diff options
| author | dchill42 <dchill42@gmail.com> | 2012-07-23 16:53:47 +0200 |
|---|---|---|
| committer | dchill42 <dchill42@gmail.com> | 2012-07-23 16:53:47 +0200 |
| commit | c5079de78e5141330c07e990811ef15e998e95aa (patch) | |
| tree | 0f39d8c4fc7614246fc185810bfeaa7fad88a33a /system/core | |
| parent | 00fcb545109d4e61bc14e403ec828749c34a54b3 (diff) | |
| parent | ede49ba66b127535f3430e20aac72ceed2c4611a (diff) | |
Merge branch develop of github.com:/EllisLab/CodeIgniter into session
Diffstat (limited to 'system/core')
| -rw-r--r--[-rwxr-xr-x] | system/core/Benchmark.php | 52 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/CodeIgniter.php | 134 | ||||
| -rw-r--r-- | system/core/Common.php | 506 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Config.php | 199 | ||||
| -rw-r--r-- | system/core/Controller.php | 48 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Exceptions.php | 110 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Hooks.php | 89 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Input.php | 482 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Lang.php | 82 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Loader.php | 294 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Model.php | 39 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Output.php | 448 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Router.php | 169 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/Security.php | 484 | ||||
| -rw-r--r--[-rwxr-xr-x] | system/core/URI.php | 311 | ||||
| -rw-r--r-- | system/core/Utf8.php | 73 |
16 files changed, 1833 insertions, 1687 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index a200727ab..2fabdf46e 100755..100644 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -1,30 +1,40 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Benchmark Class * * This class enables you to mark points and calculate the time difference - * between them. Memory consumption can also be displayed. + * between them. Memory consumption can also be displayed. * * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/benchmark.html */ class CI_Benchmark { @@ -34,7 +44,7 @@ class CI_Benchmark { * * @var array */ - var $marker = array(); + public $marker = array(); // -------------------------------------------------------------------- @@ -44,13 +54,12 @@ class CI_Benchmark { * Multiple calls to this function can be made so that several * execution points can be timed * - * @access public * @param string $name name of the marker * @return void */ - function mark($name) + public function mark($name) { - $this->marker[$name] = microtime(); + $this->marker[$name] = microtime(TRUE); } // -------------------------------------------------------------------- @@ -63,15 +72,14 @@ class CI_Benchmark { * execution time to be shown in a template. The output class will * swap the real value for this variable. * - * @access public * @param string a particular marked point * @param string a particular marked point * @param integer the number of decimal places * @return mixed */ - function elapsed_time($point1 = '', $point2 = '', $decimals = 4) + public function elapsed_time($point1 = '', $point2 = '', $decimals = 4) { - if ($point1 == '') + if ($point1 === '') { return '{elapsed_time}'; } @@ -83,13 +91,10 @@ class CI_Benchmark { if ( ! isset($this->marker[$point2])) { - $this->marker[$point2] = microtime(); + $this->marker[$point2] = microtime(TRUE); } - list($sm, $ss) = explode(' ', $this->marker[$point1]); - list($em, $es) = explode(' ', $this->marker[$point2]); - - return number_format(($em + $es) - ($sm + $ss), $decimals); + return number_format($this->marker[$point2] - $this->marker[$point1], $decimals); } // -------------------------------------------------------------------- @@ -102,17 +107,14 @@ class CI_Benchmark { * without the memory being calculated until the end. * The output class will swap the real value for this variable. * - * @access public * @return string */ - function memory_usage() + public function memory_usage() { return '{memory_usage}'; } } -// END CI_Benchmark class - /* End of file Benchmark.php */ /* Location: ./system/core/Benchmark.php */
\ No newline at end of file diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index aca4fb23c..8159b19f5 100755..100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -1,59 +1,49 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * System Initialization File * * Loads the base classes and executes the request. * * @package CodeIgniter - * @subpackage codeigniter + * @subpackage CodeIgniter * @category Front-controller - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/ */ /** * CodeIgniter Version * - * @var string - * - */ - /** - * CodeIgniter Version - * - * @var string - * - */ - define('CI_VERSION', '2.1.0-dev'); - -/** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var boolean + * @var string * */ - /** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var string - * - */ - define('CI_CORE', FALSE); + define('CI_VERSION', '3.0-dev'); /* * ------------------------------------------------------ @@ -67,7 +57,7 @@ * Load the framework constants * ------------------------------------------------------ */ - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php')) + if (defined('ENVIRONMENT') && file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php')) { require(APPPATH.'config/'.ENVIRONMENT.'/constants.php'); } @@ -83,9 +73,9 @@ */ set_error_handler('_exception_handler'); - if ( ! is_php('5.3')) + if ( ! is_php('5.4')) { - @set_magic_quotes_runtime(0); // Kill magic quotes + @ini_set('magic_quotes_runtime', 0); // Kill magic quotes } /* @@ -99,28 +89,18 @@ * "libraries" folder. Since CI allows config items to be * overriden via data set in the main index. php file, * before proceeding we need to know if a subclass_prefix - * override exists. If so, we will set this value now, + * override exists. If so, we will set this value now, * before any classes are loaded * Note: Since the config file data is cached it doesn't * hurt to load it here. */ - if (isset($assign_to_config['subclass_prefix']) AND $assign_to_config['subclass_prefix'] != '') + if ( ! empty($assign_to_config['subclass_prefix'])) { get_config(array('subclass_prefix' => $assign_to_config['subclass_prefix'])); } /* * ------------------------------------------------------ - * Set a liberal script execution time limit - * ------------------------------------------------------ - */ - if (function_exists("set_time_limit") == TRUE AND @ini_get("safe_mode") == 0) - { - @set_time_limit(300); - } - -/* - * ------------------------------------------------------ * Start the timer... tick tock tick tock... * ------------------------------------------------------ */ @@ -140,7 +120,7 @@ * Is there a "pre_system" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('pre_system'); + $EXT->call_hook('pre_system'); /* * ------------------------------------------------------ @@ -162,11 +142,10 @@ * * Note: Order here is rather important as the UTF-8 * class needs to be used very early on, but it cannot - * properly determine if UTf-8 can be supported until + * properly determine if UTF-8 can be supported until * after the Config class is instantiated. * */ - $UNI =& load_class('Utf8', 'core'); /* @@ -199,15 +178,13 @@ /* * ------------------------------------------------------ - * Is there a valid cache file? If so, we're done... + * Is there a valid cache file? If so, we're done... * ------------------------------------------------------ */ - if ($EXT->_call_hook('cache_override') === FALSE) + if ($EXT->call_hook('cache_override') === FALSE + && $OUT->_display_cache($CFG, $URI) === TRUE) { - if ($OUT->_display_cache($CFG, $URI) == TRUE) - { - exit; - } + exit; } /* @@ -240,6 +217,13 @@ // Load the base controller class require BASEPATH.'core/Controller.php'; + /** + * Reference to the CI_Controller method. + * + * Returns current CI instance object + * + * @return object + */ function &get_instance() { return CI_Controller::get_instance(); @@ -277,20 +261,20 @@ $method = $RTR->fetch_method(); if ( ! class_exists($class) - OR strncmp($method, '_', 1) == 0 + OR strpos($method, '_') === 0 OR in_array(strtolower($method), array_map('strtolower', get_class_methods('CI_Controller'))) ) { if ( ! empty($RTR->routes['404_override'])) { - $x = explode('/', $RTR->routes['404_override']); + $x = explode('/', $RTR->routes['404_override'], 2); $class = $x[0]; - $method = (isset($x[1]) ? $x[1] : 'index'); + $method = isset($x[1]) ? $x[1] : 'index'; if ( ! class_exists($class)) { if ( ! file_exists(APPPATH.'controllers/'.$class.'.php')) { - show_404("{$class}/{$method}"); + show_404($class.'/'.$method); } include_once(APPPATH.'controllers/'.$class.'.php'); @@ -298,7 +282,7 @@ } else { - show_404("{$class}/{$method}"); + show_404($class.'/'.$method); } } @@ -307,7 +291,7 @@ * Is there a "pre_controller" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('pre_controller'); + $EXT->call_hook('pre_controller'); /* * ------------------------------------------------------ @@ -324,7 +308,7 @@ * Is there a "post_controller_constructor" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('post_controller_constructor'); + $EXT->call_hook('post_controller_constructor'); /* * ------------------------------------------------------ @@ -345,14 +329,14 @@ // Check and see if we are using a 404 override and use it. if ( ! empty($RTR->routes['404_override'])) { - $x = explode('/', $RTR->routes['404_override']); + $x = explode('/', $RTR->routes['404_override'], 2); $class = $x[0]; - $method = (isset($x[1]) ? $x[1] : 'index'); + $method = isset($x[1]) ? $x[1] : 'index'; if ( ! class_exists($class)) { if ( ! file_exists(APPPATH.'controllers/'.$class.'.php')) { - show_404("{$class}/{$method}"); + show_404($class.'/'.$method); } include_once(APPPATH.'controllers/'.$class.'.php'); @@ -362,7 +346,7 @@ } else { - show_404("{$class}/{$method}"); + show_404($class.'/'.$method); } } @@ -371,7 +355,6 @@ call_user_func_array(array(&$CI, $method), array_slice($URI->rsegments, 2)); } - // Mark a benchmark end point $BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_end'); @@ -380,14 +363,14 @@ * Is there a "post_controller" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('post_controller'); + $EXT->call_hook('post_controller'); /* * ------------------------------------------------------ * Send the final rendered output to the browser * ------------------------------------------------------ */ - if ($EXT->_call_hook('display_override') === FALSE) + if ($EXT->call_hook('display_override') === FALSE) { $OUT->_display(); } @@ -397,18 +380,7 @@ * Is there a "post_system" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('post_system'); - -/* - * ------------------------------------------------------ - * Close the DB connection if one exists - * ------------------------------------------------------ - */ - if (class_exists('CI_DB') AND isset($CI->db)) - { - $CI->db->close(); - } - + $EXT->call_hook('post_system'); /* End of file CodeIgniter.php */ /* Location: ./system/core/CodeIgniter.php */
\ No newline at end of file diff --git a/system/core/Common.php b/system/core/Common.php index d79375475..06b162264 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -1,54 +1,63 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Common Functions * * Loads the base classes and executes the request. * * @package CodeIgniter - * @subpackage codeigniter + * @subpackage CodeIgniter * @category Common Functions - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/ */ // ------------------------------------------------------------------------ -/** -* Determines if the current version of PHP is greater then the supplied value -* -* Since there are a few places where we conditionally test for PHP > 5 -* we'll set a static variable. -* -* @access public -* @param string -* @return bool TRUE if the current version is $version or higher -*/ if ( ! function_exists('is_php')) { - function is_php($version = '5.0.0') + /** + * Determines if the current version of PHP is greater then the supplied value + * + * Since there are a few places where we conditionally test for PHP > 5.3 + * we'll set a static variable. + * + * @param string + * @return bool TRUE if the current version is $version or higher + */ + function is_php($version = '5.3.0') { static $_is_php; - $version = (string)$version; + $version = (string) $version; if ( ! isset($_is_php[$version])) { - $_is_php[$version] = (version_compare(PHP_VERSION, $version) < 0) ? FALSE : TRUE; + $_is_php[$version] = (version_compare(PHP_VERSION, $version) >= 0); } return $_is_php[$version]; @@ -57,32 +66,32 @@ if ( ! function_exists('is_php')) // ------------------------------------------------------------------------ -/** - * Tests for file writability - * - * is_writable() returns TRUE on Windows servers when you really can't write to - * the file, based on the read-only attribute. is_writable() is also unreliable - * on Unix servers if safe_mode is on. - * - * @access private - * @return void - */ if ( ! function_exists('is_really_writable')) { + /** + * Tests for file writability + * + * is_writable() returns TRUE on Windows servers when you really can't write to + * the file, based on the read-only attribute. is_writable() is also unreliable + * on Unix servers if safe_mode is on. + * + * @param string + * @return void + */ function is_really_writable($file) { // If we're on a Unix server with safe_mode off we call is_writable - if (DIRECTORY_SEPARATOR == '/' AND @ini_get("safe_mode") == FALSE) + if (DIRECTORY_SEPARATOR === '/' && (bool) @ini_get('safe_mode') === FALSE) { return is_writable($file); } - // For windows servers and safe_mode "on" installations we'll actually - // write a file then read it. Bah... + /* For Windows servers and safe_mode "on" installations we'll actually + * write a file then read it. Bah... + */ if (is_dir($file)) { $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100)); - if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE) { return FALSE; @@ -105,26 +114,25 @@ if ( ! function_exists('is_really_writable')) // ------------------------------------------------------------------------ -/** -* Class registry -* -* This function acts as a singleton. If the requested class does not -* exist it is instantiated and set to a static variable. If it has -* previously been instantiated the variable is returned. -* -* @access public -* @param string the class name being requested -* @param string the directory where the class should be found -* @param string the class name prefix -* @return object -*/ if ( ! function_exists('load_class')) { + /** + * Class registry + * + * This function acts as a singleton. If the requested class does not + * exist it is instantiated and set to a static variable. If it has + * previously been instantiated the variable is returned. + * + * @param string the class name being requested + * @param string the directory where the class should be found + * @param string the class name prefix + * @return object + */ function &load_class($class, $directory = 'libraries', $prefix = 'CI_') { static $_classes = array(); - // Does the class exist? If so, we're done... + // Does the class exist? If so, we're done... if (isset($_classes[$class])) { return $_classes[$class]; @@ -149,7 +157,7 @@ if ( ! function_exists('load_class')) } } - // Is the request a class extension? If so we load it too + // Is the request a class extension? If so we load it too if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php')) { $name = config_item('subclass_prefix').$class; @@ -164,7 +172,8 @@ if ( ! function_exists('load_class')) if ($name === FALSE) { // Note: We use exit() rather then show_error() in order to avoid a - // self-referencing loop with the Excptions class + // self-referencing loop with the Exceptions class + set_status_header(503); exit('Unable to locate the specified class: '.$class.'.php'); } @@ -178,20 +187,20 @@ if ( ! function_exists('load_class')) // -------------------------------------------------------------------- -/** -* Keeps track of which libraries have been loaded. This function is -* called by the load_class() function above -* -* @access public -* @return array -*/ if ( ! function_exists('is_loaded')) { - function is_loaded($class = '') + /** + * Keeps track of which libraries have been loaded. This function is + * called by the load_class() function above + * + * @param string + * @return array + */ + function &is_loaded($class = '') { static $_is_loaded = array(); - if ($class != '') + if ($class !== '') { $_is_loaded[strtolower($class)] = $class; } @@ -202,17 +211,17 @@ if ( ! function_exists('is_loaded')) // ------------------------------------------------------------------------ -/** -* Loads the main config.php file -* -* This function lets us grab the config file even if the Config class -* hasn't been instantiated yet -* -* @access private -* @return array -*/ if ( ! function_exists('get_config')) { + /** + * Loads the main config.php file + * + * This function lets us grab the config file even if the Config class + * hasn't been instantiated yet + * + * @param array + * @return array + */ function &get_config($replace = array()) { static $_config; @@ -222,23 +231,29 @@ if ( ! function_exists('get_config')) return $_config[0]; } - // Is the config file in the environment folder? - if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php')) + $file_path = APPPATH.'config/config.php'; + $found = FALSE; + if (file_exists($file_path)) { - $file_path = APPPATH.'config/config.php'; + $found = TRUE; + require($file_path); } - // Fetch the config file - if ( ! file_exists($file_path)) + // Is the config file in the environment folder? + if (defined('ENVIRONMENT') && file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php')) { + require($file_path); + } + elseif ( ! $found) + { + set_status_header(503); exit('The configuration file does not exist.'); } - require($file_path); - // Does the $config array exist in the file? if ( ! isset($config) OR ! is_array($config)) { + set_status_header(503); exit('Your config file does not appear to be formatted correctly.'); } @@ -260,14 +275,14 @@ if ( ! function_exists('get_config')) // ------------------------------------------------------------------------ -/** -* Returns the specified config item -* -* @access public -* @return mixed -*/ if ( ! function_exists('config_item')) { + /** + * Returns the specified config item + * + * @param string + * @return mixed + */ function config_item($item) { static $_config_item = array(); @@ -289,20 +304,48 @@ if ( ! function_exists('config_item')) // ------------------------------------------------------------------------ -/** -* Error Handler -* -* This function lets us invoke the exception class and -* display errors using the standard error template located -* in application/errors/errors.php -* This function will send the error page directly to the -* browser and exit. -* -* @access public -* @return void -*/ +if ( ! function_exists('get_mimes')) +{ + /** + * Returns the MIME types array from config/mimes.php + * + * @return array + */ + function &get_mimes() + { + static $_mimes = array(); + + if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) + { + $_mimes = include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'); + } + elseif (is_file(APPPATH.'config/mimes.php')) + { + $_mimes = include(APPPATH.'config/mimes.php'); + } + + return $_mimes; + } +} + +// ------------------------------------------------------------------------ + if ( ! function_exists('show_error')) { + /** + * Error Handler + * + * This function lets us invoke the exception class and + * display errors using the standard error template located + * in application/errors/errors.php + * This function will send the error page directly to the + * browser and exit. + * + * @param string + * @param int + * @param string + * @return void + */ function show_error($message, $status_code = 500, $heading = 'An Error Was Encountered') { $_error =& load_class('Exceptions', 'core'); @@ -313,18 +356,19 @@ if ( ! function_exists('show_error')) // ------------------------------------------------------------------------ -/** -* 404 Page Handler -* -* This function is similar to the show_error() function above -* However, instead of the standard error template it