI->dbutil = new $class();
@@ -265,10 +300,9 @@ class CI_Loader {
/**
* Load the Database Forge Class
*
- * @access public
* @return string
*/
- function dbforge()
+ public function dbforge()
{
if ( ! class_exists('CI_DB'))
{
@@ -277,8 +311,8 @@ class CI_Loader {
$CI =& get_instance();
- require_once(BASEPATH.'database/DB_forge'.EXT);
- require_once(BASEPATH.'database/drivers/'.$CI->db->dbdriver.'/'.$CI->db->dbdriver.'_forge'.EXT);
+ require_once(BASEPATH.'database/DB_forge.php');
+ require_once(BASEPATH.'database/drivers/'.$CI->db->dbdriver.'/'.$CI->db->dbdriver.'_forge.php');
$class = 'CI_DB_'.$CI->db->dbdriver.'_forge';
$CI->dbforge = new $class();
@@ -289,21 +323,20 @@ class CI_Loader {
/**
* Load View
*
- * This function is used to load a "view" file. It has three parameters:
+ * This function is used to load a "view" file. It has three parameters:
*
* 1. The name of the "view" file to be included.
* 2. An associative array of data to be extracted for use in the view.
- * 3. TRUE/FALSE - whether to return the data or load it. In
+ * 3. TRUE/FALSE - whether to return the data or load it. In
* some cases it's advantageous to be able to return data so that
* a developer can process it in some way.
*
- * @access public
* @param string
* @param array
* @param bool
* @return void
*/
- function view($view, $vars = array(), $return = FALSE)
+ public function view($view, $vars = array(), $return = FALSE)
{
return $this->_ci_load(array('_ci_view' => $view, '_ci_vars' => $this->_ci_object_to_array($vars), '_ci_return' => $return));
}
@@ -315,12 +348,11 @@ class CI_Loader {
*
* This is a generic file loader
*
- * @access public
* @param string
* @param bool
* @return string
*/
- function file($path, $return = FALSE)
+ public function file($path, $return = FALSE)
{
return $this->_ci_load(array('_ci_path' => $path, '_ci_return' => $return));
}
@@ -333,11 +365,10 @@ class CI_Loader {
* Once variables are set they become available within
* the controller class and its "view" files.
*
- * @access public
* @param array
* @return void
*/
- function vars($vars = array(), $val = '')
+ public function vars($vars = array(), $val = '')
{
if ($val != '' AND is_string($vars))
{
@@ -362,11 +393,10 @@ class CI_Loader {
*
* This function loads the specified helper file.
*
- * @access public
* @param mixed
* @return void
*/
- function helper($helpers = array())
+ public function helper($helpers = array())
{
foreach ($this->_ci_prep_filename($helpers, '_helper') as $helper)
{
@@ -375,16 +405,16 @@ class CI_Loader {
continue;
}
- $ext_helper = APPPATH.'helpers/'.config_item('subclass_prefix').$helper.EXT;
+ $ext_helper = APPPATH.'helpers/'.config_item('subclass_prefix').$helper.'.php';
// Is this a helper extension request?
if (file_exists($ext_helper))
{
- $base_helper = BASEPATH.'helpers/'.$helper.EXT;
+ $base_helper = BASEPATH.'helpers/'.$helper.'.php';
if ( ! file_exists($base_helper))
{
- show_error('Unable to load the requested file: helpers/'.$helper.EXT);
+ show_error('Unable to load the requested file: helpers/'.$helper.'.php');
}
include_once($ext_helper);
@@ -398,9 +428,9 @@ class CI_Loader {
// Try to load the helper
foreach ($this->_ci_helper_paths as $path)
{
- if (file_exists($path.'helpers/'.$helper.EXT))
+ if (file_exists($path.'helpers/'.$helper.'.php'))
{
- include_once($path.'helpers/'.$helper.EXT);
+ include_once($path.'helpers/'.$helper.'.php');
$this->_ci_helpers[$helper] = TRUE;
log_message('debug', 'Helper loaded: '.$helper);
@@ -411,7 +441,7 @@ class CI_Loader {
// unable to load the helper
if ( ! isset($this->_ci_helpers[$helper]))
{
- show_error('Unable to load the requested file: helpers/'.$helper.EXT);
+ show_error('Unable to load the requested file: helpers/'.$helper.'.php');
}
}
}
@@ -424,11 +454,10 @@ class CI_Loader {
* This is simply an alias to the above function in case the
* user has written the plural form of this function.
*
- * @access public
* @param array
* @return void
*/
- function helpers($helpers = array())
+ public function helpers($helpers = array())
{
$this->helper($helpers);
}
@@ -438,12 +467,11 @@ class CI_Loader {
/**
* Loads a language file
*
- * @access public
* @param array
* @param string
* @return void
*/
- function language($file = array(), $lang = '')
+ public function language($file = array(), $lang = '')
{
$CI =& get_instance();
@@ -463,11 +491,10 @@ class CI_Loader {
/**
* Loads a config file
*
- * @access public
* @param string
* @return void
*/
- function config($file = '', $use_sections = FALSE, $fail_gracefully = FALSE)
+ public function config($file = '', $use_sections = FALSE, $fail_gracefully = FALSE)
{
$CI =& get_instance();
$CI->config->load($file, $use_sections, $fail_gracefully);
@@ -485,12 +512,12 @@ class CI_Loader {
* @param string an optional object name
* @return void
*/
- function driver($library = '', $params = NULL, $object_name = NULL)
+ public function driver($library = '', $params = NULL, $object_name = NULL)
{
if ( ! class_exists('CI_Driver_Library'))
{
// we aren't instantiating an object here, that'll be done by the Library itself
- require BASEPATH.'libraries/Driver'.EXT;
+ require BASEPATH.'libraries/Driver.php';
}
// We can save the loader some time since Drivers will *always* be in a subfolder,
@@ -510,11 +537,11 @@ class CI_Loader {
*
* Prepends a parent path to the library, model, helper, and config path arrays
*
- * @access public
* @param string
+ * @param boolean
* @return void
*/
- function add_package_path($path)
+ public function add_package_path($path, $view_cascade=TRUE)
{
$path = rtrim($path, '/').'/';
@@ -522,6 +549,8 @@ class CI_Loader {
array_unshift($this->_ci_model_paths, $path);
array_unshift($this->_ci_helper_paths, $path);
+ $this->_ci_view_paths = array($path.'views/' => $view_cascade) + $this->_ci_view_paths;
+
// Add config file path
$config =& $this->_ci_get_component('config');
array_unshift($config->_config_paths, $path);
@@ -534,11 +563,10 @@ class CI_Loader {
*
* Return a list of all package paths, by default it will ignore BASEPATH.
