summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
authorEric Barnes <eric@ericlbarnes.com>2011-08-29 05:59:15 +0200
committerEric Barnes <eric@ericlbarnes.com>2011-08-29 05:59:15 +0200
commit65faf9fb927cd20bc0b98f0f33ae662a2611c6de (patch)
treeed0677704edeb364ed17080b8c993e894550c024 /system
parent91249f1154c6cc078afbf23faa60b9f6414ab597 (diff)
parent4f17de94737f5eb9e1230f7d854dea611ebd9901 (diff)
Merge branch 'develop' into feature/unit-tests
Diffstat (limited to 'system')
-rwxr-xr-xsystem/core/CodeIgniter.php2
-rw-r--r--system/core/Common.php30
-rwxr-xr-xsystem/core/Input.php8
-rwxr-xr-xsystem/core/Lang.php4
-rwxr-xr-xsystem/core/Loader.php4
-rwxr-xr-xsystem/core/Security.php26
-rwxr-xr-xsystem/core/URI.php4
-rw-r--r--system/database/drivers/oci8/oci8_driver.php1
-rw-r--r--system/database/drivers/odbc/odbc_driver.php2
-rw-r--r--system/helpers/date_helper.php66
-rwxr-xr-x[-rw-r--r--]system/helpers/url_helper.php4
-rw-r--r--system/libraries/Image_lib.php2
-rw-r--r--system/libraries/Log.php21
-rw-r--r--system/libraries/Migration.php2
-rw-r--r--system/libraries/Profiler.php4
15 files changed, 148 insertions, 32 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 0a1391d18..aca4fb23c 100755
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -39,7 +39,7 @@
* @var string
*
*/
- define('CI_VERSION', '2.0.2');
+ define('CI_VERSION', '2.1.0-dev');
/**
* CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
diff --git a/system/core/Common.php b/system/core/Common.php
index db9fbeb9f..d79375475 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -132,9 +132,9 @@ if ( ! function_exists('load_class'))
$name = FALSE;
- // Look for the class first in the native system/libraries folder
- // thenin the local application/libraries folder
- foreach (array(BASEPATH, APPPATH) as $path)
+ // Look for the class first in the local application/libraries folder
+ // then in the native system/libraries folder
+ foreach (array(APPPATH, BASEPATH) as $path)
{
if (file_exists($path.$directory.'/'.$class.'.php'))
{
@@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters'))
}
}
+// ------------------------------------------------------------------------
+
+/**
+* Returns HTML escaped variable
+*
+* @access public
+* @param mixed
+* @return mixed
+*/
+if ( ! function_exists('html_escape'))
+{
+ function html_escape($var)
+ {
+ if (is_array($var))
+ {
+ return array_map('html_escape', $var);
+ }
+ else
+ {
+ return htmlspecialchars($var, ENT_QUOTES, config_item('charset'));
+ }
+ }
+}
+
/* End of file Common.php */
/* Location: ./system/core/Common.php */ \ No newline at end of file
diff --git a/system/core/Input.php b/system/core/Input.php
index 5a033e7b8..0dc2c4550 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -323,13 +323,13 @@ class CI_Input {
$this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
- elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
+ elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR'))
{
- $this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
+ $this->ip_address = $_SERVER['REMOTE_ADDR'];
}
- elseif ($this->server('REMOTE_ADDR'))
+ elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
{
- $this->ip_address = $_SERVER['REMOTE_ADDR'];
+ $this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ($this->server('HTTP_CLIENT_IP'))
{
diff --git a/system/core/Lang.php b/system/core/Lang.php
index 5ac671838..d61d1029a 100755
--- a/system/core/Lang.php
+++ b/system/core/Lang.php
@@ -112,7 +112,7 @@ class CI_Lang {
}
- if ( ! isset($lang))
+ if ( ! isset($lang) OR ! is_array($lang))
{
log_message('error', 'Language file contains no data: language/'.$idiom.'/'.$langfile);
return;
@@ -124,7 +124,7 @@ class CI_Lang {
}
$this->is_loaded[] = $langfile;
- $this->language = array_merge($this->language, $lang);
+ $this->language = $this->language + $lang;
unset($lang);
log_message('debug', 'Language file loaded: language/'.$idiom.'/'.$langfile);
diff --git a/system/core/Loader.php b/system/core/Loader.php
index e7fa3d3f6..de0fc06d2 100755
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -127,7 +127,7 @@ class CI_Loader {
$this->_ci_library_paths = array(APPPATH, BASEPATH);
$this->_ci_helper_paths = array(APPPATH, BASEPATH);
$this->_ci_model_paths = array(APPPATH);
