Merge branch 'develop' of git://github.com/EllisLab/CodeIgniter into patch

author: Timothy Warren <tim@timshomepage.net> 2012-05-14 21:29:30 +0200
committer: Timothy Warren <tim@timshomepage.net> 2012-05-14 21:29:30 +0200
commit: 43c216b998ccf8c8208b237e9e0d9c468c8a82e5 (patch)
tree: ff019239050f430990c664ff3dbf61545291445d /system
parent: 9e0be2ba2179a93200d16a72c74e2ac61f9a71d4 (diff)
parent: fff6c2a3caa1ce14e58fcb3ee0d937d17985eea1 (diff)
7 files changed, 60 insertions, 50 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 974e2e428..c82b69ff9 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -95,13 +95,14 @@ class CI_Security {
 	 *
 	 * @var array
 	 */
-	protected $_never_allowed_regex =	array(
+	protected $_never_allowed_regex = array(
 		'javascript\s*:',
 		'expression\s*(\(|&\#40;)', // CSS and IE
 		'vbscript\s*:', // IE, surprise!
-		'Redirect\s+302'
+		'Redirect\s+302',
+		"([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
 	);
-
+	
 	/**
 	 * Initialize security class
 	 */
@@ -365,10 +366,11 @@ class CI_Security {
 		 * These words are compacted back to their correct state.
 		 */
 		$words = array(
-			'javascript', 'expression', 'vbscript', 'script',
+			'javascript', 'expression', 'vbscript', 'script', 'base64',
 			'applet', 'alert', 'document', 'write', 'cookie', 'window'
 		);
 
+
 		foreach ($words as $word)
 		{
 			$word = implode('\s*', str_split($word)).'\s*';
@@ -605,10 +607,11 @@ class CI_Security {
 			$attribs = array();
 
 			// find occurrences of illegal attribute strings without quotes
-			preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s]*)/is', $str, $matches, PREG_SET_ORDER);
+			preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
 
 			foreach ($matches as $attr)
 			{
+
 				$attribs[] = preg_quote($attr[0], '/');
 			}
 
@@ -623,7 +626,7 @@ class CI_Security {
 			// replace illegal attribute strings that are inside an html tag
 			if (count($attribs) > 0)
 			{
-				$str = preg_replace('/<(\/?[^><]+?)([^A-Za-z\-])('.implode('|', $attribs).')([\s><])([><]*)/i', '<$1$2$4$5', $str, -1, $count);
+				$str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count);
 			}
 
 		} while ($count);
@@ -664,7 +667,7 @@ class CI_Security {
 	protected function _js_link_removal($match)
 	{
 		return str_replace($match[1],
-					preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+					preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
 							'',
 							$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
 					),
@@ -804,7 +807,7 @@ class CI_Security {
 
 		foreach ($this->_never_allowed_regex as $regex)
 		{
-			$str = preg_replace('#'.$regex.'#i', '[removed]', $str);
+			$str = preg_replace('#'.$regex.'#is', '[removed]', $str);
 		}
 
 		return $str;
@@ -841,4 +844,4 @@ class CI_Security {
 }
 
 /* End of file Security.php */
-/* Location: ./system/core/Security.php */
-\ No newline at end of file
+/* Location: ./system/core/Security.php */
diff --git a/system/database/drivers/interbase/interbase_utility.php b/system/database/drivers/interbase/interbase_utility.php
index 1b92af9b6..164211836 100644
--- a/system/database/drivers/interbase/interbase_utility.php
+++ b/system/database/drivers/interbase/interbase_utility.php
@@ -42,7 +42,7 @@ class CI_DB_interbase_utility extends CI_DB_utility {
 	 * @param	string	$filename
 	 * @return	mixed
 	 */
-	protected function backup($filename)
+	protected function _backup($filename)
 	{
 		if ($service = ibase_service_attach($this->db->hostname, $this->db->username, $this->db->password))
 		{
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index a52cad5ff..c396580be 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -448,7 +448,7 @@ class CI_Form_validation {
 			{
 				$this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']);
 			}
-			elseif ( ! empty($validation_array[$field]))
+			elseif (isset($validation_array[$field]) && $validation_array[$field] !== '')
 			{
 				$this->_field_data[$field]['postdata'] = $validation_array[$field];
 			}
@@ -1005,7 +1005,7 @@ class CI_Form_validation {
 
 		return (MB_ENABLED === TRUE)
 			? ($val <= mb_strlen($str))
-			: ($val <= strlen(str));
+			: ($val <= strlen($str));
 	}
 