*
- * @access public
* @param string
* @return void
*/
- function get_package_paths($include_base = FALSE)
+ public function get_package_paths($include_base = FALSE)
{
return $include_base === TRUE ? $this->_ci_library_paths : $this->_ci_model_paths;
}
@@ -551,11 +579,10 @@ class CI_Loader {
* Remove a path from the library, model, and helper path arrays if it exists
* If no path is provided, the most recently added path is removed.
*
- * @access public
* @param type
* @return type
*/
- function remove_package_path($path = '', $remove_config_path = TRUE)
+ public function remove_package_path($path = '', $remove_config_path = TRUE)
{
$config =& $this->_ci_get_component('config');
@@ -564,12 +591,12 @@ class CI_Loader {
$void = array_shift($this->_ci_library_paths);
$void = array_shift($this->_ci_model_paths);
$void = array_shift($this->_ci_helper_paths);
+ $void = array_shift($this->_ci_view_paths);
$void = array_shift($config->_config_paths);
}
else
{
$path = rtrim($path, '/').'/';
-
foreach (array('_ci_library_paths', '_ci_model_paths', '_ci_helper_paths') as $var)
{
if (($key = array_search($path, $this->{$var})) !== FALSE)
@@ -578,6 +605,11 @@ class CI_Loader {
}
}
+ if (isset($this->_ci_view_paths[$path.'views/']))
+ {
+ unset($this->_ci_view_paths[$path.'views/']);
+ }
+
if (($key = array_search($path, $config->_config_paths)) !== FALSE)
{
unset($config->_config_paths[$key]);
@@ -588,6 +620,7 @@ class CI_Loader {
$this->_ci_library_paths = array_unique(array_merge($this->_ci_library_paths, array(APPPATH, BASEPATH)));
$this->_ci_helper_paths = array_unique(array_merge($this->_ci_helper_paths, array(APPPATH, BASEPATH)));
$this->_ci_model_paths = array_unique(array_merge($this->_ci_model_paths, array(APPPATH)));
+ $this->_ci_view_paths = array_merge($this->_ci_view_paths, array(APPPATH.'views/' => TRUE));
$config->_config_paths = array_unique(array_merge($config->_config_paths, array(APPPATH)));
}
@@ -600,11 +633,10 @@ class CI_Loader {
* Variables are prefixed with _ci_ to avoid symbol collision with
* variables made available to view files
*
- * @access private
* @param array
* @return void
*/
- function _ci_load($_ci_data)
+ protected function _ci_load($_ci_data)
{
// Set the default data variables
foreach (array('_ci_view', '_ci_vars', '_ci_path', '_ci_return') as $_ci_val)
@@ -612,20 +644,36 @@ class CI_Loader {
$$_ci_val = ( ! isset($_ci_data[$_ci_val])) ? FALSE : $_ci_data[$_ci_val];
}
+ $file_exists = FALSE;
+
// Set the path to the requested file
- if ($_ci_path == '')
+ if ($_ci_path != '')
{
- $_ci_ext = pathinfo($_ci_view, PATHINFO_EXTENSION);
- $_ci_file = ($_ci_ext == '') ? $_ci_view.EXT : $_ci_view;
- $_ci_path = $this->_ci_view_path.$_ci_file;
+ $_ci_x = explode('/', $_ci_path);
+ $_ci_file = end($_ci_x);
}
else
{
- $_ci_x = explode('/', $_ci_path);
- $_ci_file = end($_ci_x);
+ $_ci_ext = pathinfo($_ci_view, PATHINFO_EXTENSION);
+ $_ci_file = ($_ci_ext == '') ? $_ci_view.'.php' : $_ci_view;
+
+ foreach ($this->_ci_view_paths as $view_file => $cascade)
+ {
+ if (file_exists($view_file.$_ci_file))
+ {
+ $_ci_path = $view_file.$_ci_file;
+ $file_exists = TRUE;
+ break;
+ }
+
+ if ( ! $cascade)
+ {
+ break;
+ }
+ }
}
- if ( ! file_exists($_ci_path))
+ if ( ! $file_exists && ! file_exists($_ci_path))
{
show_error('Unable to load the requested file: '.$_ci_file);
}
@@ -662,9 +710,9 @@ class CI_Loader {
* We buffer the output for two reasons:
* 1. Speed. You get a significant speed boost.
* 2. So that the final rendered template can be
- * post-processed by the output class. Why do we
- * need post processing? For one thing, in order to
- * show the elapsed page load time. Unless we
+ * post-processed by the output class. Why do we
+ * need post processing? For one thing, in order to
+ * show the elapsed page load time. Unless we
* can intercept the content right before it's sent to
* the browser and then stop the timer it won't be accurate.
*/
@@ -721,18 +769,17 @@ class CI_Loader {
*
* This function loads the requested class.
*
- * @access private
* @param string the item that is being loaded
* @param mixed any additional parameters
* @param string an optional object name
* @return void
*/
- function _ci_load_class($class, $params = NULL, $object_name = NULL)
+ protected function _ci_load_class($class, $params = NULL, $object_name = NULL)
{
// Get the class name, and while we're at it trim any slashes.
// The directory path can be included as part of the class name,
// but we don't want a leading slash
- $class = str_replace(EXT, '', trim($class, '/'));
+ $class = str_replace('.php', '', trim($class, '/'));
// Was the path included with the class name?
// We look for a slash to determine this
@@ -749,12 +796,12 @@ class CI_Loader {
// We'll test for both lowercase and capitalized versions of the file name
foreach (array(ucfirst($class), strtolower($class)) as $class)
{
- $subclass = APPPATH.'libraries/'.$subdir.config_item('subclass_prefix').$class.EXT;
+ $subclass = APPPATH.'libraries/'.$subdir.config_item('subclass_prefix').$class.'.php';
// Is this a class extension request?
if (file_exists($subclass))
{
- $baseclass = BASEPATH.'libraries/'.ucfirst($class).EXT;
+ $baseclass = BASEPATH.'libraries/'.ucfirst($class).'.php';
if ( ! file_exists($baseclass))
{
@@ -762,11 +809,11 @@ class CI_Loader {
show_error("Unable to load the requested class: ".$class);
}
- // Safety: Was the class already loaded by a previous call?