displays -* 404 errors. -* -* @access public -* @return void -*/ if ( ! function_exists('show_404')) { + /** + * 404 Page Handler + * + * This function is similar to the show_error() function above + * However, instead of the standard error template it displays + * 404 errors. + * + * @param string + * @param bool + * @return void + */ function show_404($page = '', $log_error = TRUE) { $_error =& load_class('Exceptions', 'core'); @@ -335,22 +379,24 @@ if ( ! function_exists('show_404')) // ------------------------------------------------------------------------ -/** -* Error Logging Interface -* -* We use this as a simple mechanism to access the logging -* class and send messages to be logged. -* -* @access public -* @return void -*/ if ( ! function_exists('log_message')) { + /** + * Error Logging Interface + * + * We use this as a simple mechanism to access the logging + * class and send messages to be logged. + * + * @param string + * @param string + * @param bool + * @return void + */ function log_message($level = 'error', $message, $php_error = FALSE) { static $_log; - if (config_item('log_threshold') == 0) + if (config_item('log_threshold') === 0) { return; } @@ -362,133 +408,132 @@ if ( ! function_exists('log_message')) // ------------------------------------------------------------------------ -/** - * Set HTTP Status Header - * - * @access public - * @param int the status code - * @param string - * @return void - */ if ( ! function_exists('set_status_header')) { + /** + * Set HTTP Status Header + * + * @param int the status code + * @param string + * @return void + */ function set_status_header($code = 200, $text = '') { $stati = array( - 200 => 'OK', - 201 => 'Created', - 202 => 'Accepted', - 203 => 'Non-Authoritative Information', - 204 => 'No Content', - 205 => 'Reset Content', - 206 => 'Partial Content', - - 300 => 'Multiple Choices', - 301 => 'Moved Permanently', - 302 => 'Found', - 304 => 'Not Modified', - 305 => 'Use Proxy', - 307 => 'Temporary Redirect', - - 400 => 'Bad Request', - 401 => 'Unauthorized', - 403 => 'Forbidden', - 404 => 'Not Found', - 405 => 'Method Not Allowed', - 406 => 'Not Acceptable', - 407 => 'Proxy Authentication Required', - 408 => 'Request Timeout', - 409 => 'Conflict', - 410 => 'Gone', - 411 => 'Length Required', - 412 => 'Precondition Failed', - 413 => 'Request Entity Too Large', - 414 => 'Request-URI Too Long', - 415 => 'Unsupported Media Type', - 416 => 'Requested Range Not Satisfiable', - 417 => 'Expectation Failed', - - 500 => 'Internal Server Error', - 501 => 'Not Implemented', - 502 => 'Bad Gateway', - 503 => 'Service Unavailable', - 504 => 'Gateway Timeout', - 505 => 'HTTP Version Not Supported' - ); - - if ($code == '' OR ! is_numeric($code)) + 200 => 'OK', + 201 => 'Created', + 202 => 'Accepted', + 203 => 'Non-Authoritative Information', + 204 => 'No Content', + 205 => 'Reset Content', + 206 => 'Partial Content', + + 300 => 'Multiple Choices', + 301 => 'Moved Permanently', + 302 => 'Found', + 303 => 'See Other', + 304 => 'Not Modified', + 305 => 'Use Proxy', + 307 => 'Temporary Redirect', + + 400 => 'Bad Request', + 401 => 'Unauthorized', + 403 => 'Forbidden', + 404 => 'Not Found', + 405 => 'Method Not Allowed', + 406 => 'Not Acceptable', + 407 => 'Proxy Authentication Required', + 408 => 'Request Timeout', + 409 => 'Conflict', + 410 => 'Gone', + 411 => 'Length Required', + 412 => 'Precondition Failed', + 413 => 'Request Entity Too Large', + 414 => 'Request-URI Too Long', + 415 => 'Unsupported Media Type', + 416 => 'Requested Range Not Satisfiable', + 417 => 'Expectation Failed', + 422 => 'Unprocessable Entity', + + 500 => 'Internal Server Error', + 501 => 'Not Implemented', + 502 => 'Bad Gateway', + 503 => 'Service Unavailable', + 504 => 'Gateway Timeout', + 505 => 'HTTP Version Not Supported' + ); + + if (empty($code) OR ! is_numeric($code)) { show_error('Status codes must be numeric', 500); } - if (isset($stati[$code]) AND $text == '') - { - $text = $stati[$code]; - } + is_int($code) OR $code = (int) $code; - if ($text == '') + if (empty($text)) { - show_error('No status text available. Please check your status code number or supply your own message text.', 500); + if (isset($stati[$code])) + { + $text = $stati[$code]; + } + else + { + show_error('No status text available. Please check your status code number or supply your own message text.', 500); + } } - $server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; + $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; - if (substr(php_sapi_name(), 0, 3) == 'cgi') + if (strpos(php_sapi_name(), 'cgi') === 0) { - header("Status: {$code} {$text}", TRUE); + header('Status: '.$code.' '.$text, TRUE); } - elseif ($server_protocol == 'HTTP/1.1' OR $server_protocol == 'HTTP/1.0') + elseif ($server_protocol === 'HTTP/1.0') { - header($server_protocol." {$code} {$text}", TRUE, $code); + header('HTTP/1.0 '.$code.' '.$text, TRUE, $code); } else { - header("HTTP/1.1 {$code} {$text}", TRUE, $code); + header('HTTP/1.1 '.$code.' '.$text, TRUE, $code); } } } // -------------------------------------------------------------------- -/** -* Exception Handler -* -* This is the custom exception handler that is declaired at the top -* of Codeigniter.php. The main reason we use this is to permit -* PHP errors to be logged in our own log files since the user may -* not have access to server logs. Since this function -* effectively intercepts PHP errors, however, we also need -* to display errors based on the current error_reporting level. -* We do that with the use of a PHP error template. -* -* @access private -* @return void -*/ if ( ! function_exists('_exception_handler')) { + /** + * Exception Handler + * + * This is the custom exception handler that is declaired at the top + * of Codeigniter.php. The main reason we use this is to permit + * PHP errors to be logged in our own log files since the user may + * not have access to server logs. Since this function + * effectively intercepts PHP errors, however, we also need + * to display errors based on the current error_reporting level. + * We do that with the use of a PHP error template. + * + * @param int + * @param string + * @param string + * @param int + * @return void + */ function _exception_handler($severity, $message, $filepath, $line) { - // We don't bother with "strict" notices since they tend to fill up - // the log file with excess information that isn't normally very helpful. - // For example, if you are running PHP 5 and you use version 4 style - // class functions (without prefixes like "public", "private", etc.) - // you'll get notices telling you that these have been deprecated. - if ($severity == E_STRICT) - { - return; - } - $_error =& load_class('Exceptions', 'core'); // Should we display the error? We'll get the current error_reporting // level and add its bits with the severity bits to find out. - if (($severity & error_reporting()) == $severity) + // And respect display_errors + if (($severity & error_reporting()) === $severity && (bool) ini_get('display_errors') === TRUE) { $_error->show_php_error($severity, $message, $filepath, $line); } - // Should we log the error? No? We're done... - if (config_item('log_threshold') == 0) + // Should we log the error? No? We're done... + if (config_item('log_threshold') === 0) { return; } @@ -499,31 +544,30 @@ if ( ! function_exists('_exception_handler')) // -------------------------------------------------------------------- -/** - * Remove Invisible Characters - * - * This prevents sandwiching null characters - * between ascii characters, like Java\0script. - * - * @access public - * @param string - * @return string - */ if ( ! function_exists('remove_invisible_characters')) { + /** + * Remove Invisible Characters + * + * This prevents sandwiching null characters + * between ascii characters, like Java\0script. + * + * @param string + * @param bool + * @return string + */ function remove_invisible_characters($str, $url_encoded = TRUE) { $non_displayables = array(); - - // every control character except newline (dec 10) - // carriage return (dec 13), and horizontal tab (dec 09) - + + // every control character except newline (dec 10), + // carriage return (dec 13) and horizontal tab (dec 09) if ($url_encoded) { $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15 $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31 } - + $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127 do @@ -538,25 +582,19 @@ if ( ! function_exists('remove_invisible_characters')) // ------------------------------------------------------------------------ -/** -* Returns HTML escaped variable -* -* @access public -* @param mixed -* @return mixed -*/ if ( ! function_exists('html_escape')) { + /** + * Returns HTML escaped variable + * + * @param mixed + * @return mixed + */ function html_escape($var) { - if (is_array($var)) - { - return array_map('html_escape', $var); - } - else - { - return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); - } + return is_array($var) + ? array_map('html_escape', $var) + : htmlspecialchars($var, ENT_QUOTES, config_item('charset')); } } diff --git a/system/core/Config.php b/system/core/Config.php index 714c4667b..2f6a9e085 100755..100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Config Class * @@ -23,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/config.html */ class CI_Config { @@ -33,46 +43,42 @@ class CI_Config { * * @var array */ - var $config = array(); + public $config = array(); + /** * List of all loaded config files * * @var array */ - var $is_loaded = array(); + public $is_loaded = array(); + /** - * List of paths to search when trying to load a config file + * List of paths to search when trying to load a config file. + * This must be public as it's used by the Loader class. * * @var array */ - var $_config_paths = array(APPPATH); + public $_config_paths = array(APPPATH); /** * Constructor * * Sets the $config data from the primary config.php file as a class variable - * - * @access public - * @param string the config file name - * @param boolean if configuration values should be loaded into their own section - * @param boolean true if errors should just return false, false if an error message should be displayed - * @return boolean if the file was successfully loaded or not */ - function __construct() + public function __construct() { $this->config =& get_config(); - log_message('debug', "Config Class Initialized"); + log_message('debug', 'Config Class Initialized'); // Set the base_url automatically if none was provided - if ($this->config['base_url'] == '') + if (empty($this->config['base_url'])) { if (isset($_SERVER['HTTP_HOST'])) { - $base_url = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http'; - $base_url .= '://'. $_SERVER['HTTP_HOST']; - $base_url .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); + $base_url = ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') ? 'https' : 'http'; + $base_url .= '://'.$_SERVER['HTTP_HOST'] + .str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); } - else { $base_url = 'http://localhost/'; @@ -87,24 +93,22 @@ class CI_Config { /** * Load Config File * - * @access public * @param string the config file name - * @param boolean if configuration values should be loaded into their own section - * @param boolean true if errors should just return false, false if an error message should be displayed - * @return boolean if the file was loaded correctly + * @param bool if configuration values should be loaded into their own section + * @param bool true if errors should just return false, false if an error message should be displayed + * @return bool if the file was loaded correctly */ - function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE) + public function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE) { - $file = ($file == '') ? 'config' : str_replace('.php', '', $file); - $found = FALSE; - $loaded = FALSE; + $file = ($file === '') ? 'config' : str_replace('.php', '', $file); + $found = $loaded = FALSE; + + $check_locations = defined('ENVIRONMENT') + ? array(ENVIRONMENT.'/'.$file, $file) + : array($file); foreach ($this->_config_paths as $path) { - $check_locations = defined('ENVIRONMENT') - ? array(ENVIRONMENT.'/'.$file, $file) - : array($file); - foreach ($check_locations as $location) { $file_path = $path.'config/'.$location.'.php'; @@ -168,7 +172,7 @@ class CI_Config { { return FALSE; } - show_error('The configuration file '.$file.'.php'.' does not exist.'); + show_error('The configuration file '.$file.'.php does not exist.'); } return TRUE; @@ -179,40 +183,18 @@ class CI_Config { /** * Fetch a config file item * - * - * @access public * @param string the config item name * @param string the index name - * @param bool * @return string */ - function item($item, $index = '') + public function item($item, $index = '') { if ($index == '') { - if ( ! isset($this->config[$item])) - { - return FALSE; - } - - $pref = $this->config[$item]; + return isset($this->config[$item]) ? $this->config[$item] : FALSE; } - else - { - if ( ! isset($this->config[$index])) - { - return FALSE; - } - - if ( ! isset($this->config[$index][$item])) - { - return FALSE; - } - $pref = $this->config[$index][$item]; - } - - return $pref; + return isset($this->config[$index], $this->config[$index][$item]) ? $this->config[$index][$item] : FALSE; } // -------------------------------------------------------------------- @@ -220,18 +202,16 @@ class CI_Config { /** * Fetch a config file item - adds slash after item (if item is not empty) * - * @access public * @param string the config item name - * @param bool * @return string */ - function slash_item($item) + public function slash_item($item) { if ( ! isset($this->config[$item])) { return FALSE; } - if( trim($this->config[$item]) == '') + elseif (trim($this->config[$item]) === '') { return ''; } @@ -245,26 +225,39 @@ class CI_Config { * Site URL * Returns base_url . index_page [. uri_string] * - * @access public - * @param string the URI string + * @param mixed the URI string or an array of segments * @return string */ - function site_url($uri = '') + public function site_url($uri = '') { - if ($uri == '') + if (empty($uri)) { return $this->slash_item('base_url').$this->item('index_page'); } - if ($this->item('enable_query_strings') == FALSE) + $uri = $this->_uri_string($uri); + + if ($this->item('enable_query_strings') === FALSE) { - $suffix = ($this->item('url_suffix') == FALSE) ? '' : $this->item('url_suffix'); - return $this->slash_item('base_url').$this->slash_item('index_page').$this->_uri_string($uri).$suffix; + $suffix = ($this->item('url_suffix') === FALSE) ? '' : $this->item('url_suffix'); + + if ($suffix !== '' && ($offset = strpos($uri, '?')) !== FALSE) + { + $uri = substr($uri, 0, $offset).$suffix.substr($uri, $offset); + } + else + { + $uri .= $suffix; + } + + return $this->slash_item('base_url').$this->slash_item('index_page').$uri; } - else + elseif (strpos($uri, '?') === FALSE) { - return $this->slash_item('base_url').$this->item('index_page').'?'.$this->_uri_string($uri); + $uri = '?'.$uri; } + + return $this->slash_item('base_url').$this->item('index_page').$uri; } // ------------------------------------------------------------- @@ -273,13 +266,12 @@ class CI_Config { * Base URL * Returns base_url [. uri_string] * - * @access public - * @param string $uri - * @return string + * @param string $uri + * @return string */ - function base_url($uri = '') + public function base_url($uri = '') { - return $this->slash_item('base_url').ltrim($this->_uri_string($uri),'/'); + return $this->slash_item('base_url').ltrim($this->_uri_string($uri), '/'); } // ------------------------------------------------------------- @@ -287,36 +279,25 @@ class CI_Config { /** * Build URI string for use in Config::site_url() and Config::base_url() * - * @access protected - * @param $uri - * @return string + * @param mixed $uri + * @return string */ protected function _uri_string($uri) { - if ($this->item('enable_query_strings') == FALSE) + if ($this->item('enable_query_strings') === FALSE) { if (is_array($uri)) { $uri = implode('/', $uri); } - $uri = trim($uri, '/'); + return trim($uri, '/'); } - else + elseif (is_array($uri)) { - if (is_array($uri)) - { - $i = 0; - $str = ''; - foreach ($uri as $key => $val) - { - $prefix = ($i == 0) ? '' : '&'; - $str .= $prefix.$key.'='.$val; - $i++; - } - $uri = $str; - } + return http_build_query($uri); } - return $uri; + + return $uri; } // -------------------------------------------------------------------- @@ -324,12 +305,11 @@ class CI_Config { /** * System URL * - * @access public * @return string */ - function system_url() + public function system_url() { - $x = explode("/", preg_replace("|/*(.+?)/*$|", "\\1", BASEPATH)); + $x = explode('/', preg_replace('|/*(.+?)/*$|', '\\1', BASEPATH)); return $this->slash_item('base_url').end($x).'/'; } @@ -338,12 +318,11 @@ class CI_Config { /** * Set a config file item * - * @access public * @param string the config item key * @param string the config item value * @return void */ - function set_item($item, $value) + public function set_item($item, $value) { $this->config[$item] = $value; } @@ -354,14 +333,13 @@ class CI_Config { * Assign to Config * * This function is called by the front controller (CodeIgniter.php) - * after the Config class is instantiated. It permits config items + * after the Config class is instantiated. It permits config items * to be assigned or overriden by variables contained in the index.php file * - * @access private * @param array * @return void */ - function _assign_to_config($items = array()) + public function _assign_to_config($items = array()) { if (is_array($items)) { @@ -371,9 +349,8 @@ class CI_Config { } } } -} -// END CI_Config class +} /* End of file Config.php */ -/* Location: ./system/core/Config.php */ +/* Location: ./system/core/Config.php */
\ No newline at end of file diff --git a/system/core/Controller.php b/system/core/Controller.php index fddb81e19..491414807 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Application Controller Class * @@ -24,20 +34,27 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/general/controllers.html */ class CI_Controller { + /** + * Reference to the global CI instance + * + * @var object + */ private static $instance; /** - * Constructor + * Set up controller properties and methods + * + * @return void */ public function __construct() { self::$instance =& $this; - + // Assign all the class objects that were instantiated by the // bootstrap file (CodeIgniter.php) to local class variables // so that CI can run as one big super object. @@ -47,18 +64,21 @@ class CI_Controller { } $this->load =& load_class('Loader', 'core'); - $this->load->initialize(); - - log_message('debug', "Controller Class Initialized"); + log_message('debug', 'Controller Class Initialized'); } + /** + * Return the CI object + * + * @return object + */ public static function &get_instance() { return self::$instance; } + } -// END Controller class /* End of file Controller.php */ /* Location: ./system/core/Controller.php */
