summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xsystem/core/CodeIgniter.php2
-rwxr-xr-xsystem/core/Security.php151
-rw-r--r--[-rwxr-xr-x]system/database/DB_driver.php14
-rw-r--r--system/database/drivers/pdo/pdo_driver.php2
-rw-r--r--system/database/drivers/pdo/pdo_forge.php2
-rw-r--r--system/database/drivers/pdo/pdo_result.php2
-rw-r--r--system/database/drivers/pdo/pdo_utility.php2
-rwxr-xr-xsystem/libraries/Cache/Cache.php2
-rwxr-xr-xsystem/libraries/Cache/drivers/Cache_apc.php2
-rwxr-xr-xsystem/libraries/Cache/drivers/Cache_dummy.php2
-rwxr-xr-xsystem/libraries/Cache/drivers/Cache_file.php2
-rwxr-xr-xsystem/libraries/Cache/drivers/Cache_memcached.php2
-rwxr-xr-xsystem/libraries/Cart.php2
-rwxr-xr-xsystem/libraries/Driver.php2
-rw-r--r--system/libraries/Migration.php2
15 files changed, 101 insertions, 90 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index db1aee574..cd3333331 100755
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -33,7 +33,7 @@
* @var string
*
*/
- define('CI_VERSION', '2.1.0');
+ define('CI_VERSION', '2.1.2');
/**
* CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
diff --git a/system/core/Security.php b/system/core/Security.php
index 6f5ac1ed8..7af240ded 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -69,16 +69,16 @@ class CI_Security {
* @access protected
*/
protected $_never_allowed_str = array(
- 'document.cookie' => '[removed]',
- 'document.write' => '[removed]',
- '.parentNode' => '[removed]',
- '.innerHTML' => '[removed]',
- 'window.location' => '[removed]',
- '-moz-binding' => '[removed]',
- '<!--' => '&lt;!--',
- '-->' => '--&gt;',
- '<![CDATA[' => '&lt;![CDATA[',
- '<comment>' => '&lt;comment&gt;'
+ 'document.cookie' => '[removed]',
+ 'document.write' => '[removed]',
+ '.parentNode' => '[removed]',
+ '.innerHTML' => '[removed]',
+ 'window.location' => '[removed]',
+ '-moz-binding' => '[removed]',
+ '<!--' => '&lt;!--',
+ '-->' => '--&gt;',
+ '<![CDATA[' => '&lt;![CDATA[',
+ '<comment>' => '&lt;comment&gt;'
);
/* never allowed, regex replacement */
@@ -89,10 +89,11 @@ class CI_Security {
* @access protected
*/
protected $_never_allowed_regex = array(
- "javascript\s*:" => '[removed]',
- "expression\s*(\(|&\#40;)" => '[removed]', // CSS and IE
- "vbscript\s*:" => '[removed]', // IE, surprise!
- "Redirect\s+302" => '[removed]'
+ 'javascript\s*:',
+ 'expression\s*(\(|&\#40;)', // CSS and IE
+ 'vbscript\s*:', // IE, surprise!
+ 'Redirect\s+302',
+ "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
);
/**
@@ -364,9 +365,9 @@ class CI_Security {
* These words are compacted back to their correct state.
*/
$words = array(
- 'javascript', 'expression', 'vbscript', 'script',
- 'applet', 'alert', 'document', 'write', 'cookie', 'window'
- );
+ 'javascript', 'expression', 'vbscript', 'script', 'base64',
+ 'applet', 'alert', 'document', 'write', 'cookie', 'window'
+ );
foreach ($words as $word)
{
@@ -524,38 +525,38 @@ class CI_Security {
public function sanitize_filename($str, $relative_path = FALSE)
{
$bad = array(
- "../",
- "<!--",
- "-->",
- "<",
- ">",
- "'",
- '"',
- '&',
- '$',
- '#',
- '{',
- '}',
- '[',
- ']',
- '=',
- ';',
- '?',
- "%20",
- "%22",
- "%3c", // <
- "%253c", // <
- "%3e", // >
- "%0e", // >
- "%28", // (
- "%29", // )
- "%2528", // (
- "%26", // &
- "%24", // $
- "%3f", // ?