+ // Safety: Was the class already loaded by a previous call?
if (in_array($subclass, $this->_ci_loaded_files))
{
// Before we deem this to be a duplicate request, let's see
- // if a custom object name is being supplied. If so, we'll
+ // if a custom object name is being supplied. If so, we'll
// return a new instance of the object
if ( ! is_null($object_name))
{
@@ -793,19 +840,19 @@ class CI_Loader {
$is_duplicate = FALSE;
foreach ($this->_ci_library_paths as $path)
{
- $filepath = $path.'libraries/'.$subdir.$class.EXT;
+ $filepath = $path.'libraries/'.$subdir.$class.'.php';
- // Does the file exist? No? Bummer...
+ // Does the file exist? No? Bummer...
if ( ! file_exists($filepath))
{
continue;
}
- // Safety: Was the class already loaded by a previous call?
+ // Safety: Was the class already loaded by a previous call?
if (in_array($filepath, $this->_ci_loaded_files))
{
// Before we deem this to be a duplicate request, let's see
- // if a custom object name is being supplied. If so, we'll
+ // if a custom object name is being supplied. If so, we'll
// return a new instance of the object
if ( ! is_null($object_name))
{
@@ -828,7 +875,7 @@ class CI_Loader {
} // END FOREACH
- // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified?
+ // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified?
if ($subdir == '')
{
$path = strtolower($class).'/'.$class;
@@ -849,15 +896,14 @@ class CI_Loader {
/**
* Instantiates a class
*
- * @access private
* @param string
* @param string
* @param string an optional object name
* @return null
*/
- function _ci_init_class($class, $prefix = '', $config = FALSE, $object_name = NULL)
+ protected function _ci_init_class($class, $prefix = '', $config = FALSE, $object_name = NULL)
{
- // Is there an associated config file for this class? Note: these should always be lowercase
+ // Is there an associated config file for this class? Note: these should always be lowercase
if ($config === NULL)
{
// Fetch the config paths containing any package paths
@@ -872,24 +918,24 @@ class CI_Loader {
// We test for both uppercase and lowercase, for servers that
// are case-sensitive with regard to file names. Check for environment
// first, global next
- if (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.strtolower($class).EXT))
+ if (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php'))
{
- include_once($path .'config/'.ENVIRONMENT.'/'.strtolower($class).EXT);
+ include_once($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php');
break;
}
- elseif (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).EXT))
+ elseif (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php'))
{
- include_once($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).EXT);
+ include_once($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php');
break;
}
- elseif (file_exists($path .'config/'.strtolower($class).EXT))
+ elseif (file_exists($path .'config/'.strtolower($class).'.php'))
{
- include_once($path .'config/'.strtolower($class).EXT);
+ include_once($path .'config/'.strtolower($class).'.php');
break;
}
- elseif (file_exists($path .'config/'.ucfirst(strtolower($class)).EXT))
+ elseif (file_exists($path .'config/'.ucfirst(strtolower($class)).'.php'))
{
- include_once($path .'config/'.ucfirst(strtolower($class)).EXT);
+ include_once($path .'config/'.ucfirst(strtolower($class)).'.php');
break;
}
}
@@ -924,7 +970,7 @@ class CI_Loader {
}
// Set the variable name we will assign the class to
- // Was a custom class name supplied? If so we'll use it
+ // Was a custom class name supplied? If so we'll use it
$class = strtolower($class);
if (is_null($object_name))
@@ -959,21 +1005,23 @@ class CI_Loader {
* The config/autoload.php file contains an array that permits sub-systems,
* libraries, and helpers to be loaded automatically.
*
- * @access private
+ * This function is public, as it's used in the CI_Controller class.
+ * However, there is no reason you should ever needs to use it.
+ *
* @param array
* @return void
*/
- function _ci_autoloader()
+ public function ci_autoloader()
{
- if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload'.EXT))
+ if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php'))
{
- include_once(APPPATH.'config/'.ENVIRONMENT.'/autoload'.EXT);
+ include_once(APPPATH.'config/'.ENVIRONMENT.'/autoload.php');
}
else
{
- include_once(APPPATH.'config/autoload'.EXT);
+ include_once(APPPATH.'config/autoload.php');
}
-
+
if ( ! isset($autoload))
{
@@ -1046,11 +1094,10 @@ class CI_Loader {
*
* Takes an object as input and converts the class variables to array key/vals
*
- * @access private
* @param object
* @return array
*/
- function _ci_object_to_array($object)
+ protected function _ci_object_to_array($object)
{
return (is_object($object)) ? get_object_vars($object) : $object;
}
@@ -1060,10 +1107,9 @@ class CI_Loader {
/**
* Get a reference to a specific library or model
*
- * @access private
* @return bool
*/
- function &_ci_get_component($component)
+ protected function &_ci_get_component($component)
{
$CI =& get_instance();
return $CI->$component;
@@ -1076,29 +1122,26 @@ class CI_Loader {
*
* This function preps the name of various items to make loading them more reliable.
*
- * @access private
* @param mixed
* @return array
*/
- function _ci_prep_filename($filename, $extension)
+ protected function _ci_prep_filename($filename, $extension)
{
if ( ! is_array($filename))
{
- return array(strtolower(str_replace(EXT, '', str_replace($extension, '', $filename)).$extension));
+ return array(strtolower(str_replace('.php', '', str_replace($extension, '', $filename)).$extension));
}
else
{
foreach ($filename as $key => $val)
{
- $filename[$key] = strtolower(str_replace(EXT, '', str_replace($extension, '', $val)).$extension);
+ $filename[$key] = strtolower(str_replace('.php', '', str_replace($extension, '', $val)).$extension);
}
return $filename;
}
}
-
-
}
/* End of file Loader.php */
-/* Location: ./system/core/Loader.php */
+/* Location: ./system/core/Loader.php */ \ No newline at end of file
diff --git a/system/core/Model.php b/system/core/Model.php
index 8566a0b66..61c71b672 100644
--- a/system/core/Model.php
+++ b/system/core/Model.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
diff --git a/system/core/Output.php b/system/core/Output.php
index bcba2577a..562dbb86b 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -28,7 +28,6 @@
*/
class CI_Output {
- public $parse_exec_vars = TRUE; // whether or not to parse variables like {elapsed_time} and {memory_usage}
protected $final_output;
protected $cache_expiration = 0;
protected $headers = array();
@@ -36,19 +35,20 @@ class CI_Output {
protected $enable_profiler = FALSE;
protected $_zlib_oc = FALSE;
protected $_profiler_sections = array();
+ protected $parse_exec_vars = TRUE; // whether or not to parse variables like {elapsed_time} and {memory_usage}
function __construct()
{
$this->_zlib_oc = @ini_get('zlib.output_compression');
// Get mime types for later
- if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT))
+ if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'))
{
- include APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT;
+ include APPPATH.'config/'.ENVIRONMENT.'/mimes.php';
}
else
{
- include APPPATH.'config/mimes'.EXT;
+ include APPPATH.'config/mimes.php';
}
@@ -122,7 +122,7 @@ class CI_Output {
*
* Lets you set a server header which will be outputted with the final display.