\ No newline at end of file diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index 869739a5a..bd9178dbd 100755..100644 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -1,73 +1,77 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Exceptions Class * * @package CodeIgniter * @subpackage Libraries * @category Exceptions - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/exceptions.html */ class CI_Exceptions { - var $action; - var $severity; - var $message; - var $filename; - var $line; /** * Nesting level of the output buffering mechanism * - * @var int - * @access public + * @var int */ - var $ob_level; + public $ob_level; /** * List if available error levels * - * @var array - * @access public + * @var array */ - var $levels = array( - E_ERROR => 'Error', - E_WARNING => 'Warning', - E_PARSE => 'Parsing Error', - E_NOTICE => 'Notice', - E_CORE_ERROR => 'Core Error', - E_CORE_WARNING => 'Core Warning', - E_COMPILE_ERROR => 'Compile Error', - E_COMPILE_WARNING => 'Compile Warning', - E_USER_ERROR => 'User Error', - E_USER_WARNING => 'User Warning', - E_USER_NOTICE => 'User Notice', - E_STRICT => 'Runtime Notice' - ); - + public $levels = array( + E_ERROR => 'Error', + E_WARNING => 'Warning', + E_PARSE => 'Parsing Error', + E_NOTICE => 'Notice', + E_CORE_ERROR => 'Core Error', + E_CORE_WARNING => 'Core Warning', + E_COMPILE_ERROR => 'Compile Error', + E_COMPILE_WARNING => 'Compile Warning', + E_USER_ERROR => 'User Error', + E_USER_WARNING => 'User Warning', + E_USER_NOTICE => 'User Notice', + E_STRICT => 'Runtime Notice' + ); /** - * Constructor + * Initialize execption class + * + * @return void */ public function __construct() { $this->ob_level = ob_get_level(); - // Note: Do not log messages from this constructor. + // Note: Do not log messages from this constructor. } // -------------------------------------------------------------------- @@ -77,17 +81,15 @@ class CI_Exceptions { * * This function logs PHP generated error messages * - * @access private * @param string the error severity * @param string the error string * @param string the error filepath * @param string the error line number - * @return string + * @return void */ - function log_exception($severity, $message, $filepath, $line) + public function log_exception($severity, $message, $filepath, $line) { - $severity = ( ! isset($this->levels[$severity])) ? $severity : $this->levels[$severity]; - + $severity = isset($this->levels[$severity]) ? $this->levels[$severity] : $severity; log_message('error', 'Severity: '.$severity.' --> '.$message. ' '.$filepath.' '.$line, TRUE); } @@ -96,15 +98,14 @@ class CI_Exceptions { /** * 404 Page Not Found Handler * - * @access private * @param string the page * @param bool log error yes/no * @return string */ - function show_404($page = '', $log_error = TRUE) + public function show_404($page = '', $log_error = TRUE) { - $heading = "404 Page Not Found"; - $message = "The page you requested was not found."; + $heading = '404 Page Not Found'; + $message = 'The page you requested was not found.'; // By default we log this, but allow a dev to skip it if ($log_error) @@ -125,25 +126,24 @@ class CI_Exceptions { * (either as a string or an array) and displays * it using the specified template. * - * @access private * @param string the heading * @param string the message * @param string the template name - * @param int the status code + * @param int the status code * @return string */ - function show_error($heading, $message, $template = 'error_general', $status_code = 500) + public function show_error($heading, $message, $template = 'error_general', $status_code = 500) { set_status_header($status_code); - $message = '<p>'.implode('</p><p>', ( ! is_array($message)) ? array($message) : $message).'</p>'; + $message = '<p>'.implode('</p><p>', is_array($message) ? $message : array($message)).'</p>'; if (ob_get_level() > $this->ob_level + 1) { ob_end_flush(); } ob_start(); - include(APPPATH.'errors/'.$template.'.php'); + include(VIEWPATH.'errors/'.$template.'.php'); $buffer = ob_get_contents(); ob_end_clean(); return $buffer; @@ -154,18 +154,16 @@ class CI_Exceptions { /** * Native PHP error handler * - * @access private * @param string the error severity * @param string the error string * @param string the error filepath * @param string the error line number * @return string */ - function show_php_error($severity, $message, $filepath, $line) + public function show_php_error($severity, $message, $filepath, $line) { - $severity = ( ! isset($this->levels[$severity])) ? $severity : $this->levels[$severity]; - - $filepath = str_replace("\\", "/", $filepath); + $severity = isset($this->levels[$severity]) ? $this->levels[$severity] : $severity; + $filepath = str_replace('\\', '/', $filepath); // For safety reasons we do not show the full file path if (FALSE !== strpos($filepath, '/')) @@ -179,15 +177,13 @@ class CI_Exceptions { ob_end_flush(); } ob_start(); - include(APPPATH.'errors/error_php.php'); + include(VIEWPATH.'errors/error_php.php'); $buffer = ob_get_contents(); ob_end_clean(); echo $buffer; } - } -// END Exceptions Class /* End of file Exceptions.php */ /* Location: ./system/core/Exceptions.php */
\ No newline at end of file diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 33f1c034c..afbf4b453 100755..100644 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Hooks Class * @@ -23,73 +33,61 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/encryption.html */ class CI_Hooks { /** - * Determines wether hooks are enabled + * Determines whether hooks are enabled * * @var bool */ - var $enabled = FALSE; + public $enabled = FALSE; + /** * List of all hooks set in config/hooks.php * * @var array */ - var $hooks = array(); - /** - * Determines wether hook is in progress, used to prevent infinte loops - * - * @var bool - */ - var $in_progress = FALSE; + public $hooks = array(); /** - * Constructor + * Determines whether hook is in progress, used to prevent infinte loops * + * @var bool */ - function __construct() - { - $this->_initialize(); - log_message('debug', "Hooks Class Initialized"); - } - - // -------------------------------------------------------------------- + public $in_progress = FALSE; /** * Initialize the Hooks Preferences * - * @access private * @return void */ - function _initialize() + public function __construct() { $CFG =& load_class('Config', 'core'); + log_message('debug', 'Hooks Class Initialized'); + // If hooks are not enabled in the config file // there is nothing else to do - - if ($CFG->item('enable_hooks') == FALSE) + if ($CFG->item('enable_hooks') === FALSE) { return; } // Grab the "hooks" definition file. - // If there are no hooks, we're done. - - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) + if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) { - include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); + include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); } elseif (is_file(APPPATH.'config/hooks.php')) { include(APPPATH.'config/hooks.php'); } - + // If there are no hooks, we're done. if ( ! isset($hook) OR ! is_array($hook)) { return; @@ -104,20 +102,19 @@ class CI_Hooks { /** * Call Hook * - * Calls a particular hook + * Calls a particular hook. Called by CodeIgniter.php. * - * @access private * @param string the hook name * @return mixed */ - function _call_hook($which = '') + public function call_hook($which = '') { if ( ! $this->enabled OR ! isset($this->hooks[$which])) { return FALSE; } - if (isset($this->hooks[$which][0]) AND is_array($this->hooks[$which][0])) + if (isset($this->hooks[$which][0]) && is_array($this->hooks[$which][0])) { foreach ($this->hooks[$which] as $val) { @@ -139,11 +136,10 @@ class CI_Hooks { * * Runs a particular hook * - * @access private * @param array the hook details * @return bool */ - function _run_hook($data) + protected function _run_hook($data) { if ( ! is_array($data)) { @@ -156,8 +152,7 @@ class CI_Hooks { // If the script being called happens to have the same // hook call within it a loop can happen - - if ($this->in_progress == TRUE) + if ($this->in_progress === TRUE) { return; } @@ -166,7 +161,7 @@ class CI_Hooks { // Set file path // ----------------------------------- - if ( ! isset($data['filepath']) OR ! isset($data['filename'])) + if ( ! isset($data['filepath'], $data['filename'])) { return FALSE; } @@ -186,12 +181,12 @@ class CI_Hooks { $function = FALSE; $params = ''; - if (isset($data['class']) AND $data['class'] != '') + if ( ! empty($data['class'])) { $class = $data['class']; } - if (isset($data['function'])) + if ( ! empty($data['function'])) { $function = $data['function']; } @@ -201,7 +196,7 @@ class CI_Hooks { $params = $data['params']; } - if ($class === FALSE AND $function === FALSE) + if ($class === FALSE && $function === FALSE) { return FALSE; } @@ -242,7 +237,5 @@ class CI_Hooks { } -// END CI_Hooks class - /* End of file Hooks.php */ /* Location: ./system/core/Hooks.php */
\ No newline at end of file diff --git a/system/core/Input.php b/system/core/Input.php index 0dc2c4550..162e40c85 100755..100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Input Class * @@ -23,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Input - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/input.html */ class CI_Input { @@ -33,46 +43,51 @@ class CI_Input { * * @var string */ - var $ip_address = FALSE; + public $ip_address = FALSE; + /** * user agent (web browser) being used by the current user * * @var string */ - var $user_agent = FALSE; + public $user_agent = FALSE; + /** * If FALSE, then $_GET will be set to an empty array * * @var bool */ - var $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; + /** * If TRUE, then newlines are standardized * * @var bool */ - var $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; + /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered * Set automatically based on config setting * * @var bool */ - var $_enable_xss = FALSE; + protected $_enable_xss = FALSE; + /** * Enables a CSRF cookie token to be set. * Set automatically based on config setting * * @var bool */ - var $_enable_csrf = FALSE; + protected $_enable_csrf = FALSE; + /** * List of all HTTP request headers * * @var array */ - protected $headers = array(); - + protected $headers = array(); /** * Constructor @@ -80,14 +95,15 @@ class CI_Input { * Sets whether to globally enable the XSS processing * and whether to allow the $_GET array * + * @return void */ public function __construct() { - log_message('debug', "Input Class Initialized"); + log_message('debug', 'Input Class Initialized'); $this->_allow_get_array = (config_item('allow_get_array') === TRUE); - $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); - $this->_enable_csrf = (config_item('csrf_protection') === TRUE); + $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); + $this->_enable_csrf = (config_item('csrf_protection') === TRUE); global $SEC; $this->security =& $SEC; @@ -110,17 +126,16 @@ class CI_Input { * * This is a helper function to retrieve values from global arrays * - * @access private * @param array * @param string * @param bool * @return string */ - function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { - return FALSE; + return NULL; } if ($xss_clean === TRUE) @@ -134,17 +149,16 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the GET array - * - * @access public - * @param string - * @param bool - * @return string - */ - function get($index = NULL, $xss_clean = FALSE) + * Fetch an item from the GET array + * + * @param string + * @param bool + * @return string + */ + public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_GET)) + if ($index === NULL && ! empty($_GET)) { $get = array(); @@ -162,17 +176,16 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the POST array - * - * @access public - * @param string - * @param bool - * @return string - */ - function post($index = NULL, $xss_clean = FALSE) + * Fetch an item from the POST array + * + * @param string + * @param bool + * @return string + */ + public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_POST)) + if ($index === NULL && ! empty($_POST)) { $post = array(); @@ -191,36 +204,29 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from either the GET array or the POST - * - * @access public - * @param string The index key - * @param bool XSS cleaning - * @return string - */ - function get_post($index = '', $xss_clean = FALSE) + * Fetch an item from either the GET array or the POST + * + * @param string The index key + * @param bool XSS cleaning + * @return string + */ + public function get_post($index = '', $xss_clean = FALSE) { - if ( ! isset($_POST[$index]) ) - { - return $this->get($index, $xss_clean); - } - else - { - return $this->post($index, $xss_clean); - } + return isset($_POST[$index]) + ? $this->post($index, $xss_clean) + : $this->get($index, $xss_clean); } // -------------------------------------------------------------------- /** - * Fetch an item from the COOKIE array - * - * @access public - * @param string - * @param bool - * @return string - */ - function cookie($index = '', $xss_clean = FALSE) + * Fetch an item from the COOKIE array + * + * @param string + * @param bool + * @return string + */ + public function cookie($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -228,27 +234,27 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Set cookie - * - * Accepts six parameter, or you can submit an associative - * array in the first parameter containing all the values. - * - * @access public - * @param mixed - * @param string the value of the cookie - * @param string the number of seconds until expiration - * @param string the cookie domain. Usually: .yourdomain.com - * @param string the cookie path - * @param string the cookie prefix - * @param bool true makes the cookie secure - * @return void - */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + * Set cookie + * + * Accepts seven parameters, or you can submit an associative + * array in the first parameter containing all the values. + * + * @param mixed + * @param string the value of the cookie + * @param string the number of seconds until expiration + * @param string the cookie domain. Usually: .yourdomain.com + * @param string the cookie path + * @param string the cookie prefix + * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) + * @return void + */ + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { // always leave 'name' in last place, as the loop will break otherwise, due to $$item - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) { if (isset($name[$item])) { @@ -257,23 +263,31 @@ class CI_Input { } } - if ($prefix == '' AND config_item('cookie_prefix') != '') + if ($prefix === '' && config_item('cookie_prefix') !== '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' AND config_item('cookie_domain') != '') + + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } - if ($path == '/' AND config_item('cookie_path') != '/') + + if ($path === '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE AND config_item('cookie_secure') != FALSE) + + if ($secure === FALSE && config_item('cookie_secure') !== FALSE) { $secure = config_item('cookie_secure'); } + if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) + { + $httponly = config_item('cookie_httponly'); + } + if ( ! is_numeric($expire)) { $expire = time() - 86500; @@ -283,20 +297,19 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); } // -------------------------------------------------------------------- /** - * Fetch an item from the SERVER array - * - * @access public - * @param string - * @param bool - * @return string - */ - function server($index = '', $xss_clean = FALSE) + * Fetch an item from the SERVER array + * + * @param string + * @param bool + * @return string + */ + public function server($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -304,12 +317,11 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch the IP Address - * - * @access public - * @return string - */ - function ip_address() + * Fetch the IP Address + * + * @return string + */ + public function ip_address() { if ($this->ip_address !== FALSE) { @@ -323,11 +335,11 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif ($this->server('REMOTE_ADDR') && $this->server('HTTP_CLIENT_IP')) { $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } @@ -342,8 +354,7 @@ class CI_Input { if ($this->ip_address === FALSE) { - $this->ip_address = '0.0.0.0'; - return $this->ip_address; + return $this->ip_address = '0.0.0.0'; } if (strpos($this->ip_address, ',') !== FALSE) @@ -354,7 +365,7 @@ class CI_Input { if ( ! $this->valid_ip($this->ip_address)) { - $this->ip_address = '0.0.0.0'; + return $this->ip_address = '0.0.0.0'; } return $this->ip_address; @@ -363,99 +374,89 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Validate IP Address - * - * Updated version suggested by Geert De Deckere - * - * @access public - * @param string - * @return string - */ - function valid_ip($ip) + * Validate IP Address + * + * @param string + * @param string 'ipv4' or 'ipv6' + * @return bool + */ + public function valid_ip($ip, $which = '') { - $ip_segments = explode('.', $ip); - - // Always 4 segments needed - if (count($ip_segments) != 4) - { - return FALSE; - } - // IP can not start with 0 - if ($ip_segments[0][0] == '0') + switch (strtolower($which)) { - return FALSE; - } - // Check each segment - foreach ($ip_segments as $segment) - { - // IP segments must be digits and can not be - // longer than 3 digits or greater then 255 - if ($segment == '' OR preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3) - { - return FALSE; - } + case 'ipv4': + $which = FILTER_FLAG_IPV4; + break; + case 'ipv6': + $which = FILTER_FLAG_IPV6; + break; + default: + $which = NULL; + break; } - return TRUE; + return (bool) filter_var($ip, FILTER_VALIDATE_IP, $which); } // -------------------------------------------------------------------- /** - * User Agent - * - * @access public - * @return string - */ - function user_agent() + * User Agent + * + * @return string + */ + public function user_agent() { if ($this->user_agent !== FALSE) { return $this->user_agent; } - $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; - - return $this->user_agent; + return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : FALSE; } // -------------------------------------------------------------------- /** - * Sanitize Globals - * - * This function does the following: - * - * Unsets $_GET data (if query strings are not enabled) - * - * Unsets all globals if register_globals is enabled - * - * Standardizes newline characters to \n - * - * @access private - * @return void - */ - function _sanitize_globals() + * Sanitize Globals + * + * This function does the following: + * + * - Unsets $_GET data (if query strings are not enabled) + * - Unsets all globals if register_globals is enabled + * - Standardizes newline characters to \n + * + * @return void + */ + protected function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. - $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', - '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', - 'system_folder', 'application_folder', 'BM', 'EXT', - 'CFG', 'URI', 'RTR', 'OUT', 'IN'); + $protected = array( + '_SERVER', + '_GET', + '_POST', + '_FILES', + '_REQUEST', + '_SESSION', + '_ENV', + 'GLOBALS', + 'HTTP_RAW_POST_DATA', + 'system_folder', + 'application_folder', + 'BM', + 'EXT', + 'CFG', + 'URI', + 'RTR', + 'OUT', + 'IN' + ); // Unset globals for securiy. // This is effectively the same as register_globals = off foreach (array($_GET, $_POST, $_COOKIE) as $global) { - if ( ! is_array($global)) - { - if ( ! in_array($global, $protected)) - { - global $$global; - $$global = NULL; - } - } - else + if (is_array($global)) { foreach ($global as $key => $val) { @@ -466,26 +467,28 @@ class CI_Input { } } } + elseif ( ! in_array($global, $protected)) + { + global $$global; + $$global = NULL; + } } // Is $_GET data allowed? If not we'll set the $_GET to an empty array - if ($this->_allow_get_array == FALSE) + if ($this->_allow_get_array === FALSE) { $_GET = array(); } - else + elseif (is_array($_GET) && count($_GET) > 0) { - if (is_array($_GET) AND count($_GET) > 0) + foreach ($_GET as $key => $val) { - foreach ($_GET as $key => $val) - { - $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); - } + $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } } // Clean $_POST Data - if (is_array($_POST) AND count($_POST) > 0) + if (is_array($_POST) && count($_POST) > 0) { foreach ($_POST as $key => $val) { @@ -494,7 +497,7 @@ class CI_Input { } // Clean $_COOKIE Data - if (is_array($_COOKIE) AND count($_COOKIE) > 0) + if (is_array($_COOKIE) && count($_COOKIE) > 0) { // Also get rid of specially treated cookies that might be set by a server // or silly application, that are of no use to a CI application anyway @@ -514,29 +517,27 @@ class CI_Input { // Sanitize PHP_SELF $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); - // CSRF Protection check - if ($this->_enable_csrf == TRUE) + if ($this->_enable_csrf === TRUE) { $this->security->csrf_verify(); } - log_message('debug', "Global POST and COOKIE data sanitized"); + log_message('debug', 'Global POST and COOKIE data sanitized'); } // -------------------------------------------------------------------- /** - * Clean Input Data - * - * This is a helper function. It escapes data and - * standardizes newline characters to \n - * - * @access private - * @param string - * @return string - */ - function _clean_input_data($str) + * Clean Input Data + * + * This is a helper function. It escapes data and + * standardizes newline characters to \n + * + * @param string + * @return string + */ + protected function _clean_input_data($str) { if (is_array($str)) { @@ -548,8 +549,12 @@ class CI_Input { return $new_array; } - // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + /* We strip slashes if magic quotes is on to keep things consistent + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $str = stripslashes($str); } @@ -570,12 +575,9 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE) + if ($this->_standardize_newlines === TRUE && strpos($str, "\r") !