diff options
| -rwxr-xr-x | system/core/CodeIgniter.php | 2 | ||||
| -rwxr-xr-x | system/core/Common.php | 2 | ||||
| -rwxr-xr-x | system/core/Config.php | 12 | ||||
| -rwxr-xr-x | system/core/Input.php | 71 | ||||
| -rwxr-xr-x | system/core/Security.php | 51 | ||||
| -rwxr-xr-x | system/database/drivers/oci8/oci8_result.php | 10 | ||||
| -rw-r--r-- | system/database/drivers/pdo/pdo_result.php | 23 | ||||
| -rwxr-xr-x | system/libraries/Cache/drivers/Cache_file.php | 11 | ||||
| -rw-r--r-- | system/libraries/Migration.php | 32 | ||||
| -rwxr-xr-x | system/libraries/Profiler.php | 2 | ||||
| -rwxr-xr-x | system/libraries/Session.php | 7 |
11 files changed, 106 insertions, 117 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index cd3333331..c16c79c09 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,7 +33,7 @@ * @var string * */ - define('CI_VERSION', '2.1.2'); + define('CI_VERSION', '2.1.3'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) diff --git a/system/core/Common.php b/system/core/Common.php index d79375475..07534c51f 100755 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -187,7 +187,7 @@ if ( ! function_exists('load_class')) */ if ( ! function_exists('is_loaded')) { - function is_loaded($class = '') + function &is_loaded($class = '') { static $_is_loaded = array(); diff --git a/system/core/Config.php b/system/core/Config.php index 714c4667b..5dffbf3f2 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -99,12 +99,12 @@ class CI_Config { $found = FALSE; $loaded = FALSE; + $check_locations = defined('ENVIRONMENT') + ? array(ENVIRONMENT.'/'.$file, $file) + : array($file); + foreach ($this->_config_paths as $path) { - $check_locations = defined('ENVIRONMENT') - ? array(ENVIRONMENT.'/'.$file, $file) - : array($file); - foreach ($check_locations as $location) { $file_path = $path.'config/'.$location.'.php'; @@ -168,7 +168,7 @@ class CI_Config { { return FALSE; } - show_error('The configuration file '.$file.'.php'.' does not exist.'); + show_error('The configuration file '.$file.'.php does not exist.'); } return TRUE; @@ -279,7 +279,7 @@ class CI_Config { */ function base_url($uri = '') { - return $this->slash_item('base_url').ltrim($this->_uri_string($uri),'/'); + return $this->slash_item('base_url').ltrim($this->_uri_string($uri), '/'); } // ------------------------------------------------------------- diff --git a/system/core/Input.php b/system/core/Input.php index 3559d8607..0c1f2b08e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -73,13 +73,13 @@ class CI_Input { */ protected $headers = array(); - /** * Constructor * * Sets whether to globally enable the XSS processing * and whether to allow the $_GET array * + * @return void */ public function __construct() { @@ -306,50 +306,49 @@ class CI_Input { /** * Fetch the IP Address * - * @access public * @return string */ - function ip_address() + public function ip_address() { if ($this->ip_address !== FALSE) { return $this->ip_address; } - if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + $proxy_ips = config_item('proxy_ips'); + if ( ! empty($proxy_ips)) { - $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); - $proxies = is_array($proxies) ? $proxies : array($proxies); + $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips)); + foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header) + { + if (($spoof = $this->server($header)) !== FALSE) + { + // Some proxies typically list the whole chain of IP + // addresses through which the client has reached us. + // e.g. client_ip, proxy_ip1, proxy_ip2, etc. + if (strpos($spoof, ',') !== FALSE) + { + $spoof = explode(',', $spoof, 2); + $spoof = $spoof[0]; + } - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; - } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) - { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; - } - elseif ($this->server('REMOTE_ADDR')) - { - $this->ip_address = $_SERVER['REMOTE_ADDR']; - } - elseif ($this->server('HTTP_CLIENT_IP')) - { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; - } - elseif ($this->server('HTTP_X_FORWARDED_FOR')) - { - $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; - } + if ( ! $this->valid_ip($spoof)) + { + $spoof = FALSE; + } + else + { + break; + } + } + } - if ($this->ip_address === FALSE) - { - $this->ip_address = '0.0.0.0'; - return $this->ip_address; + $this->ip_address = ($spoof !== FALSE && in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE)) + ? $spoof : $_SERVER['REMOTE_ADDR']; } - - if (strpos($this->ip_address, ',') !