*
- * Note: If a file is cached, headers will not be sent. We need to figure out
+ * Note: If a file is cached, headers will not be sent. We need to figure out
* how to permit header data to be saved with the cache data...
*
* @access public
@@ -261,7 +261,7 @@ class CI_Output {
* $this->final_output
*
* This function sends the finalized output data to the browser along
- * with any server headers and profile data. It also stops the
+ * with any server headers and profile data. It also stops the
* benchmark timer so the page rendering speed and memory usage can be shown.
*
* @access public
@@ -269,7 +269,7 @@ class CI_Output {
*/
function _display($output = '')
{
- // Note: We use globals because we can't use $CI =& get_instance()
+ // Note: We use globals because we can't use $CI =& get_instance()
// since this function is sometimes called by the caching mechanism,
// which happens before the CI super object is available.
global $BM, $CFG;
@@ -290,7 +290,7 @@ class CI_Output {
// --------------------------------------------------------------------
- // Do we need to write a cache file? Only if the controller does not have its
+ // Do we need to write a cache file? Only if the controller does not have its
// own _output() method and we are not dealing with a cache file, which we
// can determine by the existence of the $CI object above
if ($this->cache_expiration > 0 && isset($CI) && ! method_exists($CI, '_output'))
@@ -368,7 +368,7 @@ class CI_Output {
// we will remove them and add them back after we insert the profile data
if (preg_match("|</body>.*?</html>|is", $output))
{
- $output = preg_replace("|</body>.*?</html>|is", '', $output);
+ $output = preg_replace("|</body>.*?</html>|is", '', $output);
$output .= $CI->profiler->run();
$output .= '</body></html>';
}
@@ -381,14 +381,14 @@ class CI_Output {
// --------------------------------------------------------------------
// Does the controller contain a function named _output()?
- // If so send the output there. Otherwise, echo it.
+ // If so send the output there. Otherwise, echo it.
if (method_exists($CI, '_output'))
{
$CI->_output($output);
}
else
{
- echo $output; // Send it to the browser!
+ echo $output; // Send it to the browser!
}
log_message('debug', "Final output sent to browser");
@@ -458,7 +458,7 @@ class CI_Output {
{
$cache_path = ($CFG->item('cache_path') == '') ? APPPATH.'cache/' : $CFG->item('cache_path');
- // Build the file path. The file name is an MD5 hash of the full URI
+ // Build the file path. The file name is an MD5 hash of the full URI
$uri = $CFG->item('base_url').
$CFG->item('index_page').
$URI->uri_string;
diff --git a/system/core/Router.php b/system/core/Router.php
index d451aab68..a76a7bd0a 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -61,7 +61,7 @@ class CI_Router {
*/
function _set_routing()
{
- // Are query strings enabled in the config file? Normally CI doesn't utilize query strings
+ // Are query strings enabled in the config file? Normally CI doesn't utilize query strings
// since URI segments are more search-engine friendly, but they can optionally be used.
// If this feature is enabled, we will gather the directory/class/method a little differently
$segments = array();
@@ -87,15 +87,15 @@ class CI_Router {
}
// Load the routes.php file.
- if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/routes'.EXT))
+ if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/routes.php'))
{
- include(APPPATH.'config/'.ENVIRONMENT.'/routes'.EXT);
+ include(APPPATH.'config/'.ENVIRONMENT.'/routes.php');
}
- elseif (is_file(APPPATH.'config/routes'.EXT))
+ elseif (is_file(APPPATH.'config/routes.php'))
{
- include(APPPATH.'config/routes'.EXT);
+ include(APPPATH.'config/routes.php');
}
-
+
$this->routes = ( ! isset($route) OR ! is_array($route)) ? array() : $route;
unset($route);
@@ -103,7 +103,7 @@ class CI_Router {
// the URI doesn't correlated to a valid controller.
$this->default_controller = ( ! isset($this->routes['default_controller']) OR $this->routes['default_controller'] == '') ? FALSE : strtolower($this->routes['default_controller']);
- // Were there any query string segments? If so, we'll validate them and bail out since we're done.
+ // Were there any query string segments? If so, we'll validate them and bail out since we're done.
if (count($segments) > 0)
{
return $this->_validate_request($segments);
@@ -212,7 +212,7 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Validates the supplied segments. Attempts to determine the path to
+ * Validates the supplied segments. Attempts to determine the path to
* the controller.
*
* @access private
@@ -227,7 +227,7 @@ class CI_Router {
}
// Does the requested controller exist in the root folder?
- if (file_exists(APPPATH.'controllers/'.$segments[0].EXT))
+ if (file_exists(APPPATH.'controllers/'.$segments[0].'.php'))
{
return $segments;
}
@@ -242,7 +242,7 @@ class CI_Router {
if (count($segments) > 0)
{
// Does the requested controller exist in the sub-folder?
- if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$segments[0].EXT))
+ if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$segments[0].'.php'))
{
show_404($this->fetch_directory().$segments[0]);
}
@@ -264,7 +264,7 @@ class CI_Router {
}
// Does the default controller exist in the sub-folder?