 	// --------------------------------------------------------------------
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 3fa446d84..3195f0a91 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -36,146 +36,146 @@
  */
 class CI_Session {
 
-	/** 
+	/**
 	 * Whether to encrypt the session cookie
 	 *
 	 * @var bool
 	 */
 	public $sess_encrypt_cookie		= FALSE;
-	
+
 	/**
 	 * Whether to use to the database for session storage
 	 *
 	 * @var bool
 	 */
 	public $sess_use_database		= FALSE;
-	
+
 	/**
 	 * Name of the database table in which to store sessions
 	 *
 	 * @var string
 	 */
 	public $sess_table_name			= '';
-	
+
 	/**
 	 * Length of time (in seconds) for sessions to expire
 	 *
 	 * @var int
 	 */
 	public $sess_expiration			= 7200;
-	
+
 	/**
 	 * Whether to kill session on close of browser window
 	 *
 	 * @var bool
 	 */
 	public $sess_expire_on_close		= FALSE;
-	
+
 	/**
 	 * Whether to match session on ip address
 	 *
 	 * @var bool
 	 */
 	public $sess_match_ip			= FALSE;
-	
+
 	/**
 	 * Whether to match session on user-agent
 	 *
 	 * @var bool
 	 */
 	public $sess_match_useragent		= TRUE;
-	
+
 	/**
 	 * Name of session cookie
 	 *
 	 * @var string
 	 */
 	public $sess_cookie_name		= 'ci_session';
-	
+
 	/**
 	 * Session cookie prefix
 	 *
 	 * @var string
 	 */
 	public $cookie_prefix			= '';
-	
+
 	/**
 	 * Session cookie path
 	 *
 	 * @var string
 	 */
 	public $cookie_path			= '';
-	
+
 	/**
 	 * Session cookie domain
 	 *
 	 * @var string
 	 */
 	public $cookie_domain			= '';
-	
+
 	/**
 	 * Whether to set the cookie only on HTTPS connections
 	 *
 	 * @var bool
 	 */
 	public $cookie_secure			= FALSE;
-	
+
 	/**
 	 * Whether cookie should be allowed only to be sent by the server
 	 *
 	 * @var bool
 	 */
 	public $cookie_httponly 		= FALSE;
-	
+
 	/**
 	 * Interval at which to update session
 	 *
 	 * @var int
 	 */
 	public $sess_time_to_update		= 300;
-	
+
 	/**
 	 * Key with which to encrypt the session cookie
 	 *
 	 * @var string
 	 */
 	public $encryption_key			= '';
-	
+
 	/**
 	 * String to indicate flash data cookies
 	 *
 	 * @var string
 	 */
 	public $flashdata_key			= 'flash';
-	
+
 	/**
 	 * Function to use to get the current time
 	 *
 	 * @var string
 	 */
 	public $time_reference			= 'time';
-	
+
 	/**
 	 * Probablity level of garbage collection of old sessions
 	 *
 	 * @var int
 	 */
 	public $gc_probability			= 5;
-	
+
 	/**
 	 * Session data
 	 *
 	 * @var array
 	 */
 	public $userdata			= array();
-	
+
 	/**
 	 * Reference to CodeIgniter instance
 	 *
 	 * @var object
 	 */
 	public $CI;
-	
+
 	/**
 	 * Current time
 	 *
@@ -570,6 +570,9 @@ class CI_Session {
 				$this->cookie_domain,
 				0
 			);
+
+		// Kill session data
+		$this->userdata = array();
 	}
 
 	// --------------------------------------------------------------------
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 8ad67050d..24d4bd4d0 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -725,7 +725,7 @@ class CI_Upload {
 	public function get_extension($filename)
 	{
 		$x = explode('.', $filename);
-		return '.'.end($x);
+		return (count($x) !== 1) ? '.'.end($x) : '';
 	}
 
 	// --------------------------------------------------------------------
@@ -850,6 +850,10 @@ class CI_Upload {
 			{
 				return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
 			}
+			else
+			{
+				return FALSE;
+			}
 		}
 
 		if (($data = @file_get_contents($file)) === FALSE)
@@ -1099,4 +1103,4 @@ class CI_Upload {
 }
 