- $this->_ci_view_paths = array(APPPATH.'views/' => TRUE);
+ $this->_ci_view_paths = array(VIEWPATH => TRUE);
log_message('debug', "Loader Class Initialized");
}
@@ -1106,7 +1106,7 @@ class CI_Loader {
* @param array
* @return void
*/
- private function _ci_autoloader()
+ protected function _ci_autoloader()
{
if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php'))
{
diff --git a/system/core/Security.php b/system/core/Security.php
index dcc680a11..342455f27 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -33,6 +33,7 @@ class CI_Security {
* @access protected
*/
protected $_xss_hash = '';
+
/**
* Random Hash for Cross Site Request Forgery Protection Cookie
*
@@ -40,6 +41,7 @@ class CI_Security {
* @access protected
*/
protected $_csrf_hash = '';
+
/**
* Expiration time for Cross Site Request Forgery Protection Cookie
* Defaults to two hours (in seconds)
@@ -48,6 +50,7 @@ class CI_Security {
* @access protected
*/
protected $_csrf_expire = 7200;
+
/**
* Token name for Cross Site Request Forgery Protection Cookie
*
@@ -55,6 +58,7 @@ class CI_Security {
* @access protected
*/
protected $_csrf_token_name = 'ci_csrf_token';
+
/**
* Cookie name for Cross Site Request Forgery Protection Cookie
*
@@ -62,12 +66,14 @@ class CI_Security {
* @access protected
*/
protected $_csrf_cookie_name = 'ci_csrf_token';
+
/**
* List of never allowed strings
*
* @var array
* @access protected
*/
+
protected $_never_allowed_str = array(
'document.cookie' => '[removed]',
'document.write' => '[removed]',
@@ -80,7 +86,6 @@ class CI_Security {
'<![CDATA[' => '&lt;![CDATA['
);
- /* never allowed, regex replacement */
/**
* List of never allowed regex replacement
*
@@ -134,6 +139,16 @@ class CI_Security {
{
return $this->csrf_set_cookie();
}
+
+ // Check if URI has been whitelisted from CSRF checks
+ if ($exclude_uris = config_item('csrf_exclude_uris'))
+ {
+ $uri = load_class('URI', 'core');
+ if (in_array($uri->uri_string(), $exclude_uris))
+ {
+ return $this;
+ }
+ }
// Do the tokens exist in both the _POST and _COOKIE arrays?
if ( ! isset($_POST[$this->_csrf_token_name]) OR
@@ -156,9 +171,9 @@ class CI_Security {
unset($_COOKIE[$this->_csrf_cookie_name]);
$this->_csrf_set_hash();
$this->csrf_set_cookie();
-
- log_message('debug', "CSRF token verified ");
-
+
+ log_message('debug', "CSRF token verified");
+
return $this;
}
@@ -869,7 +884,6 @@ class CI_Security {
}
}
-// END Security Class
/* End of file Security.php */
-/* Location: ./system/libraries/Security.php */
+/* Location: ./system/libraries/Security.php */ \ No newline at end of file
diff --git a/system/core/URI.php b/system/core/URI.php
index 51c2191af..e58bdf731 100755
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -175,7 +175,7 @@ class CI_URI {
* @access private
* @return string
*/
- private function _detect_uri()
+ protected function _detect_uri()
{
if ( ! isset($_SERVER['REQUEST_URI']) OR ! isset($_SERVER['SCRIPT_NAME']))
{
@@ -247,7 +247,7 @@ class CI_URI {
* @access private
* @return string
*/
- private function _parse_cli_args()
+ protected function _parse_cli_args()
{
$args = array_slice($_SERVER['argv'], 1);
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 42cfaaefb..d4adfd528 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -404,6 +404,7 @@ class CI_DB_oci8_driver extends CI_DB {
}
$str = remove_invisible_characters($str);
+ $str = str_replace("'", "''", $str);
// escape LIKE condition wildcards
if ($like === TRUE)
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index 5e764e071..08cd27b6c 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -50,7 +50,7 @@ class CI_DB_odbc_driver extends CI_DB {
function CI_DB_odbc_driver($params)
{
- parent::CI_DB($params);
+ parent::CI_DB_driver($params);
$this->_random_keyword = ' RND('.time().')'; // database specific random keyword
}
diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php
index ce37ad9a3..f1febfa1a 100644
--- a/system/helpers/date_helper.php
+++ b/system/helpers/date_helper.php
@@ -492,6 +492,72 @@ if ( ! function_exists('human_to_unix'))
// ------------------------------------------------------------------------
/**
+ * Turns many "reasonably-date-like" strings into something
+ * that is actually useful. This only works for dates after unix epoch.