- if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$this->default_controller.EXT))
+ if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$this->default_controller.'.php'))
{
$this->directory = '';
return array();
@@ -277,7 +277,7 @@ class CI_Router {
// If we've gotten this far it means that the URI does not correlate to a valid
- // controller class. We will now see if there is an override
+ // controller class. We will now see if there is an override
if ( ! empty($this->routes['404_override']))
{
$x = explode('/', $this->routes['404_override']);
@@ -296,7 +296,7 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Parse Routes
+ * Parse Routes
*
* This function matches any routes that may exist in
* the config/routes.php file against the URI to
@@ -310,7 +310,7 @@ class CI_Router {
// Turn the segment array into a URI string
$uri = implode('/', $this->uri->segments);
- // Is there a literal match? If so we're done
+ // Is there a literal match? If so we're done
if (isset($this->routes[$uri]))
{
return $this->_set_request(explode('/', $this->routes[$uri]));
@@ -370,7 +370,7 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Set the method name
+ * Set the method name
*
* @access public
* @param string
@@ -384,7 +384,7 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Fetch the current method
+ * Fetch the current method
*
* @access public
* @return string
@@ -402,7 +402,7 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Set the directory name
+ * Set the directory name
*
* @access public
* @param string
@@ -416,7 +416,7 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Fetch the sub-directory (if any) that contains the requested controller class
+ * Fetch the sub-directory (if any) that contains the requested controller class
*
* @access public
* @return string
@@ -429,7 +429,7 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Set the controller overrides
+ * Set the controller overrides
*
* @access public
* @param array
diff --git a/system/core/Security.php b/system/core/Security.php
new file mode 100644
index 000000000..f5bfafd9b
--- /dev/null
+++ b/system/core/Security.php
@@ -0,0 +1,832 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.1.6 or newer
+ *
+ * @package CodeIgniter
+ * @author ExpressionEngine Dev Team
+ * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
+ * @license http://codeigniter.com/user_guide/license.html
+ * @link http://codeigniter.com
+ * @since Version 1.0
+ * @filesource
+ */
+
+// ------------------------------------------------------------------------
+
+/**
+ * Security Class
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Security
+ * @author ExpressionEngine Dev Team
+ * @link http://codeigniter.com/user_guide/libraries/security.html
+ */
+class CI_Security {
+
+ protected $_xss_hash = '';
+ protected $_csrf_hash = '';
+ protected $_csrf_expire = 7200; // Two hours (in seconds)
+ protected $_csrf_token_name = 'ci_csrf_token';
+ protected $_csrf_cookie_name = 'ci_csrf_token';
+
+ /* never allowed, string replacement */
+ protected $_never_allowed_str = array(
+ 'document.cookie' => '[removed]',
+ 'document.write' => '[removed]',
+ '.parentNode' => '[removed]',
+ '.innerHTML' => '[removed]',
+ 'window.location' => '[removed]',
+ '-moz-binding' => '[removed]',
+ '<!--' => '&lt;!--',
+ '-->' => '--&gt;',
+ '<![CDATA[' => '&lt;![CDATA['
+ );
+
+ /* never allowed, regex replacement */
+ protected $_never_allowed_regex = array(
+ "javascript\s*:" => '[removed]',
+ "expression\s*(\(|&\#40;)" => '[removed]', // CSS and IE
+ "vbscript\s*:" => '[removed]', // IE, surprise!
+ "Redirect\s+302" => '[removed]'
+ );
+
+ /**
+ * Constructor
+ */
+ public function __construct()
+ {
+ // CSRF config
+ foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
+ {
+ if (FALSE !== ($val = config_item($key)))
+ {
+ $this->{'_'.$key} = $val;
+ }
+ }
+
+ // Append application specific cookie prefix
+ if (config_item('cookie_prefix'))
+ {
+ $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
+ }
+
+ // Set the CSRF hash
+ $this->_csrf_set_hash();
+
+ log_message('debug', "Security Class Initialized");
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Verify Cross Site Request Forgery Protection
+ *
+ * @return object
+ */
+ public function csrf_verify()
+ {
+ // If no POST data exists we will set the CSRF cookie
+ if (count($_POST) == 0)
+ {
+ return $this->csrf_set_cookie();
+ }
+
+ // Do the tokens exist in both the _POST and _COOKIE arrays?
+ if ( ! isset($_POST[$this->_csrf_token_name]) OR
+ ! isset($_COOKIE[$this->_csrf_cookie_name]))
+ {
+ $this->csrf_show_error();
+ }
+
+ // Do the tokens match?
+ if ($_POST[$this->_csrf_token_name] != $_COOKIE[$this->_csrf_cookie_name])
+ {
+ $this->csrf_show_error();
+ }
+
+ // We kill this since we're done and we don't want to
+ // polute the _POST array
+ unset($_POST[$this->_csrf_token_name]);
+
+ // Nothing should last forever
+ unset($_COOKIE[$this->_csrf_cookie_name]);
+ $this->_csrf_set_hash();
+ $this->csrf_set_cookie();
+
+ log_message('debug', "CSRF token verified ");
+
+ return $this;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set Cross Site Request Forgery Protection Cookie
+ *
+ * @return object
+ */
+ public function csrf_set_cookie()
+ {
+ $expire = time() + $this->_csrf_expire;
+ $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
+
+ if ($secure_cookie)
+ {
+ $req = isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] : FALSE;
+
+ if ( ! $req OR $req == 'off')
+ {
+ return FALSE;
+ }
+ }
+
+ setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
+
+ log_message('debug', "CRSF cookie Set");
+
+ return $this;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Show CSRF Error
+ *
+ * @return void
+ */
+ public function csrf_show_error()
+ {
+ show_error('The action you have requested is not allowed.');
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Get CSRF Hash
+ *
+ * Getter Method
+ *
+ * @return string self::_csrf_hash
+ */
+ public function get_csrf_hash()
+ {
+ return $this->_csrf_hash;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Get CSRF Token Name
+ *
+ * Getter Method
+ *
+ * @return string self::csrf_token_name
+ */
+ public function get_csrf_token_name()
+ {
+ return $this->_csrf_token_name;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * XSS Clean
+ *
+ * Sanitizes data so that Cross Site Scripting Hacks can be
+ * prevented. This function does a fair amount of work but
+ * it is extremely thorough, designed to prevent even the
+ * most obscure XSS attempts. Nothing is ever 100% foolproof,
+ * of course, but I haven't been able to get anything passed
+ * the filter.
+ *
+ * Note: This function should only be used to deal with data
+ * upon submission. It's not something that should
+ * be used for general runtime processing.
+ *
+ * This function was based in part on some code and ideas I
+ * got from Bitflux: http://channel.bitflux.ch/wiki/XSS_Prevention
+ *
+ * To help develop this script I used this great list of
+ * vulnerabilities along with a few other hacks I've
+ * harvested from examining vulnerabilities in other programs:
+ * http://ha.ckers.org/xss.html
+ *
+ * @param mixed string or array
+ * @return string
+ */
+ public function xss_clean($str, $is_image = FALSE)
+ {
+ /*
+ * Is the string an array?
+ *
+ */
+ if (is_array($str))
+ {
+ while (list($key) = each($str))
+ {
+ $str[$key] = $this->xss_clean($str[$key]);
+ }
+
+ return $str;
+ }
+
+ /*
+ * Remove Invisible Characters
+ */
+ $str = remove_invisible_characters($str);
+
+ // Validate Entities in URLs
+ $str = $this->_validate_entities($str);
+
+ /*
+ * URL Decode
+ *
+ * Just in case stuff like this is submitted:
+ *
+ * <a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>
+ *
+ * Note: Use rawurldecode() so it does not remove plus signs
+ *
+ */
+ $str = rawurldecode($str);
+
+ /*
+ * Convert character entities to ASCII
+ *
+ * This permits our tests below to work reliably.