== FALSE) { - if (strpos($str, "\r") !== FALSE) - { - $str = str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); - } + return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } return $str; @@ -584,27 +586,27 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Clean Keys - * - * This is a helper function. To prevent malicious users - * from trying to exploit keys we make sure that keys are - * only named with alpha-numeric text and a few other items. - * - * @access private - * @param string - * @return string - */ - function _clean_input_keys($str) + * Clean Keys + * + * This is a helper function. To prevent malicious users + * from trying to exploit keys we make sure that keys are + * only named with alpha-numeric text and a few other items. + * + * @param string + * @return string + */ + protected function _clean_input_keys($str) { - if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) + if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { + set_status_header(503); exit('Disallowed Key Characters.'); } // Clean UTF-8 if supported if (UTF8_ENABLED === TRUE) { - $str = $this->uni->clean_string($str); + return $this->uni->clean_string($str); } return $str; @@ -618,9 +620,8 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * - * @param bool XSS cleaning - * - * @return array + * @param bool XSS cleaning + * @return array */ public function request_headers($xss_clean = FALSE) { @@ -631,11 +632,11 @@ class CI_Input { } else { - $headers['Content-Type'] = (isset($_SERVER['CONTENT_TYPE'])) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { - if (strncmp($key, 'HTTP_', 5) === 0) + if (strpos($key, 'HTTP_') === 0) { $headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); } @@ -661,9 +662,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers - * @param boolean XSS Clean or not - * @return mixed FALSE on failure, string on success + * @param string array key for $this->headers + * @param bool XSS Clean or not + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { @@ -674,15 +675,12 @@ class CI_Input { if ( ! isset($this->headers[$index])) { - return FALSE; + return NULL; } - if ($xss_clean === TRUE) - { - return $this->security->xss_clean($this->headers[$index]); - } - - return $this->headers[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($this->headers[$index]) + : $this->headers[$index]; } // -------------------------------------------------------------------- @@ -692,11 +690,11 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @return boolean + * @return bool */ public function is_ajax_request() { - return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest'); + return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'); } // -------------------------------------------------------------------- @@ -706,15 +704,31 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @return boolean + * @return bool */ public function is_cli_request() { - return (php_sapi_name() == 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli' OR defined('STDIN')); + } + + // -------------------------------------------------------------------- + + /** + * Get Request Method + * + * Return the Request Method + * + * @param bool uppercase or lowercase + * @return bool + */ + public function method($upper = FALSE) + { + return ($upper) + ? strtoupper($this->server('REQUEST_METHOD')) + : strtolower($this->server('REQUEST_METHOD')); } } -// END Input class /* End of file Input.php */ -/* Location: ./system/core/Input.php */ +/* Location: ./system/core/Input.php */
\ No newline at end of file diff --git a/system/core/Lang.php b/system/core/Lang.php index d61d1029a..3001f1b13 100755..100644 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -1,27 +1,37 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Language Class * * @package CodeIgniter * @subpackage Libraries * @category Language - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/language.html */ class CI_Lang { @@ -31,22 +41,23 @@ class CI_Lang { * * @var array */ - var $language = array(); + public $language = array(); + /** * List of loaded language files * * @var array */ - var $is_loaded = array(); + public $is_loaded = array(); /** - * Constructor + * Initialize language class * - * @access public + * @return void */ - function __construct() + public function __construct() { - log_message('debug', "Language Class Initialized"); + log_message('debug', 'Language Class Initialized'); } // -------------------------------------------------------------------- @@ -54,40 +65,37 @@ class CI_Lang { /** * Load a language file * - * @access public - * @param mixed the name of the language file to be loaded. Can be an array + * @param mixed the name of the language file to be loaded * @param string the language (english, etc.) * @param bool return loaded array of translations * @param bool add suffix to $langfile * @param string alternative path to look for language file * @return mixed */ - function load($langfile = '', $idiom = '', $return = FALSE, $add_suffix = TRUE, $alt_path = '') + public function load($langfile, $idiom = '', $return = FALSE, $add_suffix = TRUE, $alt_path = '') { $langfile = str_replace('.php', '', $langfile); - if ($add_suffix == TRUE) + if ($add_suffix === TRUE) { - $langfile = str_replace('_lang.', '', $langfile).'_lang'; + $langfile = str_replace('_lang', '', $langfile).'_lang'; } $langfile .= '.php'; - if (in_array($langfile, $this->is_loaded, TRUE)) + if ($idiom === '') { - return; + $config =& get_config(); + $idiom = ( ! empty($config['language'])) ? $config['language'] : 'english'; } - $config =& get_config(); - - if ($idiom == '') + if ($return === FALSE && isset($this->is_loaded[$langfile]) && $this->is_loaded[$langfile] === $idiom) { - $deft_lang = ( ! isset($config['language'])) ? 'english' : $config['language']; - $idiom = ($deft_lang == '') ? 'english' : $deft_lang; + return; } // Determine where the language file is and load it - if ($alt_path != '' && file_exists($alt_path.'language/'.$idiom.'/'.$langfile)) + if ($alt_path !== '' && file_exists($alt_path.'language/'.$idiom.'/'.$langfile)) { include($alt_path.'language/'.$idiom.'/'.$langfile); } @@ -115,17 +123,21 @@ class CI_Lang { if ( ! isset($lang) OR ! is_array($lang)) { log_message('error', 'Language file contains no data: language/'.$idiom.'/'.$langfile); + + if ($return === TRUE) + { + return array(); + } return; } - if ($return == TRUE) + if ($return === TRUE) { return $lang; } - $this->is_loaded[] = $langfile; - $this->language = $this->language + $lang; - unset($lang); + $this->is_loaded[$langfile] = $idiom; + $this->language = array_merge($this->language, $lang); log_message('debug', 'Language file loaded: language/'.$idiom.'/'.$langfile); return TRUE; @@ -136,13 +148,12 @@ class CI_Lang { /** * Fetch a single line of text from the language array * - * @access public * @param string $line the language line * @return string */ - function line($line = '') + public function line($line = '') { - $value = ($line == '' OR ! isset($this->language[$line])) ? FALSE : $this->language[$line]; + $value = ($line === '' OR ! isset($this->language[$line])) ? FALSE : $this->language[$line]; // Because killer robots like unicorns! if ($value === FALSE) @@ -154,7 +165,6 @@ class CI_Lang { } } -// END Language Class /* End of file Lang.php */ -/* Location: ./system/core/Lang.php */ +/* Location: ./system/core/Lang.php */
\ No newline at end of file diff --git a/system/core/Loader.php b/system/core/Loader.php index edf5853f0..ea81c6f26 100755..100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Loader Class * @@ -22,8 +32,8 @@ * * @package CodeIgniter * @subpackage Libraries - * @author ExpressionEngine Dev Team * @category Loader + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/loader.html */ class CI_Loader { @@ -33,93 +43,95 @@ class CI_Loader { * Nesting level of the output buffering mechanism * * @var int - * @access protected */ protected $_ci_ob_level; + /** * List of paths to load views from * * @var array - * @access protected */ - protected $_ci_view_paths = array(); + protected $_ci_view_paths = array(); + /** * List of paths to load libraries from * * @var array - * @access protected */ - protected $_ci_library_paths = array(); + protected $_ci_library_paths = array(); + /** * List of paths to load models from * * @var array - * @access protected */ - protected $_ci_model_paths = array(); + protected $_ci_model_paths = array(); + /** * List of paths to load helpers from * * @var array - * @access protected */ - protected $_ci_helper_paths = array(); + protected $_ci_helper_paths = array(); + /** * List of loaded base classes - * Set by the controller class * * @var array - * @access protected */ - protected $_base_classes = array(); // Set by the controller class + protected $_base_classes = array(); // Set by the controller class + /** * List of cached variables * * @var array - * @access protected */ - protected $_ci_cached_vars = array(); + protected $_ci_cached_vars = array(); + /** * List of loaded classes * * @var array - * @access protected */ - protected $_ci_classes = array(); + protected $_ci_classes = array(); + /** * List of loaded files * * @var array - * @access protected */ - protected $_ci_loaded_files = array(); + protected $_ci_loaded_files = array(); + /** * List of loaded models * * @var array - * @access protected */ - protected $_ci_models = array(); + protected $_ci_models = array(); + /** * List of loaded helpers * * @var array - * @access protected */ - protected $_ci_helpers = array(); + protected $_ci_helpers = array(); + /** * List of class name mappings * * @var array - * @access protected */ - protected $_ci_varmap = array('unit_test' => 'unit', - 'user_agent' => 'agent'); + protected $_ci_varmap = array( + 'unit_test' => 'unit', + 'user_agent' => 'agent' + ); /** * Constructor * * Sets the path to the view files and gets the initial output buffering level + * + * @return void */ public function __construct() { @@ -129,7 +141,7 @@ class CI_Loader { $this->_ci_model_paths = array(APPPATH); $this->_ci_view_paths = array(VIEWPATH => TRUE); - log_message('debug', "Loader Class Initialized"); + log_message('debug', 'Loader Class Initialized'); } // -------------------------------------------------------------------- @@ -139,7 +151,6 @@ class CI_Loader { * * This method is called once in CI_Controller. * - * @param array * @return object */ public function initialize() @@ -150,7 +161,6 @@ class CI_Loader { $this->_base_classes =& is_loaded(); $this->_ci_autoloader(); - return $this; } @@ -170,12 +180,7 @@ class CI_Loader { */ public function is_loaded($class) { - if (isset($this->_ci_classes[$class])) - { - return $this->_ci_classes[$class]; - } - - return FALSE; + return isset($this->_ci_classes[$class]) ? $this->_ci_classes[$class] : FALSE; } // -------------------------------------------------------------------- @@ -203,7 +208,7 @@ class CI_Loader { return; } - if ($library == '' OR isset($this->_base_classes[$library])) + if ($library === '' OR isset($this->_base_classes[$library])) { return FALSE; } @@ -232,14 +237,14 @@ class CI_Loader { { if (is_array($model)) { - foreach ($model as $babe) + foreach ($model as $class) { - $this->model($babe); + $this->model($class); } return; } - if ($model == '') + if ($model === '') { return; } @@ -250,13 +255,13 @@ class CI_Loader { if (($last_slash = strrpos($model, '/')) !== FALSE) { // The path is in front of the last slash - $path = substr($model, 0, $last_slash + 1); + $path = substr($model, 0, ++$last_slash); // And the model name behind it - $model = substr($model, $last_slash + 1); + $model = substr($model, $last_slash); } - if ($name == '') + if (empty($name)) { $name = $model; } @@ -281,7 +286,7 @@ class CI_Loader { continue; } - if ($db_conn !== FALSE AND ! class_exists('CI_DB')) + if ($db_conn !== FALSE && ! class_exists('CI_DB')) { if ($db_conn === TRUE) { @@ -299,9 +304,7 @@ class CI_Loader { require_once($mod_path.'models/'.$path.$model.'.php'); $model = ucfirst($model); - $CI->$name = new $model(); - $this->_ci_models[] = $name; return; } @@ -317,16 +320,16 @@ class CI_Loader { * * @param string the DB credentials * @param bool whether to return the DB object - * @param bool whether to enable active record (this allows us to override the config setting) + * @param bool whether to enable query builder (this allows us to override the config setting) * @return object */ - public function database($params = '', $return = FALSE, $active_record = NULL) + public function database($params = '', $return = FALSE, $query_builder = NULL) { // Grab the super object $CI =& get_instance(); // Do we even need to load the database class? - if (class_exists('CI_DB') AND $return == FALSE AND $active_record == NULL AND isset($CI->db) AND is_object($CI->db)) + if (class_exists('CI_DB') && $return === FALSE && $query_builder === NULL && isset($CI->db) && is_object($CI->db)) { return FALSE; } @@ -335,15 +338,15 @@ class CI_Loader { if ($return === TRUE) { - return DB($params, $active_record); + return DB($params, $query_builder); } - // Initialize the db variable. Needed to prevent + // Initialize the db variable. Needed to prevent // reference errors with some configurations $CI->db = ''; // Load the DB class - $CI->db =& DB($params, $active_record); + $CI->db =& DB($params, $query_builder); } // -------------------------------------------------------------------- @@ -401,13 +404,13 @@ class CI_Loader { /** * Load View * - * This function is used to load a "view" file. It has three parameters: + * This function is used to load a "view" file. It has three parameters: * * 1. The name of the "view" file to be included. * 2. An associative array of data to be extracted for use in the view. - * 3. TRUE/FALSE - whether to return the data or load it. In - * some cases it's advantageous to be able to return data so that - * a developer can process it in some way. + * 3. TRUE/FALSE - whether to return the data or load it. In + * some cases it's advantageous to be able to return data so that + * a developer can process it in some way. * * @param string * @param array @@ -449,14 +452,14 @@ class CI_Loader { */ public function vars($vars = array(), $val = '') { - if ($val != '' AND is_string($vars)) + if ($val !== '' && is_string($vars)) { $vars = array($vars => $val); } $vars = $this->_ci_object_to_array($vars); - if (is_array($vars) AND count($vars) > 0) + if (is_array($vars) && count($vars) > 0) { foreach ($vars as $key => $val) { @@ -483,6 +486,20 @@ class CI_Loader { // -------------------------------------------------------------------- /** + * Get Variables + * + * Retrieve all loaded variables + * + * @return array + */ + public function get_vars() + { + return $this->_ci_cached_vars; + } + + // -------------------------------------------------------------------- + + /** * Load Helper * * This function loads the specified helper file. @@ -603,19 +620,33 @@ class CI_Loader { * * Loads a driver library * - * @param string the name of the class + * @param mixed the name of the class or array of classes * @param mixed the optional parameters * @param string an optional object name * @return void */ public function driver($library = '', $params = NULL, $object_name = NULL) { + if (is_array($library)) + { + foreach ($library as $driver) + { + $this->driver($driver); + } + return FALSE; + } + if ( ! class_exists('CI_Driver_Library')) { // we aren't instantiating an object here, that'll be done by the Library itself require BASEPATH.'libraries/Driver.php'; } + if ($library === '') + { + return FALSE; + } + // We can save the loader some time since Drivers will *always* be in a subfolder, // and typically identically named to the library if ( ! strpos($library, '/')) @@ -634,10 +665,10 @@ class CI_Loader { * Prepends a parent path to the library, model, helper, and config path arrays * * @param string - * @param boolean + * @param bool * @return void */ - public function add_package_path($path, $view_cascade=TRUE) + public function add_package_path($path, $view_cascade = TRUE) { $path = rtrim($path, '/').'/'; @@ -649,7 +680,7 @@ class CI_Loader { // Add config file path $config =& $this->_ci_get_component('config'); - array_unshift($config->_config_paths, $path); + array_push($config->_config_paths, $path); } // -------------------------------------------------------------------- @@ -675,21 +706,21 @@ class CI_Loader { * Remove a path from the library, model, and helper path arrays if it exists * If no path is provided, the most recently added path is removed. * - * @param type + * @param string * @param bool - * @return type + * @return void */ public function remove_package_path($path = '', $remove_config_path = TRUE) { $config =& $this->_ci_get_component('config'); - if ($path == '') + if ($path === '') { - $void = array_shift($this->_ci_library_paths); - $void = array_shift($this->_ci_model_paths); - $void = array_shift($this->_ci_helper_paths); - $void = array_shift($this->_ci_view_paths); - $void = array_shift($config->_config_paths); + array_shift($this->_ci_library_paths); + array_shift($this->_ci_model_paths); + array_shift($this->_ci_helper_paths); + array_shift($this->_ci_view_paths); + array_pop($config->_config_paths); } else { @@ -738,13 +769,13 @@ class CI_Loader { // Set the default data variables foreach (array('_ci_view', '_ci_vars', '_ci_path', '_ci_return') as $_ci_val) { - $$_ci_val = ( ! isset($_ci_data[$_ci_val])) ? FALSE : $_ci_data[$_ci_val]; + $$_ci_val = isset($_ci_data[$_ci_val]) ? $_ci_data[$_ci_val] : FALSE; } $file_exists = FALSE; // Set the path to the requested file - if ($_ci_path != '') + if (is_string($_ci_path) && $_ci_path !== '') { $_ci_x = explode('/', $_ci_path); $_ci_file = end($_ci_x); @@ -752,7 +783,7 @@ class CI_Loader { else { $_ci_ext = pathinfo($_ci_view, PATHINFO_EXTENSION); - $_ci_file = ($_ci_ext == '') ? $_ci_view.'.php' : $_ci_view; + $_ci_file = ($_ci_ext === '') ? $_ci_view.'.php' : $_ci_view; foreach ($this->_ci_view_paths as $view_file => $cascade) { @@ -777,7 +808,6 @@ class CI_Loader { // This allows anything loaded using $this->load (views, files, etc.) // to become accessible from within the Controller and Model functions. - $_ci_CI =& get_instance(); foreach (get_object_vars($_ci_CI) as $_ci_key => $_ci_var) { @@ -790,7 +820,7 @@ class CI_Loader { /* * Extract and cache variables * - * You can either set variables using the dedicated $this->load_vars() + * You can either set variables using the dedicated $this->load->vars() * function or via the second parameter of this function. We'll merge * the two types and cache them so that views that are embedded within * other views can have access to these variables. @@ -806,22 +836,20 @@ class CI_Loader { * * We buffer the output for two reasons: * 1. Speed. You get a significant speed boost. - * 2. So that the final rendered template can be - * post-processed by the output class. Why do we - * need post processing? For one thing, in order to - * show the elapsed page load time. Unless we - * can intercept the content right before it's sent to - * the browser and then stop the timer it won't be accurate. + * 2. So that the final rendered template can be post-processed by + * the output class. Why do we need post processing? For one thing, + * in order to show the elapsed page load time. Unless we can + * intercept the content right before it's sent to the browser and + * then stop the timer it won't be accurate. */ ob_start(); // If the PHP installation does not support short tags we'll // do a little string replacement, changing the short tags // to standard PHP echo statements. - - if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE) + if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') === TRUE) { - echo eval('?>'.preg_replace("/;*\s*\?>/", "; ?>", str_replace('<?