 /* End of file Upload.php */
-/* Location: ./system/libraries/Upload.php */
-\ No newline at end of file
+/* Location: ./system/libraries/Upload.php */
diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php
index 0ac605fa4..ff596f04b 100644
--- a/system/libraries/User_agent.php
+++ b/system/libraries/User_agent.php
@@ -51,14 +51,14 @@ class CI_User_agent {
 	 * @var bool
 	 */
 	public $is_browser = FALSE;
-	
+
 	/**
 	 * Flag for if the user-agent is a robot
 	 *
 	 * @var bool
 	 */
 	public $is_robot = FALSE;
-	
+
 	/**
 	 * Flag for if the user-agent is a mobile browser
 	 *
@@ -72,7 +72,7 @@ class CI_User_agent {
 	 * @var array
 	 */
 	public $languages = array();
-	
+
 	/**
 	 * Character sets accepted by the current user agent
 	 *
@@ -86,21 +86,21 @@ class CI_User_agent {
 	 * @var array
 	 */
 	public $platforms = array();
-	
+
 	/**
 	 * List of browsers to compare against current user agent
 	 *
 	 * @var array
 	 */
 	public $browsers = array();
-	
+
 	/**
 	 * List of mobile browsers to compare against current user agent
 	 *
 	 * @var array
 	 */
 	public $mobiles = array();
-	
+
 	/**
 	 * List of robots to compare against current user agent
 	 *
@@ -114,28 +114,28 @@ class CI_User_agent {
 	 * @var string
 	 */
 	public $platform = '';
-	
+
 	/**
 	 * Current user-agent browser
 	 *
 	 * @var string
 	 */
 	public $browser = '';
-	
+
 	/**
 	 * Current user-agent version
 	 *
 	 * @var string
 	 */
 	public $version = '';
-	
+
 	/**
 	 * Current user-agent mobile name
 	 *
 	 * @var string
 	 */
 	public $mobile = '';
-	
+
 	/**
 	 * Current user-agent robot name
 	 *
@@ -330,7 +330,7 @@ class CI_User_agent {
 		{
 			foreach ($this->mobiles as $key => $val)
 			{
-				if (FALSE !== (strpos(strtolower($this->agent), $key)))
+				if (FALSE !== (stripos($this->agent, $key)))
 				{
 					$this->is_mobile = TRUE;
 					$this->mobile = $val;
@@ -604,7 +604,7 @@ class CI_User_agent {
 	/**
 	 * Test for a particular character set
 	 *
-	 * @param	string $charset
+	 * @param	string	$charset
 	 * @return	bool
 	 */
 	public function accept_charset($charset = 'utf-8')
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index 7009deacc..0d2533855 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -436,7 +436,7 @@ class XML_RPC_Client extends CI_Xmlrpc
 	 */
 	public function sendPayload($msg)
 	{
-		$fp = @fsockopen($this->server, $this->port,$this->errno, $this->errstr, $this->timeout);
+		$fp = @fsockopen($this->server, $this->port,$this->errno, $this->errstring, $this->timeout);
 
 		if ( ! is_resource($fp))
 		{
@@ -458,7 +458,7 @@ class XML_RPC_Client extends CI_Xmlrpc
 			.'Content-Length: '.strlen($msg->payload).$r.$r
 			.$msg->payload;
 
-		if ( ! fputs($fp, $op, strlen($op)))
+		if ( ! fwrite($fp, $op, strlen($op)))
 		{
 			error_log($this->xmlrpcstr['http_error']);
 			return new XML_RPC_Response(0, $this->xmlrpcerr['http_error'], $this->xmlrpcstr['http_error']);
@@ -1076,7 +1076,7 @@ class XML_RPC_Message extends CI_Xmlrpc
 					// we have an I4/INT
 					// we must check that only 0123456789-<space> are characters here
 					$this->xh[$the_parser]['value'] = preg_match('/^[+-]?[0-9\t ]+$/', $this->xh[$the_parser]['ac'])
-										? (int) $this->xh[$the_parset]['ac']
+										? (int) $this->xh[$the_parser]['ac']
 										: 'ERROR_NON_NUMERIC_FOUND';
 				}
 				$this->xh[$the_parser]['ac'] = '';
author	Timothy Warren <tim@timshomepage.net>	2012-05-14 21:29:30 +0200
committer	Timothy Warren <tim@timshomepage.net>	2012-05-14 21:29:30 +0200
commit	43c216b998ccf8c8208b237e9e0d9c468c8a82e5 (patch)
tree	ff019239050f430990c664ff3dbf61545291445d /system
parent	9e0be2ba2179a93200d16a72c74e2ac61f9a71d4 (diff)
parent	fff6c2a3caa1ce14e58fcb3ee0d937d17985eea1 (diff)