+ * We only convert entities that are within tags since
+ * these are the ones that will pose security problems.
+ *
+ */
+
+ $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str);
+
+ $str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", array($this, '_decode_entity'), $str);
+
+ /*
+ * Remove Invisible Characters Again!
+ */
+ $str = remove_invisible_characters($str);
+
+ /*
+ * Convert all tabs to spaces
+ *
+ * This prevents strings like this: ja vascript
+ * NOTE: we deal with spaces between characters later.
+ * NOTE: preg_replace was found to be amazingly slow here on
+ * large blocks of data, so we use str_replace.
+ */
+
+ if (strpos($str, "\t") !== FALSE)
+ {
+ $str = str_replace("\t", ' ', $str);
+ }
+
+ /*
+ * Capture converted string for later comparison
+ */
+ $converted_string = $str;
+
+ // Remove Strings that are never allowed
+ $str = $this->_do_never_allowed($str);
+
+ /*
+ * Makes PHP tags safe
+ *
+ * Note: XML tags are inadvertently replaced too:
+ *
+ * <?xml
+ *
+ * But it doesn't seem to pose a problem.
+ */
+ if ($is_image === TRUE)
+ {
+ // Images have a tendency to have the PHP short opening and
+ // closing tags every so often so we skip those and only
+ // do the long opening tags.
+ $str = preg_replace('/<\?(php)/i', "&lt;?\\1", $str);
+ }
+ else
+ {
+ $str = str_replace(array('<?', '?'.'>'), array('&lt;?', '?&gt;'), $str);
+ }
+
+ /*
+ * Compact any exploded words
+ *
+ * This corrects words like: j a v a s c r i p t
+ * These words are compacted back to their correct state.
+ */
+ $words = array(
+ 'javascript', 'expression', 'vbscript', 'script',
+ 'applet', 'alert', 'document', 'write', 'cookie', 'window'
+ );
+
+ foreach ($words as $word)
+ {
+ $temp = '';
+
+ for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++)
+ {
+ $temp .= substr($word, $i, 1)."\s*";
+ }
+
+ // We only want to do this when it is followed by a non-word character
+ // That way valid stuff like "dealer to" does not become "dealerto"
+ $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str);
+ }
+
+ /*
+ * Remove disallowed Javascript in links or img tags
+ * We used to do some version comparisons and use of stripos for PHP5,
+ * but it is dog slow compared to these simplified non-capturing
+ * preg_match(), especially if the pattern exists in the string
+ */
+ do
+ {
+ $original = $str;
+
+ if (preg_match("/<a/i", $str))
+ {
+ $str = preg_replace_callback("#<a\s+([^>]*?)(>|$)#si", array($this, '_js_link_removal'), $str);
+ }
+
+ if (preg_match("/<img/i", $str))
+ {
+ $str = preg_replace_callback("#<img\s+([^>]*?)(\s?/?>|$)#si", array($this, '_js_img_removal'), $str);
+ }
+
+ if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str))
+ {
+ $str = preg_replace("#<(/*)(script|xss)(.*?)\>#si", '[removed]', $str);
+ }
+ }
+ while($original != $str);
+
+ unset($original);
+
+ // Remove evil attributes such as style, onclick and xmlns
+ $str = $this->_remove_evil_attributes($str, $is_image);
+
+ /*
+ * Sanitize naughty HTML elements
+ *
+ * If a tag containing any of the words in the list
+ * below is found, the tag gets converted to entities.
+ *
+ * So this: <blink>
+ * Becomes: &lt;blink&gt;
+ */
+ $naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
+ $str = preg_replace_callback('#<(/*\s*)('.$naughty.')([^><]*)([><]*)#is', array($this, '_sanitize_naughty_html'), $str);
+
+ /*
+ * Sanitize naughty scripting elements
+ *
+ * Similar to above, only instead of looking for
+ * tags it looks for PHP and JavaScript commands
+ * that are disallowed. Rather than removing the
+ * code, it simply converts the parenthesis to entities
+ * rendering the code un-executable.
+ *
+ * For example: eval('some code')
+ * Becomes: eval&#40;'some code'&#41;
+ */
+ $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2&#40;\\3&#41;", $str);
+
+
+ // Final clean up
+ // This adds a bit of extra precaution in case
+ // something got through the above filters
+ $str = $this->_do_never_allowed($str);
+
+ /*
+ * Images are Handled in a Special Way
+ * - Essentially, we want to know that after all of the character
+ * conversion is done whether any unwanted, likely XSS, code was found.
+ * If not, we return TRUE, as the image is clean.
+ * However, if the string post-conversion does not matched the
+ * string post-removal of XSS, then it fails, as there was unwanted XSS
+ * code found and removed/changed during processing.
+ */
+
+ if ($is_image === TRUE)
+ {
+ return ($str == $converted_string) ? TRUE: FALSE;
+ }
+
+ log_message('debug', "XSS Filtering completed");
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Random Hash for protecting URLs
+ *
+ * @return string
+ */
+ public function xss_hash()
+ {
+ if ($this->_xss_hash == '')
+ {
+ if (phpversion() >= 4.2)
+ {
+ mt_srand();
+ }
+ else
+ {
+ mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
+ }
+
+ $this->_xss_hash = md5(time() + mt_rand(0, 1999999999));
+ }
+
+ return $this->_xss_hash;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * HTML Entities Decode
+ *
+ * This function is a replacement for html_entity_decode()
+ *
+ * In some versions of PHP the native function does not work
+ * when UTF-8 is the specified character set, so this gives us
+ * a work-around. More info here:
+ * http://bugs.php.net/bug.php?id=25670
+ *
+ * NOTE: html_entity_decode() has a bug in some PHP versions when UTF-8 is the
+ * character set, and the PHP developers said they were not back porting the
+ * fix to versions other than PHP 5.x.
+ *
+ * @param string
+ * @param string
+ * @return string
+ */
+ public function entity_decode($str, $charset='UTF-8')
+ {
+ if (stristr($str, '&') === FALSE) return $str;
+
+ // The reason we are not using html_entity_decode() by itself is because
+ // while it is not technically correct to leave out the semicolon
+ // at the end of an entity most browsers will still interpret the entity
+ // correctly. html_entity_decode() does not convert entities without
+ // semicolons, so we are left with our own little solution here. Bummer.