=', '<?php echo ', file_get_contents($_ci_path)))); + echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path)))); } else { @@ -846,7 +874,6 @@ class CI_Loader { * we are beyond the first level of output buffering so that * it can be seen and included properly by the first included * template and any subsequent ones. Oy! - * */ if (ob_get_level() > $this->_ci_ob_level + 1) { @@ -884,10 +911,10 @@ class CI_Loader { if (($last_slash = strrpos($class, '/')) !== FALSE) { // Extract the path - $subdir = substr($class, 0, $last_slash + 1); + $subdir = substr($class, 0, ++$last_slash); // Get the filename from the path - $class = substr($class, $last_slash + 1); + $class = substr($class, $last_slash); } // We'll test for both lowercase and capitalized versions of the file name @@ -902,15 +929,15 @@ class CI_Loader { if ( ! file_exists($baseclass)) { - log_message('error', "Unable to load the requested class: ".$class); - show_error("Unable to load the requested class: ".$class); + log_message('error', 'Unable to load the requested class: '.$class); + show_error('Unable to load the requested class: '.$class); } - // Safety: Was the class already loaded by a previous call? + // Safety: Was the class already loaded by a previous call? if (in_array($subclass, $this->_ci_loaded_files)) { // Before we deem this to be a duplicate request, let's see - // if a custom object name is being supplied. If so, we'll + // if a custom object name is being supplied. If so, we'll // return a new instance of the object if ( ! is_null($object_name)) { @@ -922,7 +949,7 @@ class CI_Loader { } $is_duplicate = TRUE; - log_message('debug', $class." class already loaded. Second attempt ignored."); + log_message('debug', $class.' class already loaded. Second attempt ignored.'); return; } @@ -939,17 +966,17 @@ class CI_Loader { { $filepath = $path.'libraries/'.$subdir.$class.'.php'; - // Does the file exist? No? Bummer... + // Does the file exist? No? Bummer... if ( ! file_exists($filepath)) { continue; } - // Safety: Was the class already loaded by a previous call? + // Safety: Was the class already loaded by a previous call? if (in_array($filepath, $this->_ci_loaded_files)) { // Before we deem this to be a duplicate request, let's see - // if a custom object name is being supplied. If so, we'll + // if a custom object name is being supplied. If so, we'll // return a new instance of the object if ( ! is_null($object_name)) { @@ -961,7 +988,7 @@ class CI_Loader { } $is_duplicate = TRUE; - log_message('debug', $class." class already loaded. Second attempt ignored."); + log_message('debug', $class.' class already loaded. Second attempt ignored.'); return; } @@ -972,8 +999,8 @@ class CI_Loader { } // END FOREACH - // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified? - if ($subdir == '') + // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified? + if ($subdir === '') { $path = strtolower($class).'/'.$class; return $this->_ci_load_class($path, $params); @@ -981,10 +1008,10 @@ class CI_Loader { // If we got this far we were unable to find the requested class. // We do not issue errors if the load call failed due to a duplicate request - if ($is_duplicate == FALSE) + if ($is_duplicate === FALSE) { - log_message('error', "Unable to load the requested class: ".$class); - show_error("Unable to load the requested class: ".$class); + log_message('error', 'Unable to load the requested class: '.$class); + show_error('Unable to load the requested class: '.$class); } } @@ -997,11 +1024,11 @@ class CI_Loader { * @param string * @param bool * @param string an optional object name - * @return null + * @return void */ protected function _ci_init_class($class, $prefix = '', $config = FALSE, $object_name = NULL) { - // Is there an associated config file for this class? Note: these should always be lowercase + // Is there an associated config file for this class? Note: these should always be lowercase if ($config === NULL) { // Fetch the config paths containing any package paths @@ -1016,31 +1043,31 @@ class CI_Loader { // We test for both uppercase and lowercase, for servers that // are case-sensitive with regard to file names. Check for environment // first, global next - if (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php')) + if (defined('ENVIRONMENT') && file_exists($path.'config/'.ENVIRONMENT.'/'.strtolower($class).'.php')) { - include($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php'); + include($path.'config/'.ENVIRONMENT.'/'.strtolower($class).'.php'); break; } - elseif (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php')) + elseif (defined('ENVIRONMENT') && file_exists($path.'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php')) { - include($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php'); + include($path.'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php'); break; } - elseif (file_exists($path .'config/'.strtolower($class).'.php')) + elseif (file_exists($path.'config/'.strtolower($class).'.php')) { - include($path .'config/'.strtolower($class).'.php'); + include($path.'config/'.strtolower($class).'.php'); break; } - elseif (file_exists($path .'config/'.ucfirst(strtolower($class)).'.php')) + elseif (file_exists($path.'config/'.ucfirst(strtolower($class)).'.php')) { - include($path .'config/'.ucfirst(strtolower($class)).'.php'); + include($path.'config/'.ucfirst(strtolower($class)).'.php'); break; } } } } - if ($prefix == '') + if ($prefix === '') { if (class_exists('CI_'.$class)) { @@ -1063,17 +1090,17 @@ class CI_Loader { // Is the class name valid? if ( ! class_exists($name)) { - log_message('error', "Non-existent class: ".$name); - show_error("Non-existent class: ".$class); + log_message('error', 'Non-existent class: '.$name); + show_error('Non-existent class: '.$name); } // Set the variable name we will assign the class to - // Was a custom class name supplied? If so we'll use it + // Was a custom class name supplied? If so we'll use it $class = strtolower($class); if (is_null($object_name)) { - $classvar = ( ! isset($this->_ci_varmap[$class])) ? $class : $this->_ci_varmap[$class]; + $classvar = isset($this->_ci_varmap[$class]) ? $this->_ci_varmap[$class] : $class; } else { @@ -1091,7 +1118,7 @@ class CI_Loader { } else { - $CI->$classvar = new $name; + $CI->$classvar = new $name(); } } @@ -1103,12 +1130,11 @@ class CI_Loader { * The config/autoload.php file contains an array that permits sub-systems, * libraries, and helpers to be loaded automatically. * - * @param array * @return void */ protected function _ci_autoloader() { - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) + if (defined('ENVIRONMENT') && file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) { include(APPPATH.'config/'.ENVIRONMENT.'/autoload.php'); } @@ -1144,21 +1170,14 @@ class CI_Loader { // Autoload helpers and languages foreach (array('helper', 'language') as $type) { - if (isset($autoload[$type]) AND count($autoload[$type]) > 0) + if (isset($autoload[$type]) && count($autoload[$type]) > 0) { $this->$type($autoload[$type]); } } - // A little tweak to remain backward compatible - // The $autoload['core'] item was deprecated - if ( ! isset($autoload['libraries']) AND isset($autoload['core'])) - { - $autoload['libraries'] = $autoload['core']; - } - // Load libraries - if (isset($autoload['libraries']) AND count($autoload['libraries']) > 0) + if (isset($autoload['libraries']) && count($autoload['libraries']) > 0) { // Load the database driver. if (in_array('database', $autoload['libraries'])) @@ -1202,7 +1221,7 @@ class CI_Loader { */ protected function _ci_object_to_array($object) { - return (is_object($object)) ? get_object_vars($object) : $object; + return is_object($object) ? get_object_vars($object) : $object; } // -------------------------------------------------------------------- @@ -1234,18 +1253,19 @@ class CI_Loader { { if ( ! is_array($filename)) { - return array(strtolower(str_replace('.php', '', str_replace($extension, '', $filename)).$extension)); + return array(strtolower(str_replace(array($extension, '.php'), '', $filename).$extension)); } else { foreach ($filename as $key => $val) { - $filename[$key] = strtolower(str_replace('.php', '', str_replace($extension, '', $val)).$extension); + $filename[$key] = strtolower(str_replace(array($extension, '.php'), '', $val).$extension); } return $filename; } } + } /* End of file Loader.php */ diff --git a/system/core/Model.php b/system/core/Model.php index e15ffbebc..9bc9f879f 100755..100644 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -1,39 +1,49 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Model Class * * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/config.html */ class CI_Model { /** - * Constructor + * Initialize CI_Model Class * - * @access public + * @return void */ - function __construct() + public function __construct() { - log_message('debug', "Model Class Initialized"); + log_message('debug', 'Model Class Initialized'); } /** @@ -43,15 +53,14 @@ class CI_Model { * syntax as controllers. * * @param string - * @access private */ - function __get($key) + public function __get($key) { $CI =& get_instance(); return $CI->$key; } + } -// END Model Class /* End of file Model.php */ /* Location: ./system/core/Model.php */
\ No newline at end of file diff --git a/system/core/Output.php b/system/core/Output.php index ccecafd2b..5ec8c4bc0 100755..100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Output Class * @@ -23,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Output - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/output.html */ class CI_Output { @@ -32,81 +42,78 @@ class CI_Output { * Current output string * * @var string - * @access protected */ - protected $final_output; + public $final_output; + /** * Cache expiration time * * @var int - * @access protected */ - protected $cache_expiration = 0; + public $cache_expiration = 0; + /** * List of server headers * * @var array - * @access protected */ - protected $headers = array(); + public $headers = array(); + /** * List of mime types * * @var array - * @access protected */ - protected $mime_types = array(); + public $mimes = array(); + /** - * Determines wether profiler is enabled + * Mime-type for the current page + * + * @var string + */ + protected $mime_type = 'text/html'; + + /** + * Determines whether profiler is enabled * * @var book - * @access protected */ - protected $enable_profiler = FALSE; + public $enable_profiler = FALSE; + /** * Determines if output compression is enabled * * @var bool - * @access protected */ - protected $_zlib_oc = FALSE; + protected $_zlib_oc = FALSE; + /** * List of profiler sections * * @var array - * @access protected */ - protected $_profiler_sections = array(); + protected $_profiler_sections = array(); + /** * Whether or not to parse variables like {elapsed_time} and {memory_usage} * * @var bool - * @access protected */ - protected $parse_exec_vars = TRUE; + public $parse_exec_vars = TRUE; /** - * Constructor + * Set up Output class * + * @return void */ - function __construct() + public function __construct() { - $this->_zlib_oc = @ini_get('zlib.output_compression'); + $this->_zlib_oc = (bool) @ini_get('zlib.output_compression'); // Get mime types for later - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) - { - include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; - } - else - { - include APPPATH.'config/mimes.php'; - } - - - $this->mime_types = $mimes; + $this->mimes =& get_mimes(); - log_message('debug', "Output Class Initialized"); + log_message('debug', 'Output Class Initialized'); } // -------------------------------------------------------------------- @@ -116,10 +123,9 @@ class CI_Output { * * Returns the current output string * - * @access public * @return string */ - function get_output() + public function get_output() { return $this->final_output; } @@ -131,14 +137,12 @@ class CI_Output { * * Sets the output string * - * @access public * @param string * @return void */ - function set_output($output) + public function set_output($output) { $this->final_output = $output; - return $this; } @@ -149,11 +153,10 @@ class CI_Output { * * Appends data onto the output string * - * @access public * @param string * @return void */ - function append_output($output) + public function append_output($output) { if ($this->final_output == '') { @@ -174,28 +177,25 @@ class CI_Output { * * Lets you set a server header which will be outputted with the final display. * - * Note: If a file is cached, headers will not be sent. We need to figure out + * Note: If a file is cached, headers will not be sent. We need to figure out * how to permit header data to be saved with the cache data... * - * @access public * @param string - * @param bool + * @param bool * @return void */ - function set_header($header, $replace = TRUE) + public function set_header($header, $replace = TRUE) { // If zlib.output_compression is enabled it will compress the output, // but it will not modify the content-length header to compensate for // the reduction, causing the browser to hang waiting for more data. // We'll just skip content-length in those cases. - - if ($this->_zlib_oc && strncasecmp($header, 'content-length', 14) == 0) + if ($this->_zlib_oc && strncasecmp($header, 'content-length', 14) === 0) { return; } $this->headers[] = array($header, $replace); - return $this; } @@ -204,20 +204,19 @@ class CI_Output { /** * Set Content Type Header * - * @access public * @param string extension of the file we're outputting * @return void */ - function set_content_type($mime_type) + public function set_content_type($mime_type, $charset = NULL) { if (strpos($mime_type, '/') === FALSE) { $extension = ltrim($mime_type, '.'); // Is this extension supported? - if (isset($this->mime_types[$extension])) + if (isset($this->mimes[$extension])) { - $mime_type =& $this->mime_types[$extension]; + $mime_type =& $this->mimes[$extension]; if (is_array($mime_type)) { @@ -226,28 +225,53 @@ class CI_Output { } } - $header = 'Content-Type: '.$mime_type; + $this->mime_type = $mime_type; - $this->headers[] = array($header, TRUE); + if (empty($charset)) + { + $charset = config_item('charset'); + } + + $header = 'Content-Type: '.$mime_type + .(empty($charset) ? NULL : '; charset='.strtolower($charset)); + $this->headers[] = array($header, TRUE); return $this; } // -------------------------------------------------------------------- /** + * Get Current Content Type Header + * + * @return string 'text/html', if not already set + */ + public function get_content_type() + { + for ($i = 0, $c = count($this->headers); $i < $c; $i++) + { + if (preg_match('/^Content-Type:\s(.+)$/', $this->headers[$i][0], $matches)) + { + return $matches[1]; + } + } + + return 'text/html'; + } + + // -------------------------------------------------------------------- + + /** * Set HTTP Status Header * moved to Common procedural functions in 1.7.2 * - * @access public - * @param int the status code + * @param int the status code * @param string * @return void */ - function set_status_header($code = 200, $text = '') + public function set_status_header($code = 200, $text = '') { set_status_header($code, $text); - return $this; } @@ -256,14 +280,12 @@ class CI_Output { /** * Enable/disable Profiler * - * @access public * @param bool * @return void */ - function enable_profiler($val = TRUE) + public function enable_profiler($val = TRUE) { - $this->enable_profiler = (is_bool($val)) ? $val : TRUE; - + $this->enable_profiler = is_bool($val) ? $val : TRUE; return $this; } @@ -274,15 +296,20 @@ class CI_Output { * * Allows override of default / config settings for Profiler section display * - * @access public * @param array * @return void */ - function set_profiler_sections($sections) + public function set_profiler_sections($sections) { + if (isset($sections['query_toggle_count'])) + { + $this->_profiler_sections['query_toggle_count'] = (int) $sections['query_toggle_count']; + unset($sections['query_toggle_count']); + } + foreach ($sections as $section => $enable) { - $this->_profiler_sections[$section] = ($enable !== FALSE) ? TRUE : FALSE; + $this->_profiler_sections[$section] = ($enable !== FALSE); } return $this; @@ -293,14 +320,12 @@ class CI_Output { /** * Set Cache * - * @access public - * @param integer + * @param int * @return void */ - function cache($time) + public function cache($time) { - $this->cache_expiration = ( ! is_numeric($time)) ? 0 : $time; - + $this->cache_expiration = is_numeric($time) ? $time : 0; return $this; } @@ -314,14 +339,13 @@ class CI_Output { * $this->final_output * * This function sends the finalized output data to the browser along - * with any server headers and profile data. It also stops the + * with any server headers and profile data. It also stops the * benchmark timer so the page rendering speed and memory usage can be shown. * - * @access public - * @param string + * @param string * @return mixed */ - function _display($output = '') + public function _display($output = '') { // Note: We use globals because we can't use $CI =& get_instance() // since this function is sometimes called by the caching mechanism, @@ -337,13 +361,22 @@ class CI_Output { // -------------------------------------------------------------------- // Set the output data - if ($output == '') + if ($output === '') { $output =& $this->final_output; } // -------------------------------------------------------------------- + // Is minify requested? + if ($CFG->item('minify_output') === TRUE) + { + $output = $this->minify($output, $this->mime_type); + } + + + // -------------------------------------------------------------------- + // Do we need to write a cache file? Only if the controller does not have its // own _output() method and we are not dealing with a cache file, which we // can determine by the existence of the $CI object above @@ -361,24 +394,19 @@ class CI_Output { if ($this->parse_exec_vars === TRUE) { - $memory = ( ! function_exists('memory_get_usage')) ? '0' : round(memory_get_usage()/1024/1024, 2).'MB'; + $memory = round(memory_get_usage() / 1024 / 1024, 2).'MB'; - $output = str_replace('{elapsed_time}', $elapsed, $output); - $output = str_replace('{memory_usage}', $memory, $output); + $output = str_replace(array('{elapsed_time}', '{memory_usage}'), array($elapsed, $memory), $output); } // -------------------------------------------------------------------- // Is compression requested? - if ($CFG->item('compress_output') === TRUE && $this->_zlib_oc == FALSE) + if ($CFG->item('compress_output') === TRUE && $this->_zlib_oc === FALSE + && extension_loaded('zlib') + && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE) { - if (extension_loaded('zlib')) - { - if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) AND strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE) - { - ob_start('ob_gzhandler'); - } - } + ob_start('ob_gzhandler'); } // -------------------------------------------------------------------- @@ -400,8 +428,8 @@ class CI_Output { if ( ! isset($CI)) { echo $output; - log_message('debug', "Final output sent to browser"); - log_message('debug', "Total execution time: ".$elapsed); + log_message('debug', 'Final output sent to browser'); + log_message('debug', 'Total execution time: '.$elapsed); return TRUE; } @@ -409,10 +437,9 @@ class CI_Output { // Do we need to generate profile data? // If so, load the Profile class and run it. - if ($this->enable_profiler == TRUE) + if ($this->enable_profiler === TRUE) { $CI->load->library('profiler'); - if ( ! empty($this->_profiler_sections)) { $CI->profiler->set_sections($this->_profiler_sections); @@ -420,20 +447,13 @@ class CI_Output { // If the output data contains closing </body> and </html> tags // we will remove them and add them back after we insert the profile data - if (preg_match("|</body>.*?</html>|is", $output)) + $output = preg_replace('|</body>.*?</html>|is', '', $output, -1, $count).$CI->profiler->run(); + if ($count > 0) { - $output = preg_replace("|</body>.*?</html>|is", '', $output); - $output .= $CI->profiler->run(); $output .= '</body></html>'; } - else - { - $output .= $CI->profiler->run(); - } } - // -------------------------------------------------------------------- - // Does the controller contain a function named _output()? // If so send the output there. Otherwise, echo it. if (method_exists($CI, '_output')) @@ -442,11 +462,11 @@ class CI_Output { } else { - echo $output; // Send it to the browser! + echo $output; // Send it to the browser! } - log_message('debug', "Final output sent to browser"); - log_message('debug', "Total execution time: ".