diff options
| author | brian978 <dbrian89@yahoo.com> | 2012-12-08 22:02:16 +0100 |
|---|---|---|
| committer | brian978 <dbrian89@yahoo.com> | 2012-12-08 22:02:16 +0100 |
| commit | 9a214e1b31cd2ff2433f8ed8df8585537d358ac7 (patch) | |
| tree | 14643a7698d55b3e054c7dc607fc18ee4d0dc26c /system | |
| parent | 160c7d16c4e0c92c030c0a41d1223f916a82089d (diff) | |
| parent | 545a7c86701875e1412bcde316e9bcc76d9a23a0 (diff) | |
Merge remote-tracking branch 'upstream/develop' into dev/hex_xss
Diffstat (limited to 'system')
| -rw-r--r-- | system/core/Router.php | 18 | ||||
| -rw-r--r-- | system/core/URI.php | 29 | ||||
| -rw-r--r-- | system/database/DB_result.php | 8 | ||||
| -rw-r--r-- | system/database/drivers/cubrid/cubrid_result.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/mssql/mssql_result.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/mysql/mysql_result.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_result.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/oci8/oci8_result.php | 58 | ||||
| -rw-r--r-- | system/database/drivers/postgre/postgre_result.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/sqlite/sqlite_result.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/sqlite3/sqlite3_result.php | 4 | ||||
| -rw-r--r-- | system/helpers/url_helper.php | 6 |
12 files changed, 51 insertions, 84 deletions
diff --git a/system/core/Router.php b/system/core/Router.php index 01f44bc83..76772a0fb 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -111,21 +111,21 @@ class CI_Router { // since URI segments are more search-engine friendly, but they can optionally be used. // If this feature is enabled, we will gather the directory/class/method a little differently $segments = array(); - if ($this->config->item('enable_query_strings') === TRUE && isset($_GET[$this->config->item('controller_trigger')])) + if ($this->config->item('enable_query_strings') === TRUE + && ! empty($_GET[$this->config->item('controller_trigger')]) + && is_string($_GET[$this->config->item('controller_trigger')]) + ) { - if (isset($_GET[$this->config->item('directory_trigger')])) + if (isset($_GET[$this->config->item('directory_trigger')]) && is_string($_GET[$this->config->item('directory_trigger')])) { $this->set_directory(trim($this->uri->_filter_uri($_GET[$this->config->item('directory_trigger')]))); $segments[] = $this->fetch_directory(); } - if (isset($_GET[$this->config->item('controller_trigger')])) - { - $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); - $segments[] = $this->fetch_class(); - } + $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); + $segments[] = $this->fetch_class(); - if (isset($_GET[$this->config->item('function_trigger')])) + if ( ! empty($_GET[$this->config->item('function_trigger')]) && is_string($_GET[$this->config->item('function_trigger')])) { $this->set_method(trim($this->uri->_filter_uri($_GET[$this->config->item('function_trigger')]))); $segments[] = $this->fetch_method(); @@ -142,7 +142,7 @@ class CI_Router { include(APPPATH.'config/routes.php'); } - $this->routes = (isset($route) && is_array($route)) ? $route : array(); + $this->routes = (empty($route) OR ! is_array($route)) ? array() : $route; unset($route); // Set the default controller so we can display it in the event diff --git a/system/core/URI.php b/system/core/URI.php index 91740254c..900472b61 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -219,7 +219,32 @@ class CI_URI { } // Do some final cleaning of the URI and return it - return str_replace(array('//', '../'), '/', trim($uri, '/')); + return $this->_remove_relative_directory($uri); + } + + // -------------------------------------------------------------------- + + /** + * Remove relative directory (../) and multi slashes (///) + * + * Do some final cleaning of the URI and return it, currently only used in self::_parse_request_uri() + * + * @param string $url + * @return string + */ + protected function _remove_relative_directory($uri) + { + $uris = array(); + $tok = strtok($uri, '/'); + while ($tok !