+
+ if (function_exists('html_entity_decode') &&
+ (strtolower($charset) != 'utf-8'))
+ {
+ $str = html_entity_decode($str, ENT_COMPAT, $charset);
+ $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str);
+ return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str);
+ }
+
+ // Numeric Entities
+ $str = preg_replace('~&#x(0*[0-9a-f]{2,5});{0,1}~ei', 'chr(hexdec("\\1"))', $str);
+ $str = preg_replace('~&#([0-9]{2,4});{0,1}~e', 'chr(\\1)', $str);
+
+ // Literal Entities - Slightly slow so we do another check
+ if (stristr($str, '&') === FALSE)
+ {
+ $str = strtr($str, array_flip(get_html_translation_table(HTML_ENTITIES)));
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Filename Security
+ *
+ * @param string
+ * @return string
+ */
+ public function sanitize_filename($str, $relative_path = FALSE)
+ {
+ $bad = array(
+ "../",
+ "<!--",
+ "-->",
+ "<",
+ ">",
+ "'",
+ '"',
+ '&',
+ '$',
+ '#',
+ '{',
+ '}',
+ '[',
+ ']',
+ '=',
+ ';',
+ '?',
+ "%20",
+ "%22",
+ "%3c", // <
+ "%253c", // <
+ "%3e", // >
+ "%0e", // >
+ "%28", // (
+ "%29", // )
+ "%2528", // (
+ "%26", // &
+ "%24", // $
+ "%3f", // ?
+ "%3b", // ;
+ "%3d" // =
+ );
+
+ if ( ! $relative_path)
+ {
+ $bad[] = './';
+ $bad[] = '/';
+ }
+
+ $str = remove_invisible_characters($str, FALSE);
+ return stripslashes(str_replace($bad, '', $str));
+ }
+
+ // ----------------------------------------------------------------
+
+ /**
+ * Compact Exploded Words
+ *
+ * Callback function for xss_clean() to remove whitespace from
+ * things like j a v a s c r i p t
+ *
+ * @param type
+ * @return type
+ */
+ protected function _compact_exploded_words($matches)
+ {
+ return preg_replace('/\s+/s', '', $matches[1]).$matches[2];
+ }
+
+ // --------------------------------------------------------------------
+
+ /*
+ * Remove Evil HTML Attributes (like evenhandlers and style)
+ *
+ * It removes the evil attribute and either:
+ * - Everything up until a space
+ * For example, everything between the pipes:
+ * <a |style=document.write('hello');alert('world');| class=link>
+ * - Everything inside the quotes
+ * For example, everything between the pipes:
+ * <a |style="document.write('hello'); alert('world');"| class="link">
+ *
+ * @param string $str The string to check
+ * @param boolean $is_image TRUE if this is an image
+ * @return string The string with the evil attributes removed
+ */
+ protected function _remove_evil_attributes($str, $is_image)
+ {
+ // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
+ $evil_attributes = array('on\w*', 'style', 'xmlns');
+
+ if ($is_image === TRUE)
+ {
+ /*
+ * Adobe Photoshop puts XML metadata into JFIF images,
+ * including namespacing, so we have to allow this for images.
+ */
+ unset($evil_attributes[array_search('xmlns', $evil_attributes)]);
+ }
+
+ do {
+ $str = preg_replace(
+ "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
+ "<$1$6",
+ $str, -1, $count
+ );
+ } while ($count);
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Sanitize Naughty HTML
+ *
+ * Callback function for xss_clean() to remove naughty HTML elements
+ *
+ * @param array
+ * @return string
+ */
+ protected function _sanitize_naughty_html($matches)
+ {
+ // encode opening brace
+ $str = '&lt;'.$matches[1].$matches[2].$matches[3];
+
+ // encode captured opening or closing brace to prevent recursive vectors
+ $str .= str_replace(array('>', '<'), array('&gt;', '&lt;'),
+ $matches[4]);
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * JS Link Removal
+ *
+ * Callback function for xss_clean() to sanitize links
+ * This limits the PCRE backtracks, making it more performance friendly
+ * and prevents PREG_BACKTRACK_LIMIT_ERROR from being triggered in
+ * PHP 5.2+ on link-heavy strings
+ *
+ * @param array
+ * @return string
+ */
+ protected function _js_link_removal($match)
+ {
+ $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]));
+
+ return str_replace($match[1], preg_replace("#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si", "", $attributes), $match[0]);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * JS Image Removal
+ *
+ * Callback function for xss_clean() to sanitize image tags
+ * This limits the PCRE backtracks, making it more performance friendly
+ * and prevents PREG_BACKTRACK_LIMIT_ERROR from being triggered in
+ * PHP 5.2+ on image tag heavy strings
+ *
+ * @param array
+ * @return string
+ */
+ protected function _js_img_removal($match)
+ {
+ $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]));
+
+ return str_replace($match[1], preg_replace("#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si", "", $attributes), $match[0]);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Attribute Conversion
+ *
+ * Used as a callback for XSS Clean
+ *
+ * @param array
+ * @return string
+ */
+ protected function _convert_attribute($match)
+ {
+ return str_replace(array('>', '<', '\\'), array('&gt;', '&lt;', '\\\\'), $match[0]);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Filter Attributes
+ *
+ * Filters tag attributes for consistency and safety
+ *
+ * @param string
+ * @return string
+ */
+ protected function _filter_attributes($str)
+ {
+ $out = '';
+
+ if (preg_match_all('#\s*[a-z\-]+\s*=\s*(\042|\047)([^\\1]*?)\\1#is', $str, $matches))
+ {
+ foreach ($matches[0] as $match)
+ {
+ $out .= preg_replace("#/\*.*?\*/#s", '', $match);
+ }
+ }
+
+ return $out;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * HTML Entity Decode Callback
+ *
+ * Used as a callback for XSS Clean
+ *
+ * @param array
+ * @return string
+ */
+ protected function _decode_entity($match)
+ {
+ return $this->entity_decode($match[0], strtoupper(config_item('charset')));
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Validate URL entities
+ *
+ * Called by xss_clean()
+ *
+ * @param string
+ * @return string
+ */
+ protected function _validate_entities($str)
+ {
+ /*
+ * Protect GET variables in URLs
+ */
+
+ // 901119URL5918AMP18930PROTECT8198
+
+ $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str);
+
+ /*
+ * Validate standard character entities
+ *
+ * Add a semicolon if missing. We do this to enable
+ * the conversion of entities to ASCII later.
+ *
+ */
+ $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', "\\1;\\2", $str);
+
+ /*
+ * Validate UTF16 two byte encoding (x00)
+ *
+ * Just as above, adds a semicolon if missing.