$elapsed); + log_message('debug', 'Final output sent to browser'); + log_message('debug', 'Total execution time: '.$elapsed); } // -------------------------------------------------------------------- @@ -454,20 +474,18 @@ class CI_Output { /** * Write a Cache File * - * @access public - * @param string + * @param string * @return void */ - function _write_cache($output) + public function _write_cache($output) { $CI =& get_instance(); $path = $CI->config->item('cache_path'); - - $cache_path = ($path == '') ? APPPATH.'cache/' : $path; + $cache_path = ($path === '') ? APPPATH.'cache/' : $path; if ( ! is_dir($cache_path) OR ! is_really_writable($cache_path)) { - log_message('error', "Unable to write cache file: ".$cache_path); + log_message('error', 'Unable to write cache file: '.$cache_path); return; } @@ -479,7 +497,7 @@ class CI_Output { if ( ! $fp = @fopen($cache_path, FOPEN_WRITE_CREATE_DESTRUCTIVE)) { - log_message('error', "Unable to write cache file: ".$cache_path); + log_message('error', 'Unable to write cache file: '.$cache_path); return; } @@ -492,13 +510,16 @@ class CI_Output { } else { - log_message('error', "Unable to secure a file lock for file at: ".$cache_path); + log_message('error', 'Unable to secure a file lock for file at: '.$cache_path); return; } fclose($fp); @chmod($cache_path, FILE_WRITE_MODE); - log_message('debug', "Cache file written: ".$cache_path); + log_message('debug', 'Cache file written: '.$cache_path); + + // Send HTTP cache-control headers to browser to match file cache settings. + $this->set_cache_header($_SERVER['REQUEST_TIME'], $expire); } // -------------------------------------------------------------------- @@ -506,69 +527,194 @@ class CI_Output { /** * Update/serve a cached file * - * @access public - * @param object config class - * @param object uri class - * @return void + * @param object config class + * @param object uri class + * @return bool */ - function _display_cache(&$CFG, &$URI) + public function _display_cache(&$CFG, &$URI) { - $cache_path = ($CFG->item('cache_path') == '') ? APPPATH.'cache/' : $CFG->item('cache_path'); - - // Build the file path. The file name is an MD5 hash of the full URI - $uri = $CFG->item('base_url'). - $CFG->item('index_page'). - $URI->uri_string; + $cache_path = ($CFG->item('cache_path') === '') ? APPPATH.'cache/' : $CFG->item('cache_path'); + // Build the file path. The file name is an MD5 hash of the full URI + $uri = $CFG->item('base_url').$CFG->item('index_page').$URI->uri_string; $filepath = $cache_path.md5($uri); - if ( ! @file_exists($filepath)) - { - return FALSE; - } - - if ( ! $fp = @fopen($filepath, FOPEN_READ)) + if ( ! @file_exists($filepath) OR ! $fp = @fopen($filepath, FOPEN_READ)) { return FALSE; } flock($fp, LOCK_SH); - $cache = ''; - if (filesize($filepath) > 0) - { - $cache = fread($fp, filesize($filepath)); - } + $cache = (filesize($filepath) > 0) ? fread($fp, filesize($filepath)) : ''; flock($fp, LOCK_UN); fclose($fp); // Strip out the embedded timestamp - if ( ! preg_match("/(\d+TS--->)/", $cache, $match)) + if ( ! preg_match('/(\d+TS--->)/', $cache, $match)) { return FALSE; } - // Has the file expired? If so we'll delete it. - if (time() >= trim(str_replace('TS--->', '', $match['1']))) + $last_modified = filemtime($cache_path); + $expire = trim(str_replace('TS--->', '', $match[1])); + + // Has the file expired? + if ($_SERVER['REQUEST_TIME'] >= $expire && is_really_writable($cache_path)) { - if (is_really_writable($cache_path)) - { - @unlink($filepath); - log_message('debug', "Cache file has expired. File deleted"); - return FALSE; - } + // If so we'll delete it. + @unlink($filepath); + log_message('debug', 'Cache file has expired. File deleted.'); + return FALSE; + } + else + { + // Or else send the HTTP cache control headers. + $this->set_cache_header($last_modified, $expire); } // Display the cache - $this->_display(str_replace($match['0'], '', $cache)); - log_message('debug', "Cache file is current. Sending it to browser."); + $this->_display(str_replace($match[0], '', $cache)); + log_message('debug', 'Cache file is current. Sending it to browser.'); return TRUE; } + // -------------------------------------------------------------------- + + /** + * Set the HTTP headers to match the server-side file cache settings + * in order to reduce bandwidth. + * + * @param int timestamp of when the page was last modified + * @param int timestamp of when should the requested page expire from cache + * @return void + */ + public function set_cache_header($last_modified, $expiration) + { + $max_age = $expiration - $_SERVER['REQUEST_TIME']; + + if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && $last_modified <= strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) + { + $this->set_status_header(304); + exit; + } + else + { + header('Pragma: public'); + header('Cache-Control: max-age=' . $max_age . ', public'); + header('Expires: '.gmdate('D, d M Y H:i:s', $expiration).' GMT'); + header('Last-modified: '.gmdate('D, d M Y H:i:s', $last_modified).' GMT'); + } + } + + // -------------------------------------------------------------------- + + /** + * Reduce excessive size of HTML content. + * + * @param string + * @param string + * @return string + */ + public function minify($output, $type = 'text/html') + { + switch ($type) + { + case 'text/html': + + $size_before = strlen($output); + + if ($size_before === 0) + { + return ''; + } + + // Find all the <pre>,<code>,<textarea>, and <javascript> tags + // We'll want to return them to this unprocessed state later. + preg_match_all('{<pre.+</pre>}msU', $output, $pres_clean); + preg_match_all('{<code.+</code>}msU', $output, $codes_clean); + preg_match_all('{<textarea.+</textarea>}msU', $output, $textareas_clean); + preg_match_all('{<script.+</script>}msU', $output, $javascript_clean); + + // Minify the CSS in all the <style> tags. + preg_match_all('{<style.+</style>}msU', $output, $style_clean); + foreach ($style_clean[0] as $s) + { + $output = str_replace($s, $this->minify($s, 'text/css'), $output); + } + + // Minify the javascript in <script> tags. + foreach ($javascript_clean[0] as $s) + { + $javascript_mini[] = $this->minify($s, 'text/javascript'); + } + + // Replace multiple spaces with a single space. + $output = preg_replace('!\s{2,}!', ' ', $output); + + // Remove comments (non-MSIE conditionals) + $output = preg_replace('{\s*<!--[^\[].*-->\s*}msU', '', $output); + + // Remove spaces around block-level elements. + $output = preg_replace('/\s*(<\/?(html|head|title|meta|script|link|style|body|h[1-6]|div|p|br)[^>]*>)\s*/is', '$1', $output); + + // Replace mangled <pre> etc. tags with unprocessed ones. + + if ( ! empty($pres_clean)) + { + preg_match_all('{<pre.+</pre>}msU', $output, $pres_messed); + $output = str_replace($pres_messed[0], $pres_clean[0], $output); + } + + if ( ! empty($codes_clean)) + { + preg_match_all('{<code.+</code>}msU', $output, $codes_messed); + $output = str_replace($codes_messed[0], $codes_clean[0], $output); + } + + if ( ! empty($codes_clean)) + { + preg_match_all('{<textarea.+</textarea>}msU', $output, $textareas_messed); + $output = str_replace($textareas_messed[0], $textareas_clean[0], $output); + } + + if (isset($javascript_mini)) + { + preg_match_all('{<script.+</script>}msU', $output, $javascript_messed); + $output = str_replace($javascript_messed[0], $javascript_mini, $output); + } + + $size_removed = $size_before - strlen($output); + $savings_percent = round(($size_removed / $size_before * 100)); + + log_message('debug', 'Minifier shaved '.($size_removed / 1000).'KB ('.$savings_percent.'%) off final HTML output.'); + + break; + + case 'text/css': + + //Remove CSS comments + $output = preg_replace('!/\*[^*]*\*+([^/][^*]*\*+)*/!', '', $output); + + // Remove spaces around curly brackets, colons, + // semi-colons, parenthesis, commas + $output = preg_replace('!\s*(:|;|,|}|{|\(|\))\s*!', '$1', $output); + + break; + + case 'text/javascript': + + // Currently leaves JavaScript untouched. + break; + + default: break; + } + + return $output; + } } -// END Output Class /* End of file Output.php */ /* Location: ./system/core/Output.php */
\ No newline at end of file diff --git a/system/core/Router.php b/system/core/Router.php index 6da667472..5bc053045 100755..100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Router Class * @@ -22,8 +32,8 @@ * * @package CodeIgniter * @subpackage Libraries - * @author ExpressionEngine Dev Team * @category Libraries + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/general/routing.html */ class CI_Router { @@ -32,62 +42,63 @@ class CI_Router { * Config class * * @var object - * @access public */ - var $config; + public $config; + /** * List of routes * * @var array - * @access public */ - var $routes = array(); + public $routes = array(); + /** * List of error routes * * @var array - * @access public */ - var $error_routes = array(); + public $error_routes = array(); + /** * Current class name * * @var string - * @access public */ - var $class = ''; + public $class = ''; + /** * Current method name * * @var string - * @access public */ - var $method = 'index'; + public $method = 'index'; + /** * Sub-directory that contains the requested controller class * * @var string - * @access public */ - var $directory = ''; + public $directory = ''; + /** * Default controller (and method if specific) * * @var string - * @access public */ - var $default_controller; + public $default_controller; /** * Constructor * * Runs the route mapping function. + * + * @return void */ - function __construct() + public function __construct() { $this->config =& load_class('Config', 'core'); $this->uri =& load_class('URI', 'core'); - log_message('debug', "Router Class Initialized"); + log_message('debug', 'Router Class Initialized'); } // -------------------------------------------------------------------- @@ -98,16 +109,15 @@ class CI_Router { * This function determines what should be served based on the URI request, * as well as any "routes" that have been set in the routing config file. * - * @access private * @return void */ - function _set_routing() + public function _set_routing() { - // Are query strings enabled in the config file? Normally CI doesn't utilize query strings + // Are query strings enabled in the config file? Normally CI doesn't utilize query strings // since URI segments are more search-engine friendly, but they can optionally be used. // If this feature is enabled, we will gather the directory/class/method a little differently $segments = array(); - if ($this->config->item('enable_query_strings') === TRUE AND isset($_GET[$this->config->item('controller_trigger')])) + if ($this->config->item('enable_query_strings') === TRUE && isset($_GET[$this->config->item('controller_trigger')])) { if (isset($_GET[$this->config->item('directory_trigger')])) { @@ -129,7 +139,7 @@ class CI_Router { } // Load the routes.php file. - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/routes.php')) + if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/routes.php')) { include(APPPATH.'config/'.ENVIRONMENT.'/routes.php'); } @@ -143,9 +153,9 @@ class CI_Router { // Set the default controller so we can display it in the event // the URI doesn't correlated to a valid controller. - $this->default_controller = ( ! isset($this->routes['default_controller']) OR $this->routes['default_controller'] == '') ? FALSE : strtolower($this->routes['default_controller']); + $this->default_controller = empty($this->routes['default_controller']) ? FALSE : strtolower($this->routes['default_controller']); - // Were there any query string segments? If so, we'll validate them and bail out since we're done. + // Were there any query string segments? If so, we'll validate them and bail out since we're done. if (count($segments) > 0) { return $this->_validate_request($segments); @@ -160,17 +170,10 @@ class CI_Router { return $this->_set_default_controller(); } - // Do we need to remove the URL suffix? - $this->uri->_remove_url_suffix(); - - // Compile the segments into an array - $this->uri->_explode_segments(); - - // Parse any custom routing that may exist - $this->_parse_routes(); - - // Re-index the segment array so that it starts with 1 rather than 0 - $this->uri->_reindex_segments(); + $this->uri->_remove_url_suffix(); // Remove the URL suffix + $this->uri->_explode_segments(); // Compile the segments into an array + $this->_parse_routes(); // Parse any custom routing that may exist + $this->uri->_reindex_segments(); // Re-index the segment array so that it starts with 1 rather than 0 } // -------------------------------------------------------------------- @@ -178,20 +181,18 @@ class CI_Router { /** * Set the default controller * - * @access private * @return void */ - function _set_default_controller() + protected function _set_default_controller() { if ($this->default_controller === FALSE) { - show_error("Unable to determine what should be displayed. A default route has not been specified in the routing file."); + show_error('Unable to determine what should be displayed. A default route has not been specified in the routing file.'); } // Is the method being specified? if (strpos($this->default_controller, '/') !== FALSE) { $x = explode('/', $this->default_controller); - $this->set_class($x[0]); $this->set_method($x[1]); $this->_set_request($x); @@ -206,7 +207,7 @@ class CI_Router { // re-index the routed segments array so it starts with 1 rather than 0 $this->uri->_reindex_segments(); - log_message('debug', "No URI present. Default controller set."); + log_message('debug', 'No URI present. Default controller set.'); } // -------------------------------------------------------------------- @@ -217,16 +218,14 @@ class CI_Router { * This function takes an array of URI segments as * input, and sets the current class/method * - * @access private * @param array - * @param bool * @return void */ - function _set_request($segments = array()) + protected function _set_request($segments = array()) { $segments = $this->_validate_request($segments); - if (count($segments) == 0) + if (count($segments) === 0) { return $this->_set_default_controller(); } @@ -254,16 +253,15 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Validates the supplied segments. Attempts to determine the path to - * the controller. + * Validates the supplied segments. + * Attempts to determine the path to the controller. * - * @access private * @param array * @return array */ - function _validate_request($segments) + protected function _validate_request($segments) { - if (count($segments) == 0) + if (count($segments) === 0) { return $segments; } @@ -289,7 +287,6 @@ class CI_Router { if ( ! empty($this->routes['404_override'])) { $x = explode('/', $this->routes['404_override']); - $this->set_directory(''); $this->set_class($x[0]); $this->set_method(isset($x[1]) ? $x[1] : 'index'); @@ -308,7 +305,6 @@ class CI_Router { if (strpos($this->default_controller, '/') !== FALSE) { $x = explode('/', $this->default_controller); - $this->set_class($x[0]); $this->set_method($x[1]); } @@ -332,18 +328,16 @@ class CI_Router { // If we've gotten this far it means that the URI does not correlate to a valid - // controller class. We will now see if there is an override + // controller class. We will now see if there is an override if ( ! empty($this->routes['404_override'])) { $x = explode('/', $this->routes['404_override']); - $this->set_class($x[0]); $this->set_method(isset($x[1]) ? $x[1] : 'index'); return $x; } - // Nothing else to do at this point but show a 404 show_404($segments[0]); } @@ -351,16 +345,15 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Parse Routes + * Parse Routes * * This function matches any routes that may exist in * the config/routes.php file against the URI to * determine if the class/method need to be remapped. * - * @access private * @return void */ - function _parse_routes() + protected function _parse_routes() { // Turn the segment array into a URI string $uri = implode('/', $this->uri->segments); @@ -375,13 +368,13 @@ class CI_Router { foreach ($this->routes as $key => $val) { // Convert wild-cards to RegEx - $key = str_replace(':any', '.+', str_replace(':num', '[0-9]+', $key)); + $key = str_replace(array(':any', ':num'), array('.+', '[0-9]+'), $key); // Does the RegEx match? if (preg_match('#^'.$key.'$#', $uri)) { // Do we have a back-reference? - if (strpos($val, '$') !== FALSE AND strpos($key, '(') !== FALSE) + if (strpos($val, '$') !== FALSE && strpos($key, '(') !== FALSE) { $val = preg_replace('#^'.$key.'$#', $val, $uri); } @@ -400,11 +393,10 @@ class CI_Router { /** * Set the class name * - * @access public * @param string * @return void */ - function set_class($class) + public function set_class($class) { $this->class = str_replace(array('/', '.'), '', $class); } @@ -414,10 +406,9 @@ class CI_Router { /** * Fetch the current class * - * @access public * @return string */ - function fetch_class() + public function fetch_class() { return $this->class; } @@ -425,13 +416,12 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Set the method name + * Set the method name * - * @access public * @param string * @return void */ - function set_method($method) + public function set_method($method) { $this->method = $method; } @@ -439,31 +429,24 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Fetch the current method + * Fetch the current method * - * @access public * @return string */ - function fetch_method() + public function fetch_method() { - if ($this->method == $this->fetch_class()) - { - return 'index'; - } - - return $this->method; + return ($this->method === $this->fetch_class()) ? 'index' : $this->method; } // -------------------------------------------------------------------- /** - * Set the directory name + * Set the directory name * - * @access public * @param string * @return void */ - function set_directory($dir) + public function set_directory($dir) { $this->directory = str_replace(array('/', '.'), '', $dir).'/'; } @@ -471,12 +454,11 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Fetch the sub-directory (if any) that contains the requested controller class + * Fetch the sub-directory (if any) that contains the requested controller class * - * @access public * @return string */ - function fetch_directory() + public function fetch_directory() { return $this->directory; } @@ -484,13 +466,12 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Set the controller overrides + * Set the controller overrides * - * @access public * @param array - * @return null + * @return void */ - function _set_overrides($routing) + public function _set_overrides($routing) { if ( ! is_array($routing)) { @@ -502,7 +483,7 @@ class CI_Router { $this->set_directory($routing['directory']); } - if (isset($routing['controller']) AND $routing['controller'] != '') + if ( ! empty($routing['controller'])) { $this->set_class($routing['controller']); } @@ -514,9 +495,7 @@ class CI_Router { } } - } -// END Router Class /* End of file Router.php */ /* Location: ./system/core/Router.php */