== FALSE) + else { - $x = explode(',', $this->ip_address); - $this->ip_address = trim(end($x)); + $this->ip_address = $_SERVER['REMOTE_ADDR']; } if ( ! $this->valid_ip($this->ip_address)) @@ -642,8 +641,8 @@ class CI_Input { $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); - // CSRF Protection check - if ($this->_enable_csrf == TRUE) + // CSRF Protection check on HTTP requests + if ($this->_enable_csrf == TRUE && ! $this->is_cli_request()) { $this->security->csrf_verify(); } @@ -837,11 +836,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @return boolean + * @return bool */ public function is_cli_request() { - return (php_sapi_name() == 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli' OR defined('STDIN')); } } diff --git a/system/core/Security.php b/system/core/Security.php index 7af240ded..00089d765 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -98,26 +98,32 @@ class CI_Security { /** * Constructor + * + * @return void */ public function __construct() { - // CSRF config - foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) + // Is CSRF protection enabled? + if (config_item('csrf_protection') === TRUE) { - if (FALSE !== ($val = config_item($key))) + // CSRF config + foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) { - $this->{'_'.$key} = $val; + if (FALSE !== ($val = config_item($key))) + { + $this->{'_'.$key} = $val; + } } - } - // Append application specific cookie prefix - if (config_item('cookie_prefix')) - { - $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; - } + // Append application specific cookie prefix + if (config_item('cookie_prefix')) + { + $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; + } - // Set the CSRF hash - $this->_csrf_set_hash(); + // Set the CSRF hash + $this->_csrf_set_hash(); + } log_message('debug', "Security Class Initialized"); } @@ -131,15 +137,14 @@ class CI_Security { */ public function csrf_verify() { - // If no POST data exists we will set the CSRF cookie - if (count($_POST) == 0) + // If it's not a POST request we will set the CSRF cookie + if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') { return $this->csrf_set_cookie(); } // Do the tokens exist in both the _POST and _COOKIE arrays? - if ( ! isset($_POST[$this->_csrf_token_name]) OR - ! isset($_COOKIE[$this->_csrf_cookie_name])) + if ( ! isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name])) { $this->csrf_show_error(); } @@ -159,7 +164,7 @@ class CI_Security { $this->_csrf_set_hash(); $this->csrf_set_cookie(); - log_message('debug', "CSRF token verified "); + log_message('debug', 'CSRF token verified'); return $this; } @@ -176,14 +181,9 @@ class CI_Security { $expire = time() + $this->_csrf_expire; $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; - if ($secure_cookie) + if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off')) { - $req = isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] : FALSE; - - if ( ! $req OR $req == 'off') - { - return FALSE; - } + return FALSE; } setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); @@ -871,7 +871,6 @@ class CI_Security { } } -// END Security Class /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */ +/* Location: ./system/libraries/Security.php */
\ No newline at end of file diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php index ae133d7b5..3421278a5 100755 --- a/system/database/drivers/oci8/oci8_result.php +++ b/system/database/drivers/oci8/oci8_result.php @@ -26,9 +26,9 @@ */ class CI_DB_oci8_result extends CI_DB_result { - var $stmt_id; - var $curs_id; - var $limit_used; + public $stmt_id; + public $curs_id; + public $limit_used; /** * Number of rows in the result set. @@ -36,8 +36,6 @@ class CI_DB_oci8_result extends CI_DB_result { * Oracle doesn't have a graceful way to retun the number of rows * so we have to use what amounts to a hack. * - * - * @access public * @return integer */ public function num_rows() @@ -53,7 +51,7 @@ class CI_DB_oci8_result extends CI_DB_result { } } - return $rowcount; + return $this->num_rows; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php index a366a5f12..44fdd6dc5 100644 --- a/system/database/drivers/pdo/pdo_result.php +++ b/system/database/drivers/pdo/pdo_result.php @@ -26,26 +26,27 @@ */ class CI_DB_pdo_result extends CI_DB_result { + public $num_rows; + /** * Number of rows in the result set * - * @access public - * @return integer + * @return int */ - function num_rows() + public function num_rows() { - if (is_numeric(stripos($this->result_id->queryString, 'SELECT'))) + if (is_int($this->num_rows)) { - $dbh = $this->conn_id; - $query = $dbh->query($this->result_id->queryString); - $result = $query->fetchAll(); - unset($dbh, $query); - return count($result); + return $this->num_rows; } - else + elseif (($this->num_rows = $this->result_id->rowCount()) > 0) { - return $this->result_id->rowCount(); + return $this->num_rows; } + + $this->num_rows = count($this->result_id->fetchAll()); + $this->result_id->execute(); + return $this->num_rows; } // -------------------------------------------------------------------- diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php index c50043660..e515eebf1 100755 --- a/system/libraries/Cache/drivers/Cache_file.php +++ b/system/libraries/Cache/drivers/Cache_file.php @@ -151,13 +151,12 @@ class CI_Cache_file extends CI_Driver { { return FALSE; } - - $data = read_file($this->_cache_path.