diff options
| author | Eric Barnes <eric@ericlbarnes.com> | 2011-08-29 05:59:15 +0200 |
|---|---|---|
| committer | Eric Barnes <eric@ericlbarnes.com> | 2011-08-29 05:59:15 +0200 |
| commit | 65faf9fb927cd20bc0b98f0f33ae662a2611c6de (patch) | |
| tree | ed0677704edeb364ed17080b8c993e894550c024 /system | |
| parent | 91249f1154c6cc078afbf23faa60b9f6414ab597 (diff) | |
| parent | 4f17de94737f5eb9e1230f7d854dea611ebd9901 (diff) | |
Merge branch 'develop' into feature/unit-tests
Diffstat (limited to 'system')
| -rwxr-xr-x | system/core/CodeIgniter.php | 2 | ||||
| -rw-r--r-- | system/core/Common.php | 30 | ||||
| -rwxr-xr-x | system/core/Input.php | 8 | ||||
| -rwxr-xr-x | system/core/Lang.php | 4 | ||||
| -rwxr-xr-x | system/core/Loader.php | 4 | ||||
| -rwxr-xr-x | system/core/Security.php | 26 | ||||
| -rwxr-xr-x | system/core/URI.php | 4 | ||||
| -rw-r--r-- | system/database/drivers/oci8/oci8_driver.php | 1 | ||||
| -rw-r--r-- | system/database/drivers/odbc/odbc_driver.php | 2 | ||||
| -rw-r--r-- | system/helpers/date_helper.php | 66 | ||||
| -rwxr-xr-x[-rw-r--r--] | system/helpers/url_helper.php | 4 | ||||
| -rw-r--r-- | system/libraries/Image_lib.php | 2 | ||||
| -rw-r--r-- | system/libraries/Log.php | 21 | ||||
| -rw-r--r-- | system/libraries/Migration.php | 2 | ||||
| -rw-r--r-- | system/libraries/Profiler.php | 4 |
15 files changed, 148 insertions, 32 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 0a1391d18..aca4fb23c 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -39,7 +39,7 @@ * @var string * */ - define('CI_VERSION', '2.0.2'); + define('CI_VERSION', '2.1.0-dev'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) diff --git a/system/core/Common.php b/system/core/Common.php index db9fbeb9f..d79375475 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -132,9 +132,9 @@ if ( ! function_exists('load_class')) $name = FALSE; - // Look for the class first in the native system/libraries folder - // thenin the local application/libraries folder - foreach (array(BASEPATH, APPPATH) as $path) + // Look for the class first in the local application/libraries folder + // then in the native system/libraries folder + foreach (array(APPPATH, BASEPATH) as $path) { if (file_exists($path.$directory.'/'.$class.'.php')) { @@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters')) } } +// ------------------------------------------------------------------------ + +/** +* Returns HTML escaped variable +* +* @access public +* @param mixed +* @return mixed +*/ +if ( ! function_exists('html_escape')) +{ + function html_escape($var) + { + if (is_array($var)) + { + return array_map('html_escape', $var); + } + else + { + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + } + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */
\ No newline at end of file diff --git a/system/core/Input.php b/system/core/Input.php index 5a033e7b8..0dc2c4550 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -323,13 +323,13 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; + $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR')) + elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) { - $this->ip_address = $_SERVER['REMOTE_ADDR']; + $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } elseif ($this->server('HTTP_CLIENT_IP')) { diff --git a/system/core/Lang.php b/system/core/Lang.php index 5ac671838..d61d1029a 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -112,7 +112,7 @@ class CI_Lang { } - if ( ! isset($lang)) + if ( ! isset($lang) OR ! is_array($lang)) { log_message('error', 'Language file contains no data: language/'.$idiom.'/'.$langfile); return; @@ -124,7 +124,7 @@ class CI_Lang { } $this->is_loaded[] = $langfile; - $this->language = array_merge($this->language, $lang); + $this->language = $this->language + $lang; unset($lang); log_message('debug', 'Language file loaded: language/'.$idiom.'/'.