+ *
+ * @access public
+ * @param string The terribly formatted date-like string
+ * @param string Date format to return (same as php date function)
+ * @return string
+ */
+if ( ! function_exists('nice_date'))
+{
+ function nice_date($bad_date='', $format=false)
+ {
+ if (empty($bad_date))
+ {
+ return 'Unknown';
+ }
+ // Date like: YYYYMM
+ if (preg_match('/^\d{6}$/',$bad_date))
+ {
+ //echo $bad_date." ";
+ if (in_array(substr($bad_date, 0, 2),array('19', '20')))
+ {
+ $year = substr($bad_date, 0, 4);
+ $month = substr($bad_date, 4, 2);
+ }
+ else
+ {
+ $month = substr($bad_date, 0, 2);
+ $year = substr($bad_date, 2, 4);
+ }
+ return date($format, strtotime($year . '-' . $month . '-01'));
+
+ }
+
+ // Date Like: YYYYMMDD
+ if (preg_match('/^\d{8}$/',$bad_date))
+ {
+ $month = substr($bad_date, 0, 2);
+ $day = substr($bad_date, 2, 2);
+ $year = substr($bad_date, 4, 4);
+ return date($format, strtotime($month . '/01/' . $year));
+ }
+
+ // Date Like: MM-DD-YYYY __or__ M-D-YYYY (or anything in between)
+ if (preg_match('/^\d{1,2}-\d{1,2}-\d{4}$/',$bad_date))
+ {
+ list($m, $d, $y) = explode('-', $bad_date);
+ return date($format, strtotime("{$y}-{$m}-{$d}"));
+ }
+
+ // Any other kind of string, when converted into UNIX time,
+ // produces "0 seconds after epoc..." is probably bad...
+ // return "Invalid Date".
+ if (date('U', strtotime($bad_date)) == '0')
+ {
+ return "Invalid Date";
+ }
+
+ // It's probably a valid-ish date format already
+ return date($format, strtotime($bad_date));
+ }
+}
+
+// ------------------------------------------------------------------------
+
+/**
* Timezone Menu
*
* Generates a drop-down menu of timezones.
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index 9f4b85248..c524dddd1 100644..100755
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -512,7 +512,7 @@ if ( ! function_exists('url_title'))
$str = strtolower($str);
}
- return trim(stripslashes($str));
+ return trim(trim(stripslashes($str)), $replace);
}
}
@@ -527,7 +527,7 @@ if ( ! function_exists('url_title'))
*
* @access public
* @param string the URL
- * @param string the method: location or redirect
+ * @param string the method: location or refresh
* @return string
*/
if ( ! function_exists('redirect'))
diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php
index 8902f524d..a8a0387d8 100644
--- a/system/libraries/Image_lib.php
+++ b/system/libraries/Image_lib.php
@@ -1334,7 +1334,7 @@ class CI_Image_lib {
return FALSE;
}
- $vals = @getimagesize($path);
+ $vals = getimagesize($path);
$types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
diff --git a/system/libraries/Log.php b/system/libraries/Log.php
index 9f1db76ba..bf10d4727 100644
--- a/system/libraries/Log.php
+++ b/system/libraries/Log.php
@@ -27,10 +27,12 @@
class CI_Log {
protected $_log_path;
- protected $_threshold = 1;
- protected $_date_fmt = 'Y-m-d H:i:s';
- protected $_enabled = TRUE;
- protected $_levels = array('ERROR' => '1', 'DEBUG' => '2', 'INFO' => '3', 'ALL' => '4');
+ protected $_threshold = 1;
+ protected $_threshold_max = 0;
+ protected $_threshold_array = array();
+ protected $_date_fmt = 'Y-m-d H:i:s';
+ protected $_enabled = TRUE;
+ protected $_levels = array('ERROR' => '1', 'DEBUG' => '2', 'INFO' => '3', 'ALL' => '4');
/**
* Constructor
@@ -50,6 +52,11 @@ class CI_Log {
{
$this->_threshold = $config['log_threshold'];
}
+ elseif (is_array($config['log_threshold']))
+ {
+ $this->_threshold = $this->_threshold_max;
+ $this->_threshold_array = array_flip($config['log_threshold']);
+ }
if ($config['log_date_format'] != '')
{
@@ -80,9 +87,13 @@ class CI_Log {
if ( ! isset($this->_levels[$level]) OR ($this->_levels[$level] > $this->_threshold))
{
- return FALSE;
+ if (empty($this->_threshold_array) OR ! isset($this->_threshold_array[$this->_levels[$level]]))
+ {
+ return FALSE;
+ }
}
+
$filepath = $this->_log_path.'log-'.date('Y-m-d').'.php';
$message = '';
diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php
index 3943ec130..3734e18f5 100644
--- a/system/libraries/Migration.php
+++ b/system/libraries/Migration.php
@@ -57,7 +57,7 @@ class CI_Migration {
}
// If not set, set it
- $this->_migration_path == '' OR $this->_migration_path = APPPATH . 'migrations/';
+ $this->_migration_path == '' AND $this->_migration_path = APPPATH . 'migrations/';
// Add trailing slash if not set
$this->_migration_path = rtrim($this->_migration_path, '/').'/';
diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index 082a5ee1d..330acce73 100644
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -493,7 +493,7 @@ class CI_Profiler {
*
* @return string
*/
- private function _compile_session_data()
+ protected function _compile_session_data()
{
if ( ! isset($this->CI->session))
{
@@ -555,4 +555,4 @@ class CI_Profiler {
// END CI_Profiler class
/* End of file Profiler.php */
-/* Location: ./system/libraries/Profiler.php */ \ No newline at end of file
+/* Location: ./system/libraries/Profiler.php */