+ *
+ */
+ $str = preg_replace('#(&\#x?)([0-9A-F]+);?#i',"\\1\\2;",$str);
+
+ /*
+ * Un-Protect GET variables in URLs
+ */
+ $str = str_replace($this->xss_hash(), '&', $str);
+
+ return $str;
+ }
+
+ // ----------------------------------------------------------------------
+
+ /**
+ * Do Never Allowed
+ *
+ * A utility function for xss_clean()
+ *
+ * @param string
+ * @return string
+ */
+ protected function _do_never_allowed($str)
+ {
+ foreach ($this->_never_allowed_str as $key => $val)
+ {
+ $str = str_replace($key, $val, $str);
+ }
+
+ foreach ($this->_never_allowed_regex as $key => $val)
+ {
+ $str = preg_replace("#".$key."#i", $val, $str);
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set Cross Site Request Forgery Protection Cookie
+ *
+ * @return string
+ */
+ protected function _csrf_set_hash()
+ {
+ if ($this->_csrf_hash == '')
+ {
+ // If the cookie exists we will use it's value.
+ // We don't necessarily want to regenerate it with
+ // each page load since a page could contain embedded
+ // sub-pages causing this feature to fail
+ if (isset($_COOKIE[$this->_csrf_cookie_name]) &&
+ $_COOKIE[$this->_csrf_cookie_name] != '')
+ {
+ return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
+ }
+
+ return $this->_csrf_hash = md5(uniqid(rand(), TRUE));
+ }
+
+ return $this->_csrf_hash;
+ }
+
+}
+// END Security Class
+
+/* End of file Security.php */
+/* Location: ./system/libraries/Security.php */
diff --git a/system/core/URI.php b/system/core/URI.php
index c43cde005..94fac59ac 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -36,7 +36,7 @@ class CI_URI {
/**
* Constructor
*
- * Simply globalizes the $RTR object. The front
+ * Simply globalizes the $RTR object. The front
* loads the Router class early on so it's not available
* normally as other classes are.
*
@@ -64,14 +64,14 @@ class CI_URI {
// Is the request coming from the command line?
if (defined('STDIN'))
{
- $this->uri_string = $this->_parse_cli_args();
+ $this->_set_uri_string($this->_parse_cli_args());
return;
}
// Let's try the REQUEST_URI first, this will work in most situations
if ($uri = $this->_detect_uri())
{
- $this->uri_string = $uri;
+ $this->_set_uri_string($uri);
return;
}
@@ -80,51 +80,62 @@ class CI_URI {
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
if (trim($path, '/') != '' && $path != "/".SELF)
{
- $this->uri_string = $path;
+ $this->_set_uri_string($path);
return;
}
// No PATH_INFO?... What about QUERY_STRING?
- $path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
+ $path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
if (trim($path, '/') != '')
{
- $this->uri_string = $path;
+ $this->_set_uri_string($path);
return;
}
// As a last ditch effort lets try using the $_GET array
if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '')
{
- $this->uri_string = key($_GET);
+ $this->_set_uri_string(key($_GET));
return;
}
// We've exhausted all our options...
$this->uri_string = '';
+ return;
}
- else
- {
- $uri = strtoupper($this->config->item('uri_protocol'));
- if ($uri == 'REQUEST_URI')
- {
- $this->uri_string = $this->_detect_uri();
- return;
- }
- elseif ($uri == 'CLI')
- {
- $this->uri_string = $this->_parse_cli_args();
- return;
- }
+ $uri = strtoupper($this->config->item('uri_protocol'));
- $this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
+ if ($uri == 'REQUEST_URI')
+ {
+ $this->_set_uri_string($this->_detect_uri());
+ return;
}
-
- // If the URI contains only a slash we'll kill it
- if ($this->uri_string == '/')
+ elseif ($uri == 'CLI')
{
- $this->uri_string = '';
+ $this->_set_uri_string($this->_parse_cli_args());
+ return;
}
+
+ $path = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
+ $this->_set_uri_string($path);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set the URI String
+ *
+ * @access public
+ * @return string
+ */
+ function _set_uri_string($str)
+ {
+ // Filter out control characters
+ $str = remove_invisible_characters($str, FALSE);
+
+ // If the URI contains only a slash we'll kill it
+ $this->uri_string = ($str == '/') ? '' : $str;
}
// --------------------------------------------------------------------
@@ -140,7 +151,7 @@ class CI_URI {
*/
private function _detect_uri()
{
- if ( ! isset($_SERVER['REQUEST_URI']))
+ if ( ! isset($_SERVER['REQUEST_URI']) OR ! isset($_SERVER['SCRIPT_NAME']))
{
return '';
}
@@ -173,12 +184,12 @@ class CI_URI {
$_SERVER['QUERY_STRING'] = '';
$_GET = array();
}
-
+
if ($uri == '/' || empty($uri))
{
return '/';
}
-
+
$uri = parse_url($uri, PHP_URL_PATH);
// Do some final cleaning of the URI and return it
@@ -240,7 +251,7 @@ class CI_URI {
*/
function _remove_url_suffix()
{
- if ($this->config->item('url_suffix') != "")
+ if ($this->config->item('url_suffix') != "")
{
$this->uri_string = preg_replace("|".preg_quote($this->config->item('url_suffix'))."$|", "", $this->uri_string);
}
@@ -274,7 +285,7 @@ class CI_URI {
* Re-index Segments
*
* This function re-indexes the $this->segment array so that it
- * starts at 1 rather than 0. Doing so makes it simpler to
+ * starts at 1 rather than 0. Doing so makes it simpler to
* use functions like $this->uri->segment(n) since there is
* a 1:1 relationship between the segment array and the actual segments.
*
@@ -312,7 +323,7 @@ class CI_URI {
* Fetch a URI "routed" Segment
*
* This function returns the re-routed URI segment (assuming routing rules are used)
- * based on the number provided. If there is no routing this function returns the
+ * based on the number provided. If there is no routing this function returns the
* same result as $this->segment()
*
* @access public
@@ -414,7 +425,7 @@ class CI_URI {
$i = 0;
$lastval = '';
- $retval = array();
+ $retval = array();
foreach ($segments as $seg)
{
if ($i % 2)
diff --git a/system/core/Utf8.php b/system/core/Utf8.php
index 5d5a7ef72..738d7e9d8 100644
--- a/system/core/Utf8.php
+++ b/system/core/Utf8.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -107,7 +107,7 @@ class CI_Utf8 {
*/
function safe_ascii_for_xml($str)
{
- return preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S', '', $str);
+ return remove_invisible_characters($str, FALSE);
}
// --------------------------------------------------------------------