$langfile); diff --git a/system/core/Loader.php b/system/core/Loader.php index e7fa3d3f6..de0fc06d2 100755 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -127,7 +127,7 @@ class CI_Loader { $this->_ci_library_paths = array(APPPATH, BASEPATH); $this->_ci_helper_paths = array(APPPATH, BASEPATH); $this->_ci_model_paths = array(APPPATH); - $this->_ci_view_paths = array(APPPATH.'views/' => TRUE); + $this->_ci_view_paths = array(VIEWPATH => TRUE); log_message('debug', "Loader Class Initialized"); } @@ -1106,7 +1106,7 @@ class CI_Loader { * @param array * @return void */ - private function _ci_autoloader() + protected function _ci_autoloader() { if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) { diff --git a/system/core/Security.php b/system/core/Security.php index dcc680a11..342455f27 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -33,6 +33,7 @@ class CI_Security { * @access protected */ protected $_xss_hash = ''; + /** * Random Hash for Cross Site Request Forgery Protection Cookie * @@ -40,6 +41,7 @@ class CI_Security { * @access protected */ protected $_csrf_hash = ''; + /** * Expiration time for Cross Site Request Forgery Protection Cookie * Defaults to two hours (in seconds) @@ -48,6 +50,7 @@ class CI_Security { * @access protected */ protected $_csrf_expire = 7200; + /** * Token name for Cross Site Request Forgery Protection Cookie * @@ -55,6 +58,7 @@ class CI_Security { * @access protected */ protected $_csrf_token_name = 'ci_csrf_token'; + /** * Cookie name for Cross Site Request Forgery Protection Cookie * @@ -62,12 +66,14 @@ class CI_Security { * @access protected */ protected $_csrf_cookie_name = 'ci_csrf_token'; + /** * List of never allowed strings * * @var array * @access protected */ + protected $_never_allowed_str = array( 'document.cookie' => '[removed]', 'document.write' => '[removed]', @@ -80,7 +86,6 @@ class CI_Security { '<![CDATA[' => '<![CDATA[' ); - /* never allowed, regex replacement */ /** * List of never allowed regex replacement * @@ -134,6 +139,16 @@ class CI_Security { { return $this->csrf_set_cookie(); } + + // Check if URI has been whitelisted from CSRF checks + if ($exclude_uris = config_item('csrf_exclude_uris')) + { + $uri = load_class('URI', 'core'); + if (in_array($uri->uri_string(), $exclude_uris)) + { + return $this; + } + } // Do the tokens exist in both the _POST and _COOKIE arrays? if ( ! isset($_POST[$this->_csrf_token_name]) OR @@ -156,9 +171,9 @@ class CI_Security { unset($_COOKIE[$this->_csrf_cookie_name]); $this->_csrf_set_hash(); $this->csrf_set_cookie(); - - log_message('debug', "CSRF token verified "); - + + log_message('debug', "CSRF token verified"); + return $this; } @@ -869,7 +884,6 @@ class CI_Security { } } -// END Security Class /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */ +/* Location: ./system/libraries/Security.php */
\ No newline at end of file diff --git a/system/core/URI.php b/system/core/URI.php index 51c2191af..e58bdf731 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -175,7 +175,7 @@ class CI_URI { * @access private * @return string */ - private function _detect_uri() + protected function _detect_uri() { if ( ! isset($_SERVER['REQUEST_URI']) OR ! isset($_SERVER['SCRIPT_NAME'])) { @@ -247,7 +247,7 @@ class CI_URI { * @access private * @return string */ - private function _parse_cli_args() + protected function _parse_cli_args() { $args = array_slice($_SERVER['argv'], 1); diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 42cfaaefb..d4adfd528 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -404,6 +404,7 @@ class CI_DB_oci8_driver extends CI_DB { } $str = remove_invisible_characters($str); + $str = str_replace("'", "''", $str); // escape LIKE condition wildcards if ($like === TRUE) diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 5e764e071..08cd27b6c 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -50,7 +50,7 @@ class CI_DB_odbc_driver extends CI_DB { function CI_DB_odbc_driver($params) { - parent::CI_DB($params); + parent::CI_DB_driver($params); $this->_random_keyword = ' RND('.time().')'; // database specific random keyword } diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index ce37ad9a3..f1febfa1a 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -492,6 +492,72 @@ if ( ! function_exists('human_to_unix')) // ------------------------------------------------------------------------ /** + * Turns many "reasonably-date-like" strings into something + * that is actually useful. This only works for dates after unix epoch. + * + * @access public + * @param string The terribly formatted date-like string + * @param string Date format to return (same as php date function) + * @return string + */ +if ( ! function_exists('nice_date')) +{ + function nice_date($bad_date='', $format=false) + { + if (empty($bad_date)) + { + return 'Unknown'; + } + // Date like: YYYYMM + if (preg_match('/^\d{6}$/',$bad_date)) + { + //echo $bad_date." "; + if (in_array(substr($bad_date, 0, 2),array('19', '20'))) + { + $year = substr($bad_date, 0, 4); + $month = substr($bad_date, 4, 2); + } + else + { + $month = substr($bad_date, 0, 2); + $year = substr($bad_date, 2, 4); + } + return date($format, strtotime($year . '-' . $month . '-01')); + + } + + // Date Like: YYYYMMDD + if (preg_match('/^\d{8}$/',$bad_date)) + { + $month = substr($bad_date, 0, 2); + $day = substr($bad_date, 2, 2); + $year = substr($bad_date, 4, 4); + return date($format, strtotime($month . '/01/' . $year)); + } + + // Date Like: MM-DD-YYYY __or__ M-D-YYYY (or anything in between) + if (preg_match('/^\d{1,2}-\d{1,2}-\d{4}$/',$bad_date)) + { + list($m, $d, $y) = explode('-', $bad_date); + return date($format, strtotime("{$y}-{$m}-{$d}")); + } + + // Any other kind of string, when converted into UNIX time, + // produces "0 seconds after epoc..." is probably bad... + // return "Invalid Date". + if (date('U', strtotime($bad_date)) == '0') + { + return "Invalid Date"; + } + + // It's probably a valid-ish date format already + return date($format, strtotime($bad_date)); + } +} + +// ------------------------------------------------------------------------ + +/** * Timezone Menu * * Generates a drop-down menu of timezones. diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 9f4b85248..c524dddd1 100644..100755 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -512,7 +512,7 @@ if ( ! function_exists('url_title')) $str = strtolower($str); } - return trim(stripslashes($str)); + return trim(trim(stripslashes($str)), $replace); } } @@ -527,7 +527,7 @@ if ( ! function_exists('url_title')) * * @access public * @param string the URL - * @param string the method: location or redirect + * @param string the method: location or refresh * @return string */ if ( ! function_exists('redirect')) diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index 8902f524d..a8a0387d8 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -1334,7 +1334,7 @@ class CI_Image_lib { return FALSE; } - $vals = @getimagesize($path); + $vals = getimagesize($path); $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png'); diff --git a/system/libraries/Log.php b/system/libraries/Log.php index 9f1db76ba..bf10d4727 100644 --- a/system/libraries/Log.php +++ b/system/libraries/Log.php @@ -27,10 +27,12 @@ class CI_Log { protected $_log_path; - protected $_threshold = 1; - protected $_date_fmt = 'Y-m-d H:i:s'; - protected $_enabled = TRUE; - protected $_levels = array('ERROR' => '1', 'DEBUG' => '2', 'INFO' => '3', 'ALL' => '4'); + protected $_threshold = 1; + protected $_threshold_max = 0; + protected $_threshold_array = array(); + protected $_date_fmt = 'Y-m-d H:i:s'; + protected $_enabled = TRUE; + protected $_levels = array('ERROR' => '1', 'DEBUG' => '2', 'INFO' => '3', 'ALL' => '4'); /** * Constructor @@ -50,6 +52,11 @@ class CI_Log { { $this->_threshold = $config['log_threshold']; } + elseif (is_array($config['log_threshold'])) + { + $this->_threshold = $this->_threshold_max; + $this->_threshold_array = array_flip($config['log_threshold']); + } if ($config['log_date_format'] != '') { @@ -80,9 +87,13 @@ class CI_Log { if ( ! isset($this->_levels[$level]) OR ($this->_levels[$level] > $this->_threshold)) { - return FALSE; + if (empty($this->_threshold_array) OR ! isset($this->_threshold_array[$this->_levels[$level]])) + { + return FALSE; + } } + $filepath = $this->_log_path.'log-'.date('Y-m-d').'.php'; $message = ''; diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php index 3943ec130..3734e18f5 100644 --- a/system/libraries/Migration.php +++ b/system/libraries/Migration.php @@ -57,7 +57,7 @@ class CI_Migration { } // If not set, set it - $this->_migration_path == '' OR $this->_migration_path = APPPATH . 'migrations/'; + $this->_migration_path == '' AND $this->_migration_path = APPPATH . 'migrations/'; // Add trailing slash if not set $this->_migration_path = rtrim($this->_migration_path, '/').'/'; diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index 082a5ee1d..330acce73 100644 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -493,7 +493,7 @@ class CI_Profiler { * * @return string */ - private function _compile_session_data() + protected function _compile_session_data() { if ( ! isset($this->CI->session)) { @@ -555,4 +555,4 @@ class CI_Profiler { // END CI_Profiler class /* End of file Profiler.php */ -/* Location: ./system/libraries/Profiler.php */
\ No newline at end of file +/* Location: ./system/libraries/Profiler.php */ |