== FALSE) + { + if (( ! empty($tok) OR $tok === '0') && $tok !== '..') + { + $uris[] = $tok; + } + $tok = strtok('/'); + } + return implode('/', $uris); } // -------------------------------------------------------------------- @@ -249,7 +274,7 @@ class CI_URI { parse_str($_SERVER['QUERY_STRING'], $_GET); - return str_replace(array('//', '../'), '/', trim($uri, '/')); + return $this->_remove_relative_directory($uri); } // -------------------------------------------------------------------- diff --git a/system/database/DB_result.php b/system/database/DB_result.php index 9d19075ba..e1ef341a5 100644 --- a/system/database/DB_result.php +++ b/system/database/DB_result.php @@ -203,7 +203,7 @@ class CI_DB_result { return $this->custom_result_object[$class_name]; } - $this->_data_seek(0); + $this->data_seek(0); $this->custom_result_object[$class_name] = array(); while ($row = $this->_fetch_object($class_name)) @@ -246,7 +246,7 @@ class CI_DB_result { return $this->result_object; } - $this->_data_seek(0); + $this->data_seek(0); while ($row = $this->_fetch_object()) { $this->result_object[] = $row; @@ -287,7 +287,7 @@ class CI_DB_result { return $this->result_array; } - $this->_data_seek(0); + $this->data_seek(0); while ($row = $this->_fetch_assoc()) { $this->result_array[] = $row; @@ -617,7 +617,7 @@ class CI_DB_result { * @param int $n * @return bool */ - protected function _data_seek($n = 0) + public function data_seek($n = 0) { return FALSE; } diff --git a/system/database/drivers/cubrid/cubrid_result.php b/system/database/drivers/cubrid/cubrid_result.php index 130eea212..793b35b74 100644 --- a/system/database/drivers/cubrid/cubrid_result.php +++ b/system/database/drivers/cubrid/cubrid_result.php @@ -130,7 +130,7 @@ class CI_DB_cubrid_result extends CI_DB_result { * @param int $n * @return bool */ - protected function _data_seek($n = 0) + public function data_seek($n = 0) { return cubrid_data_seek($this->result_id, $n); } diff --git a/system/database/drivers/mssql/mssql_result.php b/system/database/drivers/mssql/mssql_result.php index a8f850d72..ca222aed4 100644 --- a/system/database/drivers/mssql/mssql_result.php +++ b/system/database/drivers/mssql/mssql_result.php @@ -135,7 +135,7 @@ class CI_DB_mssql_result extends CI_DB_result { * @param int $n * @return bool */ - protected function _data_seek($n = 0) + public function data_seek($n = 0) { return mssql_data_seek($this->result_id, $n); } diff --git a/system/database/drivers/mysql/mysql_result.php b/system/database/drivers/mysql/mysql_result.php index a6dcde4e7..293980e97 100644 --- a/system/database/drivers/mysql/mysql_result.php +++ b/system/database/drivers/mysql/mysql_result.php @@ -149,7 +149,7 @@ class CI_DB_mysql_result extends CI_DB_result { * @param int $n * @return bool */ - protected function _data_seek($n = 0) + public function data_seek($n = 0) { return $this->num_rows ? @mysql_data_seek($this->result_id, $n) diff --git a/system/database/drivers/mysqli/mysqli_result.php b/system/database/drivers/mysqli/mysqli_result.php index d55188e68..ac0f1a8d1 100644 --- a/system/database/drivers/mysqli/mysqli_result.php +++ b/system/database/drivers/mysqli/mysqli_result.php @@ -136,7 +136,7 @@ class CI_DB_mysqli_result extends CI_DB_result { * @param int $n * @return bool */ - protected function _data_seek($n = 0) + public function data_seek($n = 0) { return $this->result_id->data_seek($n); } diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php index 7d5bf5172..84d46f82a 100644 --- a/system/database/drivers/oci8/oci8_result.php +++ b/system/database/drivers/oci8/oci8_result.php @@ -216,64 +216,6 @@ class CI_DB_oci8_result extends CI_DB_result { return $class_name; } - // -------------------------------------------------------------------- - - /** - * Data Seek - * - * Moves the internal pointer to the desired offset. We call - * this internally before fetching results to make sure the - * result set starts at zero. - * - * Oracle's