$id); + + $data = read_file($this->_cache_path.$id); $data = unserialize($data); - + if (is_array($data)) { - $data = $data['data']; $mtime = filemtime($this->_cache_path.$id); if ( ! isset($data['ttl'])) @@ -166,11 +165,11 @@ class CI_Cache_file extends CI_Driver { } return array( - 'expire' => $mtime + $data['ttl'], + 'expire' => $mtime + $data['ttl'], 'mtime' => $mtime ); } - + return FALSE; } diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php index 5a41377ea..df2dd7ce3 100644 --- a/system/libraries/Migration.php +++ b/system/libraries/Migration.php @@ -57,7 +57,7 @@ class CI_Migration { } // If not set, set it - $this->_migration_path == '' OR $this->_migration_path = APPPATH . 'migrations/'; + $this->_migration_path == '' AND $this->_migration_path = APPPATH . 'migrations/'; // Add trailing slash if not set $this->_migration_path = rtrim($this->_migration_path, '/').'/'; @@ -89,8 +89,7 @@ class CI_Migration { * Calls each migration step required to get to the schema version of * choice * - * @access public - * @param $version integer Target schema version + * @param int Target schema version * @return mixed TRUE if already latest, FALSE if failed, int if upgraded */ public function version($target_version) @@ -105,14 +104,13 @@ class CI_Migration { ++$stop; $step = 1; } - else { // Moving Down $step = -1; } - - $method = $step === 1 ? 'up' : 'down'; + + $method = ($step === 1) ? 'up' : 'down'; $migrations = array(); // We now prepare to actually DO the migrations @@ -216,7 +214,6 @@ class CI_Migration { /** * Set's the schema to the latest migration * - * @access public * @return mixed true if already latest, false if failed, int if upgraded */ public function latest() @@ -228,7 +225,7 @@ class CI_Migration { } $last_migration = basename(end($migrations)); - + // Calculate the last migration step from existing migration // filenames and procceed to the standard version migration return $this->version((int) substr($last_migration, 0, 3)); @@ -239,7 +236,6 @@ class CI_Migration { /** * Set's the schema to the migration version set in config * - * @access public * @return mixed true if already current, false if failed, int if upgraded */ public function current() @@ -252,7 +248,6 @@ class CI_Migration { /** * Error string * - * @access public * @return string Error message returned as a string */ public function error_string() @@ -265,7 +260,6 @@ class CI_Migration { /** * Set's the schema to the latest migration * - * @access protected * @return mixed true if already latest, false if failed, int if upgraded */ protected function find_migrations() @@ -273,7 +267,7 @@ class CI_Migration { // Load all *_*.php files in the migrations path $files = glob($this->_migration_path . '*_*.php'); $file_count = count($files); - + for ($i = 0; $i < $file_count; $i++) { // Mark wrongly formatted files as false for later filtering @@ -283,9 +277,8 @@ class CI_Migration { $files[$i] = FALSE; } } - - sort($files); + sort($files); return $files; } @@ -294,8 +287,7 @@ class CI_Migration { /** * Retrieves current schema version * - * @access protected - * @return integer Current Migration + * @return int Current Migration */ protected function _get_version() { @@ -308,9 +300,8 @@ class CI_Migration { /** * Stores the current schema version * - * @access protected - * @param $migrations integer Migration reached - * @return void Outputs a report of the migration + * @param int Migration reached + * @return bool */ protected function _update_version($migrations) { @@ -324,8 +315,7 @@ class CI_Migration { /** * Enable the use of CI super-global * - * @access public - * @param $var + * @param mixed $var * @return mixed */ public function __get($var) diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index 082a5ee1d..882a82c1f 100755 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -506,7 +506,7 @@ class CI_Profiler { foreach ($this->CI->session->all_userdata() as $key => $val) { - if (is_array($val)) + if (is_array($val) OR is_object($val)) { $val = print_r($val, TRUE); } diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 8ee08c5b2..891fdd36a 100755 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -97,7 +97,7 @@ class CI_Session { { $this->sess_expiration = (60*60*24*365*2); } - + // Set the cookie name $this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name; @@ -399,7 +399,7 @@ class CI_Session { function sess_destroy() { // Kill the session DB row - if ($this->sess_use_database === TRUE AND isset($this->userdata['session_id'])) + if ($this->sess_use_database === TRUE && isset($this->userdata['session_id'])) { $this->CI->db->where('session_id', $this->userdata['session_id']); $this->CI->db->delete($this->sess_table_name); @@ -414,6 +414,9 @@ class CI_Session { $this->cookie_domain, 0 ); + + // Kill session data + $this->userdata = array(); } // -------------------------------------------------------------------- |