\ No newline at end of file diff --git a/system/core/Security.php b/system/core/Security.php index e99418bdd..b22d2cf19 100755..100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -1,27 +1,37 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Security Class * * @package CodeIgniter * @subpackage Libraries * @category Security - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/security.html */ class CI_Security { @@ -30,99 +40,99 @@ class CI_Security { * Random Hash for protecting URLs * * @var string - * @access protected */ - protected $_xss_hash = ''; - + protected $_xss_hash = ''; + /** * Random Hash for Cross Site Request Forgery Protection Cookie * * @var string - * @access protected */ - protected $_csrf_hash = ''; - + protected $_csrf_hash = ''; + /** * Expiration time for Cross Site Request Forgery Protection Cookie * Defaults to two hours (in seconds) * * @var int - * @access protected */ - protected $_csrf_expire = 7200; - + protected $_csrf_expire = 7200; + /** * Token name for Cross Site Request Forgery Protection Cookie * * @var string - * @access protected */ - protected $_csrf_token_name = 'ci_csrf_token'; - + protected $_csrf_token_name = 'ci_csrf_token'; + /** * Cookie name for Cross Site Request Forgery Protection Cookie * * @var string - * @access protected */ - protected $_csrf_cookie_name = 'ci_csrf_token'; - + protected $_csrf_cookie_name = 'ci_csrf_token'; + /** * List of never allowed strings * * @var array - * @access protected */ - - protected $_never_allowed_str = array( - 'document.cookie' => '[removed]', - 'document.write' => '[removed]', - '.parentNode' => '[removed]', - '.innerHTML' => '[removed]', - 'window.location' => '[removed]', - '-moz-binding' => '[removed]', - '<!--' => '<!--', - '-->' => '-->', - '<![CDATA[' => '<![CDATA[' + protected $_never_allowed_str = array( + 'document.cookie' => '[removed]', + 'document.write' => '[removed]', + '.parentNode' => '[removed]', + '.innerHTML' => '[removed]', + 'window.location' => '[removed]', + '-moz-binding' => '[removed]', + '<!--' => '<!--', + '-->' => '-->', + '<![CDATA[' => '<![CDATA[', + '<comment>' => '<comment>' ); /** * List of never allowed regex replacement * * @var array - * @access protected */ protected $_never_allowed_regex = array( - "javascript\s*:" => '[removed]', - "expression\s*(\(|&\#40;)" => '[removed]', // CSS and IE - "vbscript\s*:" => '[removed]', // IE, surprise! - "Redirect\s+302" => '[removed]' + 'javascript\s*:', + 'expression\s*(\(|&\#40;)', // CSS and IE + 'vbscript\s*:', // IE, surprise! + 'Redirect\s+302', + "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?" ); /** - * Constructor + * Initialize security class + * + * @return void */ public function __construct() { - // CSRF config - foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) + // Is CSRF protection enabled? + if (config_item('csrf_protection') === TRUE) { - if (FALSE !== ($val = config_item($key))) + // CSRF config + foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) { - $this->{'_'.$key} = $val; + if (FALSE !== ($val = config_item($key))) + { + $this->{'_'.$key} = $val; + } } - } - // Append application specific cookie prefix - if (config_item('cookie_prefix')) - { - $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; - } + // Append application specific cookie prefix + if (config_item('cookie_prefix')) + { + $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; + } - // Set the CSRF hash - $this->_csrf_set_hash(); + // Set the CSRF hash + $this->_csrf_set_hash(); + } - log_message('debug', "Security Class Initialized"); + log_message('debug', 'Security Class Initialized'); } // -------------------------------------------------------------------- @@ -134,12 +144,12 @@ class CI_Security { */ public function csrf_verify() { - // If no POST data exists we will set the CSRF cookie - if (count($_POST) == 0) + // If it's not a POST request we will set the CSRF cookie + if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') { return $this->csrf_set_cookie(); } - + // Check if URI has been whitelisted from CSRF checks if ($exclude_uris = config_item('csrf_exclude_uris')) { @@ -151,29 +161,27 @@ class CI_Security { } // Do the tokens exist in both the _POST and _COOKIE arrays? - if ( ! isset($_POST[$this->_csrf_token_name]) OR - ! isset($_COOKIE[$this->_csrf_cookie_name])) + if ( ! isset($_POST[$this->_csrf_token_name]) OR ! isset($_COOKIE[$this->_csrf_cookie_name]) + OR $_POST[$this->_csrf_token_name] !== $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match? { $this->csrf_show_error(); } - // Do the tokens match? - if ($_POST[$this->_csrf_token_name] != $_COOKIE[$this->_csrf_cookie_name]) + // We kill this since we're done and we don't want to polute the _POST array + unset($_POST[$this->_csrf_token_name]); + + // Regenerate on every submission? + if (config_item('csrf_regenerate')) { - $this->csrf_show_error(); + // Nothing should last forever + unset($_COOKIE[$this->_csrf_cookie_name]); + $this->_csrf_hash = ''; } - // We kill this since we're done and we don't want to - // polute the _POST array - unset($_POST[$this->_csrf_token_name]); - - // Nothing should last forever - unset($_COOKIE[$this->_csrf_cookie_name]); $this->_csrf_set_hash(); $this->csrf_set_cookie(); - - log_message('debug', "CSRF token verified"); - + + log_message('debug', 'CSRF token verified'); return $this; } @@ -183,25 +191,28 @@ class CI_Security { * Set Cross Site Request Forgery Protection Cookie * * @return object + * @codeCoverageIgnore */ public function csrf_set_cookie() { $expire = time() + $this->_csrf_expire; - $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; + $secure_cookie = (bool) config_item('cookie_secure'); - if ($secure_cookie) + if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off')) { - $req = isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] : FALSE; - - if ( ! $req OR $req == 'off') - { - return FALSE; - } + return FALSE; } - setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); - - log_message('debug', "CRSF cookie Set"); + setcookie( + $this->_csrf_cookie_name, + $this->_csrf_hash, + $expire, + config_item('cookie_path'), + config_item('cookie_domain'), + $secure_cookie, + config_item('cookie_httponly') + ); + log_message('debug', 'CRSF cookie Set'); return $this; } @@ -239,7 +250,7 @@ class CI_Security { * * Getter Method * - * @return string self::csrf_token_name + * @return string self::_csrf_token_name */ public function get_csrf_token_name() { @@ -259,7 +270,7 @@ class CI_Security { * the filter. * * Note: This function should only be used to deal with data - * upon submission. It's not something that should + * upon submission. It's not something that should * be used for general runtime processing. * * This function was based in part on some code and ideas I @@ -276,10 +287,7 @@ class CI_Security { */ public function xss_clean($str, $is_image = FALSE) { - /* - * Is the string an array? - * - */ + // Is the string an array? if (is_array($str)) { while (list($key) = each($str)) @@ -290,13 +298,8 @@ class CI_Security { return $str; } - /* - * Remove Invisible Characters - */ - $str = remove_invisible_characters($str); - - // Validate Entities in URLs - $str = $this->_validate_entities($str); + // Remove Invisible Characters and validate entities in URLs + $str = $this->_validate_entities(remove_invisible_characters($str)); /* * URL Decode @@ -306,7 +309,6 @@ class CI_Security { * <a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a> * * Note: Use rawurldecode() so it does not remove plus signs - * */ $str = rawurldecode($str); @@ -316,16 +318,11 @@ class CI_Security { * This permits our tests below to work reliably. * We only convert entities that are within tags since * these are the ones that will pose security problems. - * */ - $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); + $str = preg_replace_callback('/<\w+.*?(?=>|<|$)/si', array($this, '_decode_entity'), $str); - $str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", array($this, '_decode_entity'), $str); - - /* - * Remove Invisible Characters Again! - */ + // Remove Invisible Characters Again! $str = remove_invisible_characters($str); /* @@ -336,15 +333,9 @@ class CI_Security { * NOTE: preg_replace was found to be amazingly slow here on * large blocks of data, so we use str_replace. */ + $str = str_replace("\t", ' ', $str); - if (strpos($str, "\t") !== FALSE) - { - $str = str_replace("\t", ' ', $str); - } - - /* - * Capture converted string for later comparison - */ + // Capture converted string for later comparison $converted_string = $str; // Remove Strings that are never allowed @@ -364,7 +355,7 @@ class CI_Security { // Images have a tendency to have the PHP short opening and // closing tags every so often so we skip those and only // do the long opening tags. - $str = preg_replace('/<\?(php)/i', "<?\\1", $str); + $str = preg_replace('/<\?(php)/i', '<?\\1', $str); } else { @@ -378,22 +369,18 @@ class CI_Security { * These words are compacted back to their correct state. */ $words = array( - 'javascript', 'expression', 'vbscript', 'script', - 'applet', 'alert', 'document', 'write', 'cookie', 'window' - ); + 'javascript', 'expression', 'vbscript', 'script', 'base64', + 'applet', 'alert', 'document', 'write', 'cookie', 'window' + ); + foreach ($words as $word) { - $temp = ''; - - for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++) - { - $temp .= substr($word, $i, 1)."\s*"; - } + $word = implode('\s*', str_split($word)).'\s*'; // We only want to do this when it is followed by a non-word character // That way valid stuff like "dealer to" does not become "dealerto" - $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str); + $str = preg_replace_callback('#('.substr($word, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str); } /* @@ -406,22 +393,22 @@ class CI_Security { { $original = $str; - if (preg_match("/<a/i", $str)) + if (preg_match('/<a/i', $str)) { - $str = preg_replace_callback("#<a\s+([^>]*?)(>|$)#si", array($this, '_js_link_removal'), $str); + $str = preg_replace_callback('#<a\s+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); } - if (preg_match("/<img/i", $str)) + if (preg_match('/<img/i', $str)) { - $str = preg_replace_callback("#<img\s+([^>]*?)(\s?/?>|$)#si", array($this, '_js_img_removal'), $str); + $str = preg_replace_callback('#<img\s+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str); } - if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str)) + if (preg_match('/script|xss/i', $str)) { - $str = preg_replace("#<(/*)(script|xss)(.*?)\>#si", '[removed]', $str); + $str = preg_replace('#</*(?:script|xss).*?>#si', '[removed]', $str); } } - while($original != $str); + while ($original !== $str); unset($original); @@ -445,15 +432,16 @@ class CI_Security { * * Similar to above, only instead of looking for * tags it looks for PHP and JavaScript commands - * that are disallowed. Rather than removing the + * that are disallowed. Rather than removing the * code, it simply converts the parenthesis to entities * rendering the code un-executable. * * For example: eval('some code') - * Becomes: eval('some code') + * Becomes: eval('some code') */ - $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str); - + $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', + '\\1\\2(\\3)', + $str); // Final clean up // This adds a bit of extra precaution in case @@ -469,13 +457,12 @@ class CI_Security { * string post-removal of XSS, then it fails, as there was unwanted XSS * code found and removed/changed during processing. */ - if ($is_image === TRUE) { - return ($str == $converted_string) ? TRUE: FALSE; + return ($str === $converted_string); } - log_message('debug', "XSS Filtering completed"); + log_message('debug', 'XSS Filtering completed'); return $str; } @@ -488,17 +475,9 @@ class CI_Security { */ public function xss_hash() { - if ($this->_xss_hash == '') + if ($this->_xss_hash === '') { - if (phpversion() >= 4.2) - { - mt_srand(); - } - else - { - mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff); - } - + mt_srand(); $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); } @@ -512,14 +491,11 @@ class CI_Security { * * This function is a replacement for html_entity_decode() * - * In some versions of PHP the native function does not work - * when UTF-8 is the specified character set, so this gives us - * a work-around. More info here: - * http://bugs.php.net/bug.php?id=25670 - * - * NOTE: html_entity_decode() has a bug in some PHP versions when UTF-8 is the - * character set, and the PHP developers said they were not back porting the - * fix to versions other than PHP 5.x. + * The reason we are not using html_entity_decode() by itself is because + * while it is not technically correct to leave out the semicolon + * at the end of an entity most browsers will still interpret the entity + * correctly. html_entity_decode() does not convert entities without + * semicolons, so we are left with our own little solution here. Bummer. * * @param string * @param string @@ -527,41 +503,19 @@ class CI_Security { */ public function entity_decode($str, $charset = NULL) { - if (stristr($str, '&') === FALSE) + if (strpos($str, '&') === FALSE) { return $str; } - + if (empty($charset)) { $charset = config_item('charset'); } - // The reason we are not using html_entity_decode() by itself is because - // while it is not technically correct to leave out the semicolon - // at the end of an entity most browsers will still interpret the entity - // correctly. html_entity_decode() does not convert entities without - // semicolons, so we are left with our own little solution here. Bummer. - - if (function_exists('html_entity_decode') && - (strtolower($charset) != 'utf-8')) - { - $str = html_entity_decode($str, ENT_COMPAT, $charset); - $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); - return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); - } - - // Numeric Entities - $str = preg_replace('~&#x(0*[0-9a-f]{2,5});{0,1}~ei', 'chr(hexdec("\\1"))', $str); - $str = preg_replace('~&#([0-9]{2,4});{0,1}~e', 'chr(\\1)', $str); - - // Literal Entities - Slightly slow so we do another check - if (stristr($str, '&') === FALSE) - { - $str = strtr($str, array_flip(get_html_translation_table(HTML_ENTITIES))); - } - - return $str; + $str = html_entity_decode($str, ENT_COMPAT, $charset); + $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); + return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); } // -------------------------------------------------------------------- @@ -576,38 +530,23 @@ class CI_Security { public function sanitize_filename($str, $relative_path = FALSE) { $bad = array( - "../", - "<!--", - "-->", - "<", - ">", - "'", - '"', - '&', - '$', - '#', - '{', - '}', - '[', - ']', - '=', - ';', - '?', - "%20", - "%22", - "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; - "%3d" // = - ); + '../', '<!--', '-->', '<', '>', + "'", '"', '&', '$', '#', + '{', '}', '[', ']', '=', + ';', '?', '%20', '%22', + '%3c', // < + '%253c', // < + '%3e', // > + '%0e', // > + '%28', // ( + '%29', // ) + '%2528', // ( + '%26', // & + '%24', // $ + '%3f', // ? + '%3b', // ; + '%3d' // = + ); if ( ! $relative_path) { @@ -622,13 +561,26 @@ class CI_Security { // ---------------------------------------------------------------- /** + * Strip Image Tags + * + * @param string + * @return string + */ + public function strip_image_tags($str) + { + return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + } + + // ---------------------------------------------------------------- + + /** * Compact Exploded Words * * Callback function for xss_clean() to remove whitespace from * things like j a v a s c r i p t * - * @param type - * @return type + * @param array + * @return string */ protected function _compact_exploded_words($matches) { @@ -637,8 +589,8 @@ class CI_Security { // -------------------------------------------------------------------- - /* - * Remove Evil HTML Attributes (like evenhandlers and style) + /** + * Remove Evil HTML Attributes (like event handlers and style) * * It removes the evil attribute and either: * - Everything up until a space @@ -655,7 +607,7 @@ class CI_Security { protected function _remove_evil_attributes($str, $is_image) { // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns - $evil_attributes = array('on\w*', 'style', 'xmlns'); + $evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction'); if ($is_image === TRUE) { @@ -667,11 +619,32 @@ class CI_Security { } do { - $str = preg_replace( - "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i", - "<$1$6", - $str, -1, $count - ); + $count = 0; + $attribs = array(); + + // find occurrences of illegal attribute strings without quotes + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); + + foreach ($matches as $attr) + { + + $attribs[] = preg_quote($attr[0], '/'); + } + + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); + + foreach ($matches as $attr) + { + $attribs[] = preg_quote($attr[0], '/'); + } + + // replace illegal attribute strings that are inside an html tag + if (count($attribs) > 0) + { + $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><])([><]*)/i', '<$1 $3$5$6$7', $str, -1, $count); + } + } while ($count); return $str; @@ -689,14 +662,9 @@ class CI_Security { */ protected function _sanitize_naughty_html($matches) { - // encode opening brace - $str = '<'.$matches[1].$matches[2].$matches[3]; - - // encode captured opening or closing brace to prevent recursive vectors - $str .= str_replace(array('>', '<'), array('>', '<'), - $matches[4]); - - return $str; + return '<'.$matches[1].$matches[2].$matches[3] // encode opening brace + // encode captured opening or closing brace to prevent recursive vectors: + .str_replace(array('>', '<'), array('>', '<'), $matches[4]); } // -------------------------------------------------------------------- @@ -714,9 +682,12 @@ class CI_Security { */ protected function _js_link_removal($match) { - $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])); - - return str_replace($match[1], preg_replace("#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si", "", $attributes), $match[0]); + return str_replace($match[1], + preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', + '', + $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) + ), + $match[0]); } // -------------------------------------------------------------------- @@ -734,9 +705,12 @@ class CI_Security { */ protected function _js_img_removal($match) { - $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])); - - return str_replace($match[1], preg_replace("#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si", "", $attributes), $match[0]); + return str_replace($match[1], + preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', + '', + $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) + ), + $match[0]); } // -------------------------------------------------------------------- @@ -767,12 +741,11 @@ class CI_Security { protected function _filter_attributes($str) { $out = ''; - if (preg_match_all('#\s*[a-z\-]+\s*=\s*(\042|\047)([^\\1]*?)\\1#is', $str, $matches)) { foreach ($matches[0] as $match) { - $out .= preg_replace("#/\*.*?\*/#s", '', $match); + $out .= preg_replace('#/\*.*?\*/#s', '', $match); } } @@ -810,33 +783,28 @@ class CI_Security { * Protect GET variables in URLs */ - // 901119URL5918AMP18930PROTECT8198 - - $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str); + // 901119URL5918AMP18930PROTECT8198 + $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash().'\\1=\\2', $str); /* * Validate standard character entities * * Add a semicolon if missing. We do this to enable * the conversion of entities to ASCII later. - * */ - $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', "\\1;\\2", $str); + $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', '\\1;\\2', $str); /* * Validate UTF16 two byte encoding (x00) * * Just as above, adds a semicolon if missing. - * */ - $str = preg_replace('#(&\#x?)([0-9A-F]+);?#i',"\\1\\2;",$str); + $str = preg_replace('#(&\#x?)([0-9A-F]+);?#i', '\\1\\2;', $str); /* * Un-Protect GET variables in URLs */ - $str = str_replace($this->xss_hash(), '&', $str); - - return $str; + return str_replace($this->xss_hash(), '&', $str); } // ---------------------------------------------------------------------- @@ -851,14 +819,11 @@ class CI_Security { */ protected function _do_never_allowed($str) { - foreach ($this->_never_allowed_str as $key => $val) - { - $str = str_replace($key, $val, $str); - } + $str = str_replace(array_keys($this->_never_allowed_str), $this->_never_allowed_str, $str); - foreach ($this->_never_allowed_regex as $key => $val) + foreach ($this->_never_allowed_regex as $regex) { - $str = preg_replace("#".$key."#i", $val, $str); + $str = preg_replace('#'.$regex.'#is', '[removed]', $str); } return $str; @@ -873,19 +838,20 @@ class CI_Security { */ protected function _csrf_set_hash() { - if ($this->_csrf_hash == '') + if ($this->_csrf_hash === '') { // If the cookie exists we will use it's value. // We don't necessarily want to regenerate it with // each page load since a page could contain embedded // sub-pages causing this feature to fail if (isset($_COOKIE[$this->_csrf_cookie_name]) && - $_COOKIE[$this->_csrf_cookie_name] != '') + preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1) { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } - return $this->_csrf_hash = md5(uniqid(rand(), TRUE)); + $this->_csrf_hash = md5(uniqid(rand(), TRUE)); + $this->csrf_set_cookie(); } return $this->_csrf_hash; @@ -894,4 +860,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */
\ No newline at end of file +/* Location: ./system/core/Security.php */
\ No newline at end of file diff --git a/system/core/URI.php b/system/core/URI.php index 8946bc76b..6a8b1a5ac 100755..100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * URI Class * @@ -23,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category URI - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/uri.html */ class CI_URI { @@ -32,62 +42,61 @@ class CI_URI { * List of cached uri segments * * @var array - * @access public */ - var $keyval = array(); + public $keyval = array(); + /** * Current uri string * * @var string - * @access public */ - var $uri_string; + public $uri_string; + /** * List of uri segments * * @var array - * @access public */ - var $segments = array(); + public $segments = array(); + /** * Re-indexed list of uri segments * Starts at 1 instead of 0 * * @var array - * @access public */ - var $rsegments = array(); + public $rsegments = array(); /** * Constructor * - * Simply globalizes the $RTR object. The front + * Simply globalizes the $RTR object. The front * loads the Router class early on so it's not available * normally as other classes are. * - * @access public + * @return void */ - function __construct() + public function __construct() { $this->config =& load_class('Config', 'core'); - log_message('debug', "URI Class Initialized"); + log_message('debug', 'URI Class Initialized'); } - // -------------------------------------------------------------------- /** * Get the URI String * - * @access private - * @return string + * Called by CI_Router + * + * @return void */ - function _fetch_uri_string() + public function _fetch_uri_string() { - if (strtoupper($this->config->item('uri_protocol')) == 'AUTO') + if (strtoupper($this->config->item('uri_protocol')) === 'AUTO') { // Is the request coming from the command line? - if (php_sapi_name() == 'cli' or defined('STDIN')) + if ($this->_is_cli_request()) { $this->_set_uri_string($this->_parse_cli_args()); return; @@ -102,23 +111,23 @@ class CI_URI { // Is there a PATH_INFO variable? // Note: some servers seem to have trouble with getenv() so we'll test it two ways - $path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO'); - if (trim($path, '/') != '' && $path != "/".SELF) + $path = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO'); + if (trim($path, '/') !== '' && $path !== '/'.SELF) { $this->_set_uri_string($path); return; } // No PATH_INFO?... What about QUERY_STRING? - $path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING'); - if (trim($path, '/') != '') + $path = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING'); + if (trim($path, '/') !== '') { $this->_set_uri_string($path); return; } // As a last ditch effort lets try using the $_GET array - if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') + if (is_array($_GET) && count($_GET) === 1 && trim(key($_GET), '/') !== '') { $this->_set_uri_string(key($_GET)); return; @@ -131,18 +140,18 @@ class CI_URI { $uri = strtoupper($this->config->item('uri_protocol')); - if ($uri == 'REQUEST_URI') + if ($uri === 'REQUEST_URI') { $this->_set_uri_string($this->_detect_uri()); return; } - elseif ($uri == 'CLI') + elseif ($uri === 'CLI') { $this->_set_uri_string($this->_parse_cli_args()); return; } - $path = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri); + $path = isset($_SERVER[$uri]) ? $_SERVER[$uri] : @getenv($uri); $this->_set_uri_string($path); } @@ -151,17 +160,16 @@ class CI_URI { /** * Set the URI String * - * @access public * @param string - * @return string + * @return void */ - function _set_uri_string($str) + protected function _set_uri_string($str) { // Filter out control characters $str = remove_invisible_characters($str, FALSE); // If the URI contains only a slash we'll kill it - $this->uri_string = ($str == '/') ? '' : $str; + $this->uri_string = ($str === '/') ? '' : $str; } // -------------------------------------------------------------------- @@ -169,36 +177,39 @@ class CI_URI { /** * Detects the URI * - * This function will detect the URI automatically and fix the query string - * if necessary. + * This function will detect the URI automatically + * and fix the query string if necessary. * - * @access private * @return string */ protected function _detect_uri() { - if ( ! isset($_SERVER['REQUEST_URI']) OR ! isset($_SERVER['SCRIPT_NAME'])) + if ( ! isset($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME'])) { return ''; } - $uri = $_SERVER['REQUEST_URI']; - if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0) + if (strpos($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME']) === 0) + { + $uri = substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME'])); + } + elseif (strpos($_SERVER['REQUEST_URI'], dirname($_SERVER['SCRIPT_NAME'])) === 0) { - $uri = substr($uri, strlen($_SERVER['SCRIPT_NAME'])); + $uri = substr($_SERVER['REQUEST_URI'], strlen(dirname($_SERVER['SCRIPT_NAME']))); } - elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0) + else { - $uri = substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME']))); + $uri = $_SERVER['REQUEST_URI']; } // This section ensures that even on servers that require the URI to be in the query string (Nginx) a correct // URI is found, and also fixes the QUERY_STRING server var and $_GET array. - if (strncmp($uri, '?/', 2) === 0) + if (strpos($uri, '?/') === 0) { $uri = substr($uri, 2); } - $parts = preg_split('#\?#i', $uri, 2); + + $parts = explode('?', $uri, 2); $uri = $parts[0]; if (isset($parts[1])) { @@ -211,12 +222,12 @@ class CI_URI { $_GET = array(); } - if ($uri == '/' || empty($uri)) + if ($uri === '/' OR empty($uri)) { return '/'; } - $uri = parse_url($uri, PHP_URL_PATH); + $uri = parse_url('pseudo://hostname/'.$uri, PHP_URL_PATH); // Do some final cleaning of the URI and return it return str_replace(array('//', '../'), '/', trim($uri, '/')); @@ -225,18 +236,30 @@ class CI_URI { // -------------------------------------------------------------------- /** + * Is cli Request? + * + * Duplicate of function from the Input class to test to see if a request was made from the command line + * + * @return bool + */ + protected function _is_cli_request() + { + return (php_sapi_name() === 'cli') OR defined('STDIN'); + } + + // -------------------------------------------------------------------- + + /** * Parse cli arguments * * Take each command line argument and assume it is a URI segment. * - * @access private * @return string */ protected function _parse_cli_args() { $args = array_slice($_SERVER['argv'], 1); - - return $args ? '/' . implode('/', $args) : ''; + return $args ? '/'.implode('/', $args) : ''; } // -------------------------------------------------------------------- @@ -244,27 +267,28 @@ class CI_URI { /** * Filter segments for malicious characters * - * @access private + * Called by CI_Router + * * @param string * @return string */ - function _filter_uri($str) + public function _filter_uri($str) { - if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE) + if ($str !== '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') === FALSE) { // preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards // compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern - if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str)) + if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-')).']+$|i', urldecode($str))) { show_error('The URI you submitted has disallowed characters.', 400); } } - // Convert programatic characters to entities - $bad = array('$', '(', ')', '%28', '%29'); - $good = array('$', '(', ')', '(', ')'); - - return str_replace($bad, $good, $str); + // Convert programatic characters to entities and return + return str_replace( + array('$', '(', ')', '%28', '%29'), // Bad + array('$', '(', ')', '(', ')'), // Good + $str); } // -------------------------------------------------------------------- @@ -272,14 +296,17 @@ class CI_URI { /** * Remove the suffix from the URL if needed * - * @access private + * Called by CI_Router + * * @return void */ - function _remove_url_suffix() + public function _remove_url_suffix() { - if ($this->config->item('url_suffix') != "") + $suffix = (string) $this->config->item('url_suffix'); + + if ($suffix !== '' && ($offset = strrpos($this->uri_string, $suffix)) !== FALSE) { - $this->uri_string = preg_replace("|".preg_quote($this->config->item('url_suffix'))."$|", "", $this->uri_string); + $this->uri_string = substr_replace($this->uri_string, '', $offset, strlen($suffix)); } } @@ -289,17 +316,18 @@ class CI_URI { * Explode the URI Segments. The individual segments will * be stored in the $this->segments array. * - * @access private + * Called by CI_Router + * * @return void */ - function _explode_segments() + public function _explode_segments() { - foreach (explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val) + foreach (explode('/', preg_replace('|/*(.+?)/*$|', '\\1', $this->uri_string)) as $val) { // Filter segments for security $val = trim($this->_filter_uri($val)); - if ($val != '') + if ($val !== '') { $this->segments[] = $val; } @@ -307,18 +335,20 @@ class CI_URI { } // -------------------------------------------------------------------- + /** * Re-index Segments * * This function re-indexes the $this->segment array so that it - * starts at 1 rather than 0. Doing so makes it simpler to + * starts at 1 rather than 0. Doing so makes it simpler to * use functions like $this->uri->segment(n) since there is * a 1:1 relationship between the segment array and the actual segments. * - * @access private + * Called by CI_Router + * * @return void */ - function _reindex_segments() + public function _reindex_segments() { array_unshift($this->segments, NULL); array_unshift($this->rsegments, NULL); @@ -333,14 +363,13 @@ class CI_URI { * * This function returns the URI segment based on the number provided. * - * @access public - * @param integer - * @param bool + * @param int + * @param mixed * @return string */ - function segment($n, $no_result = FALSE) + public function segment($n, $no_result = NULL) { - return ( ! isset($this->segments[$n])) ? $no_result : $this->segments[$n]; + return isset($this->segments[$n]) ? $this->segments[$n] : $no_result; } // -------------------------------------------------------------------- @@ -349,17 +378,16 @@ class CI_URI { * Fetch a URI "routed" Segment * * This function returns the re-routed URI segment (assuming routing rules are used) - * based on the number provided. If there is no routing this function returns the + * based on the number provided. If there is no routing this function returns the * same result as $this->segment() * - * @access public - * @param integer - * @param bool + * @param int + * @param mixed * @return string */ - function rsegment($n, $no_result = FALSE) + public function rsegment($n, $no_result = NULL) { - return ( ! isset($this->rsegments[$n])) ? $no_result : $this->rsegments[$n]; + return isset($this->rsegments[$n]) ? $this->rsegments[$n] : $no_result; } // -------------------------------------------------------------------- @@ -380,25 +408,25 @@ class CI_URI { * gender => male * ) * - * @access public - * @param integer the starting segment number + * @param int the starting segment number * @param array an array of default values * @return array */ - function uri_to_assoc($n = 3, $default = array()) + public function uri_to_assoc($n = 3, $default = array()) { return $this->_uri_to_assoc($n, $default, 'segment'); } + + // -------------------------------------------------------------------- + /** * Identical to above only it uses the re-routed segment array * - * @access public - * @param integer the starting segment number + * @param int the starting segment number * @param array an array of default values * @return array - * */ - function ruri_to_assoc($n = 3, $default = array()) + public function ruri_to_assoc($n = 3, $default = array()) { return $this->_uri_to_assoc($n, $default, 'rsegment'); } @@ -408,25 +436,13 @@ class CI_URI { /** * Generate a key value pair from the URI string or Re-routed URI string * - * @access private - * @param integer the starting segment number + * @param int the starting segment number * @param array an array of default values * @param string which array we should use * @return array */ - function _uri_to_assoc($n = 3, $default = array(), $which = 'segment') + protected function _uri_to_assoc($n = 3, $default = array(), $which = 'segment') { - if ($which == 'segment') - { - $total_segments = 'total_segments'; - $segment_array = 'segment_array'; - } - else - { - $total_segments = 'total_rsegments'; - $segment_array = 'rsegment_array'; - } - if ( ! is_numeric($n)) { return $default; @@ -437,23 +453,25 @@ class CI_URI { return $this->keyval[$n]; } - if ($this->$total_segments() < $n) + if ($which === 'segment') { - if (count($default) == 0) - { - return array(); - } + $total_segments = 'total_segments'; + $segment_array = 'segment_array'; + } + else + { + $total_segments = 'total_rsegments'; + $segment_array = 'rsegment_array'; + } - $retval = array(); - foreach ($default as $val) - { - $retval[$val] = FALSE; - } - return $retval; + if ($this->$total_segments() < $n) + { + return (count($default) === 0) + ? array() + : array_fill_keys($default, NULL); } $segments = array_slice($this->$segment_array(), ($n - 1)); - $i = 0; $lastval = ''; $retval = array(); @@ -465,7 +483,7 @@ class CI_URI { } else { - $retval[$seg] = FALSE; + $retval[$seg] = NULL; $lastval = $seg; } @@ -478,7 +496,7 @@ class CI_URI { { if ( ! array_key_exists($val, $retval)) { - $retval[$val] = FALSE; + $retval[$val] = NULL; } } } @@ -493,15 +511,13 @@ class CI_URI { /** * Generate a URI string from an associative array * - * - * @access public * @param array an associative array of key/values * @return array */ - function assoc_to_uri($array) + public function assoc_to_uri($array) { $temp = array(); - foreach ((array)$array as $key => $val) + foreach ((array) $array as $key => $val) { $temp[] = $key; $temp[] = $val; @@ -515,12 +531,11 @@ class CI_URI { /** * Fetch a URI Segment and add a trailing slash * - * @access public - * @param integer + * @param int * @param string * @return string */ - function slash_segment($n, $where = 'trailing') + public function slash_segment($n, $where = 'trailing') { return $this->_slash_segment($n, $where, 'segment'); } @@ -530,12 +545,11 @@ class CI_URI { /** * Fetch a URI Segment and add a trailing slash * - * @access public - * @param integer + * @param int * @param string * @return string */ - function slash_rsegment($n, $where = 'trailing') + public function slash_rsegment($n, $where = 'trailing') { return $this->_slash_segment($n, $where, 'rsegment'); } @@ -545,22 +559,20 @@ class CI_URI { /** * Fetch a URI Segment and add a trailing slash - helper function * - * @access private - * @param integer + * @param int * @param string * @param string * @return string */ - function _slash_segment($n, $where = 'trailing', $which = 'segment') + protected function _slash_segment($n, $where = 'trailing', $which = 'segment') { - $leading = '/'; - $trailing = '/'; + $leading = $trailing = '/'; - if ($where == 'trailing') + if ($where === 'trailing') { $leading = ''; } - elseif ($where == 'leading') + elseif ($where === 'leading') { $trailing = ''; } @@ -573,10 +585,9 @@ class CI_URI { /** * Segment Array * - * @access public * @return array */ - function segment_array() + public function segment_array() { return $this->segments; } @@ -586,10 +597,9 @@ class CI_URI { /** * Routed Segment Array * - * @access public * @return array */ - function rsegment_array() + public function rsegment_array() { return $this->rsegments; } @@ -599,10 +609,9 @@ class CI_URI { /** * Total number of segments * - * @access public - * @return integer + * @return int */ - function total_segments() + public function total_segments() { return count($this->segments); } @@ -612,10 +621,9 @@ class CI_URI { /** * Total number of routed segments * - * @access public - * @return integer + * @return int */ - function total_rsegments() + public function total_rsegments() { return count($this->rsegments); } @@ -625,10 +633,9 @@ class CI_URI { /** * Fetch the entire URI string * - * @access public * @return string */ - function uri_string() + public function uri_string() { return $this->uri_string; } @@ -639,16 +646,14 @@ class CI_URI { /** * Fetch the entire Re-routed URI string * - * @access public * @return string */ - function ruri_string() + public function ruri_string() { - return '/'.implode('/', $this->rsegment_array()); + return implode('/', $this->rsegment_array()); } } -// END URI Class /* End of file URI.php */ /* Location: ./system/core/URI.php */
\ No newline at end of file diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 2a27d1f35..0a7ec501c 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -1,20 +1,30 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 2.0 * @filesource */ -// ------------------------------------------------------------------------ - /** * Utf8 Class * @@ -23,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category UTF-8 - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/utf8.html */ class CI_Utf8 { @@ -33,23 +43,23 @@ class CI_Utf8 { * * Determines if UTF-8 support is to be enabled * + * @return void */ - function __construct() + public function __construct() { - log_message('debug', "Utf8 Class Initialized"); + log_message('debug', 'Utf8 Class Initialized'); global $CFG; if ( - preg_match('/./u', 'é') === 1 // PCRE must support UTF-8 - AND function_exists('iconv') // iconv must be installed - AND ini_get('mbstring.func_overload') != 1 // Multibyte string function overloading cannot be enabled - AND $CFG->item('charset') == 'UTF-8' // Application charset must be UTF-8 + @preg_match('/./u', 'é') === 1 // PCRE must support UTF-8 + && function_exists('iconv') // iconv must be installed + && (bool) @ini_get('mbstring.func_overload') !== TRUE // Multibyte string function overloading cannot be enabled + && $CFG->item('charset') === 'UTF-8' // Application charset must be UTF-8 ) { - log_message('debug', "UTF-8 Support Enabled"); - define('UTF8_ENABLED', TRUE); + log_message('debug', 'UTF-8 Support Enabled'); // set internal encoding for multibyte string functions if necessary // and set a flag so we don't have to repeatedly use extension_loaded() @@ -66,8 +76,8 @@ class CI_Utf8 { } else { - log_message('debug', "UTF-8 Support Disabled"); define('UTF8_ENABLED', FALSE); + log_message('debug', 'UTF-8 Support Disabled'); } } @@ -78,11 +88,10 @@ class CI_Utf8 { * * Ensures strings are UTF-8 * - * @access public * @param string * @return string */ - function clean_string($str) + public function clean_string($str) { if ($this->_is_ascii($str) === FALSE) { @@ -101,11 +110,10 @@ class CI_Utf8 { * line feeds, and carriage returns, as all others can cause * problems in XML * - * @access public * @param string * @return string */ - function safe_ascii_for_xml($str) + public function safe_ascii_for_xml($str) { return remove_invisible_characters($str, FALSE); } @@ -117,27 +125,22 @@ class CI_Utf8 { * * Attempts to convert a string to UTF-8 * - * @access public * @param string - * @param string - input encoding + * @param string input encoding * @return string */ - function convert_to_utf8($str, $encoding) + public function convert_to_utf8($str, $encoding) { if (function_exists('iconv')) { - $str = @iconv($encoding, 'UTF-8', $str); + return @iconv($encoding, 'UTF-8', $str); } elseif (function_exists('mb_convert_encoding')) { - $str = @mb_convert_encoding($str, 'UTF-8', $encoding); - } - else - { - return FALSE; + return @mb_convert_encoding($str, 'UTF-8', $encoding); } - return $str; + return FALSE; } // -------------------------------------------------------------------- @@ -147,19 +150,15 @@ class CI_Utf8 { * * Tests if a string is standard 7-bit ASCII or not * - * @access public * @param string * @return bool */ - function _is_ascii($str) + protected function _is_ascii($str) { - return (preg_match('/[^\x00-\x7F]/S', $str) == 0); + return (preg_match('/[^\x00-\x7F]/S', $str) === 0); } - // -------------------------------------------------------------------- - } -// End Utf8 Class /* End of file Utf8.php */ /* Location: ./system/core/Utf8.php */
\ No newline at end of file |