- "%3b", // ;
- "%3d" // =
- );
+ "../",
+ "<!--",
+ "-->",
+ "<",
+ ">",
+ "'",
+ '"',
+ '&',
+ '$',
+ '#',
+ '{',
+ '}',
+ '[',
+ ']',
+ '=',
+ ';',
+ '?',
+ "%20",
+ "%22",
+ "%3c", // <
+ "%253c", // <
+ "%3e", // >
+ "%0e", // >
+ "%28", // (
+ "%29", // )
+ "%2528", // (
+ "%26", // &
+ "%24", // $
+ "%3f", // ?
+ "%3b", // ;
+ "%3d" // =
+ );
if ( ! $relative_path)
{
@@ -613,19 +614,20 @@ class CI_Security {
*/
unset($evil_attributes[array_search('xmlns', $evil_attributes)]);
}
-
+
do {
$count = 0;
$attribs = array();
-
+
// find occurrences of illegal attribute strings without quotes
- preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*([^\s]*)/is", $str, $matches, PREG_SET_ORDER);
-
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
+
foreach ($matches as $attr)
{
+
$attribs[] = preg_quote($attr[0], '/');
}
-
+
// find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER);
@@ -637,11 +639,11 @@ class CI_Security {
// replace illegal attribute strings that are inside an html tag
if (count($attribs) > 0)
{
- $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count);
+ $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count);
}
-
+
} while ($count);
-
+
return $str;
}
@@ -682,9 +684,15 @@ class CI_Security {
*/
protected function _js_link_removal($match)
{
- $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]));
-
- return str_replace($match[1], preg_replace("#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si", "", $attributes), $match[0]);
+ return str_replace(
+ $match[1],
+ preg_replace(
+ '#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
+ '',
+ $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
+ ),
+ $match[0]
+ );
}
// --------------------------------------------------------------------
@@ -702,9 +710,15 @@ class CI_Security {
*/
protected function _js_img_removal($match)
{
- $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]));
-
- return str_replace($match[1], preg_replace("#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si", "", $attributes), $match[0]);
+ return str_replace(
+ $match[1],
+ preg_replace(
+ '#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+ '',
+ $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
+ ),
+ $match[0]
+ );
}
// --------------------------------------------------------------------
@@ -819,14 +833,11 @@ class CI_Security {
*/
protected function _do_never_allowed($str)
{
- foreach ($this->_never_allowed_str as $key => $val)
- {
- $str = str_replace($key, $val, $str);
- }
+ $str = str_replace(array_keys($this->_never_allowed_str), $this->_never_allowed_str, $str);
- foreach ($this->_never_allowed_regex as $key => $val)
+ foreach ($this->_never_allowed_regex as $regex)
{
- $str = preg_replace("#".$key."#i", $val, $str);
+ $str = preg_replace('#'.$regex.'#is', '[removed]', $str);
}
return $str;
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 6161f149b..775fd3354 100755..100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1267,12 +1267,15 @@ class CI_DB_driver {
// If the item has an alias declaration we remove it and set it aside.
// Basically we remove everything to the right of the first space
- $alias = '';
if (strpos($item, ' ') !== FALSE)
{
- $alias = strstr($item, " ");
+ $alias = strstr($item, ' ');
$item = substr($item, 0, - strlen($alias));
}
+ else
+ {
+ $alias = '';
+ }
// This is basically a bug fix for queries that use MAX, MIN, etc.
// If a parenthesis is found we know that we do not need to
@@ -1387,7 +1390,7 @@ class CI_DB_driver {
return $item.$alias;
}
-
+
// --------------------------------------------------------------------
/**
@@ -1395,16 +1398,13 @@ class CI_DB_driver {
*
* This function is used extensively by every db driver.