PHP extension doesn't have an easy way of doing this - * and the only workaround is to (re)execute the statement or cursor - * in order to go to the first (zero) index of the result set. - * Then, we would need to "dummy" fetch ($n - 1) rows to get to the - * right one. - * - * This is as ridiculous as it sounds and it's the reason why every - * other method that is fetching data tries to use an already "cached" - * result set. Keeping this just in case it becomes needed at - * some point in the future, but it will only work for resetting the - * pointer to zero. - * - * @param int $n (ignored) - * @return bool - */ - protected function _data_seek($n = 0) - { - /* The PHP manual says that if OCI_NO_AUTO_COMMIT mode - * is used, and oci_rollback() and/or oci_commit() are - * not subsequently called - this will cause an unnecessary - * rollback to be triggered at the end of the script execution. - * - * Therefore we'll try to avoid using that mode flag - * if we're not currently in the middle of a transaction. - */ - if ($this->commit_mode !== OCI_COMMIT_ON_SUCCESS) - { - $result = @oci_execute($this->stmt_id, $this->commit_mode); - } - else - { - $result = @oci_execute($this->stmt_id); - } - - if ($result && $this->curs_id) - { - if ($this->commit_mode !== OCI_COMMIT_ON_SUCCESS) - { - return @oci_execute($this->curs_id, $this->commit_mode); - } - else - { - return @oci_execute($this->curs_id); - } - } - - return $result; - } - } /* End of file oci8_result.php */ diff --git a/system/database/drivers/postgre/postgre_result.php b/system/database/drivers/postgre/postgre_result.php index 3a4e57c42..fdaeaef70 100644 --- a/system/database/drivers/postgre/postgre_result.php +++ b/system/database/drivers/postgre/postgre_result.php @@ -133,7 +133,7 @@ class CI_DB_postgre_result extends CI_DB_result { * @param int $n * @return bool */ - protected function _data_seek($n = 0) + public function data_seek($n = 0) { return pg_result_seek($this->result_id, $n); } diff --git a/system/database/drivers/sqlite/sqlite_result.php b/system/database/drivers/sqlite/sqlite_result.php index 24f02a8b4..889757dea 100644 --- a/system/database/drivers/sqlite/sqlite_result.php +++ b/system/database/drivers/sqlite/sqlite_result.php @@ -117,7 +117,7 @@ class CI_DB_sqlite_result extends CI_DB_result { * @param int $n * @return bool */ - protected function _data_seek($n = 0) + public function data_seek($n = 0) { return sqlite_seek($this->result_id, $n); } diff --git a/system/database/drivers/sqlite3/sqlite3_result.php b/system/database/drivers/sqlite3/sqlite3_result.php index 44fef8909..69c42002c 100644 --- a/system/database/drivers/sqlite3/sqlite3_result.php +++ b/system/database/drivers/sqlite3/sqlite3_result.php @@ -175,10 +175,10 @@ class CI_DB_sqlite3_result extends CI_DB_result { * @param int $n (ignored) * @return array */ - protected function _data_seek($n = 0) + public function data_seek($n = 0) { // Only resetting to the start of the result set is supported - return $this->result_id->reset(); + return ($n > 0) ? FALSE : $this->result_id->reset(); } } diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 14c216afe..36ff0ff2c 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -152,7 +152,7 @@ if ( ! function_exists('anchor')) if ( ! is_array($uri)) { - $site_url = preg_match('!^\w+://! i', $uri) ? $uri : site_url($uri); + $site_url = preg_match('#^(\w+:)?//#i', $uri) ? $uri : site_url($uri); } else { @@ -191,7 +191,7 @@ if ( ! function_exists('anchor_popup')) function anchor_popup($uri = '', $title = '', $attributes = FALSE) { $title = (string) $title; - $site_url = preg_match('!^\w+://! i', $uri) ? $uri : site_url($uri); + $site_url = preg_match('#^(\w+:)?//#i', $uri) ? $uri : site_url($uri); if ($title === '') { @@ -535,7 +535,7 @@ if ( ! function_exists('redirect')) */ function redirect($uri = '', $method = 'auto', $code = NULL) { - if ( ! preg_match('#^https?://#i', $uri)) + if ( ! preg_match('#^(\w+:)?//#i', $uri)) { $uri = site_url($uri); } |