*
- * @access private
* @return void
*/
protected function _reset_select()
{
-
}
}
-
/* End of file DB_driver.php */
-/* Location: ./system/database/DB_driver.php */
+/* Location: ./system/database/DB_driver.php */ \ No newline at end of file
diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php
index 952016848..1ecc90a82 100644
--- a/system/database/drivers/pdo/pdo_driver.php
+++ b/system/database/drivers/pdo/pdo_driver.php
@@ -9,7 +9,7 @@
* @license http://codeigniter.com/user_guide/license.html
* @author EllisLab Dev Team
* @link http://codeigniter.com
- * @since Version 2.1.0
+ * @since Version 2.1.2
* @filesource
*/
diff --git a/system/database/drivers/pdo/pdo_forge.php b/system/database/drivers/pdo/pdo_forge.php
index 1462e8c21..9a7822080 100644
--- a/system/database/drivers/pdo/pdo_forge.php
+++ b/system/database/drivers/pdo/pdo_forge.php
@@ -9,7 +9,7 @@
* @license http://codeigniter.com/user_guide/license.html
* @author EllisLab Dev Team
* @link http://codeigniter.com
- * @since Version 2.1.0
+ * @since Version 2.1.2
* @filesource
*/
diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php
index c05fbc908..a366a5f12 100644
--- a/system/database/drivers/pdo/pdo_result.php
+++ b/system/database/drivers/pdo/pdo_result.php
@@ -9,7 +9,7 @@
* @license http://codeigniter.com/user_guide/license.html
* @author EllisLab Dev Team
* @link http://codeigniter.com
- * @since Version 2.1.0
+ * @since Version 2.1.2
* @filesource
*/
diff --git a/system/database/drivers/pdo/pdo_utility.php b/system/database/drivers/pdo/pdo_utility.php
index 29aefca80..88ce033aa 100644
--- a/system/database/drivers/pdo/pdo_utility.php
+++ b/system/database/drivers/pdo/pdo_utility.php
@@ -9,7 +9,7 @@
* @license http://codeigniter.com/user_guide/license.html
* @author EllisLab Dev Team
* @link http://codeigniter.com
- * @since Version 2.1.0
+ * @since Version 2.1.2
* @filesource
*/
diff --git a/system/libraries/Cache/Cache.php b/system/libraries/Cache/Cache.php
index 61e7aa761..261fc367b 100755
--- a/system/libraries/Cache/Cache.php
+++ b/system/libraries/Cache/Cache.php
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc.
+ * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 2.0
diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php
index 79d91b320..f750e6cb7 100755
--- a/system/libraries/Cache/drivers/Cache_apc.php
+++ b/system/libraries/Cache/drivers/Cache_apc.php
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc.
+ * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 2.0
diff --git a/system/libraries/Cache/drivers/Cache_dummy.php b/system/libraries/Cache/drivers/Cache_dummy.php
index f96a68e27..b11b5b8fc 100755
--- a/system/libraries/Cache/drivers/Cache_dummy.php
+++ b/system/libraries/Cache/drivers/Cache_dummy.php
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc.
+ * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 2.0
diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php
index 13e2d1af6..c50043660 100755
--- a/system/libraries/Cache/drivers/Cache_file.php
+++ b/system/libraries/Cache/drivers/Cache_file.php
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc.
+ * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 2.0
diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php
index fc586e025..747842091 100755
--- a/system/libraries/Cache/drivers/Cache_memcached.php
+++ b/system/libraries/Cache/drivers/Cache_memcached.php
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc.
+ * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 2.0
diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php
index ab5a70c98..da47b5a19 100755
--- a/system/libraries/Cart.php
+++ b/system/libraries/Cart.php
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc.
+ * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
diff --git a/system/libraries/Driver.php b/system/libraries/Driver.php
index a199d45f0..4912c4aa7 100755
--- a/system/libraries/Driver.php
+++ b/system/libraries/Driver.php
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author EllisLab Dev Team
- * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc.
+ * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php
index 3943ec130..5a41377ea 100644
--- a/system/libraries/Migration.php
+++ b/system/libraries/Migration.php
@@ -6,7 +6,7 @@
*
* @package CodeIgniter
* @author EllisLab Dev Team
- * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc.
+ * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0