diff options
-rwxr-xr-x | system/core/CodeIgniter.php | 2 | ||||
-rwxr-xr-x | system/core/Security.php | 151 | ||||
-rw-r--r--[-rwxr-xr-x] | system/database/DB_driver.php | 14 | ||||
-rw-r--r-- | system/database/drivers/pdo/pdo_driver.php | 2 | ||||
-rw-r--r-- | system/database/drivers/pdo/pdo_forge.php | 2 | ||||
-rw-r--r-- | system/database/drivers/pdo/pdo_result.php | 2 | ||||
-rw-r--r-- | system/database/drivers/pdo/pdo_utility.php | 2 | ||||
-rwxr-xr-x | system/libraries/Cache/Cache.php | 2 | ||||
-rwxr-xr-x | system/libraries/Cache/drivers/Cache_apc.php | 2 | ||||
-rwxr-xr-x | system/libraries/Cache/drivers/Cache_dummy.php | 2 | ||||
-rwxr-xr-x | system/libraries/Cache/drivers/Cache_file.php | 2 | ||||
-rwxr-xr-x | system/libraries/Cache/drivers/Cache_memcached.php | 2 | ||||
-rwxr-xr-x | system/libraries/Cart.php | 2 | ||||
-rwxr-xr-x | system/libraries/Driver.php | 2 | ||||
-rw-r--r-- | system/libraries/Migration.php | 2 |
15 files changed, 101 insertions, 90 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index db1aee574..cd3333331 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,7 +33,7 @@ * @var string * */ - define('CI_VERSION', '2.1.0'); + define('CI_VERSION', '2.1.2'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) diff --git a/system/core/Security.php b/system/core/Security.php index 6f5ac1ed8..7af240ded 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -69,16 +69,16 @@ class CI_Security { * @access protected */ protected $_never_allowed_str = array( - 'document.cookie' => '[removed]', - 'document.write' => '[removed]', - '.parentNode' => '[removed]', - '.innerHTML' => '[removed]', - 'window.location' => '[removed]', - '-moz-binding' => '[removed]', - '<!--' => '<!--', - '-->' => '-->', - '<![CDATA[' => '<![CDATA[', - '<comment>' => '<comment>' + 'document.cookie' => '[removed]', + 'document.write' => '[removed]', + '.parentNode' => '[removed]', + '.innerHTML' => '[removed]', + 'window.location' => '[removed]', + '-moz-binding' => '[removed]', + '<!--' => '<!--', + '-->' => '-->', + '<![CDATA[' => '<![CDATA[', + '<comment>' => '<comment>' ); /* never allowed, regex replacement */ @@ -89,10 +89,11 @@ class CI_Security { * @access protected */ protected $_never_allowed_regex = array( - "javascript\s*:" => '[removed]', - "expression\s*(\(|&\#40;)" => '[removed]', // CSS and IE - "vbscript\s*:" => '[removed]', // IE, surprise! - "Redirect\s+302" => '[removed]' + 'javascript\s*:', + 'expression\s*(\(|&\#40;)', // CSS and IE + 'vbscript\s*:', // IE, surprise! + 'Redirect\s+302', + "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?" ); /** @@ -364,9 +365,9 @@ class CI_Security { * These words are compacted back to their correct state. */ $words = array( - 'javascript', 'expression', 'vbscript', 'script', - 'applet', 'alert', 'document', 'write', 'cookie', 'window' - ); + 'javascript', 'expression', 'vbscript', 'script', 'base64', + 'applet', 'alert', 'document', 'write', 'cookie', 'window' + ); foreach ($words as $word) { @@ -524,38 +525,38 @@ class CI_Security { public function sanitize_filename($str, $relative_path = FALSE) { $bad = array( - "../", - "<!--", - "-->", - "<", - ">", - "'", - '"', - '&', - '$', - '#', - '{', - '}', - '[', - ']', - '=', - ';', - '?', - "%20", - "%22", - "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; - "%3d" // = - ); + "../", + "<!--", + "-->", + "<", + ">", + "'", + '"', + '&', + '$', + '#', + '{', + '}', + '[', + ']', + '=', + ';', + '?', + "%20", + "%22", + "%3c", // < + "%253c", // < + "%3e", // > + "%0e", // > + "%28", // ( + "%29", // ) + "%2528", // ( + "%26", // & + "%24", // $ + "%3f", // ? + "%3b", // ; + "%3d" // = + ); if ( ! $relative_path) { @@ -613,19 +614,20 @@ class CI_Security { */ unset($evil_attributes[array_search('xmlns', $evil_attributes)]); } - + do { $count = 0; $attribs = array(); - + // find occurrences of illegal attribute strings without quotes - preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*([^\s]*)/is", $str, $matches, PREG_SET_ORDER); - + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); + foreach ($matches as $attr) { + $attribs[] = preg_quote($attr[0], '/'); } - + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER); @@ -637,11 +639,11 @@ class CI_Security { // replace illegal attribute strings that are inside an html tag if (count($attribs) > 0) { - $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count); + $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count); } - + } while ($count); - + return $str; } @@ -682,9 +684,15 @@ class CI_Security { */ protected function _js_link_removal($match) { - $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])); - - return str_replace($match[1], preg_replace("#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si", "", $attributes), $match[0]); + return str_replace( + $match[1], + preg_replace( + '#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', + '', + $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) + ), + $match[0] + ); } // -------------------------------------------------------------------- @@ -702,9 +710,15 @@ class CI_Security { */ protected function _js_img_removal($match) { - $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])); - - return str_replace($match[1], preg_replace("#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si", "", $attributes), $match[0]); + return str_replace( + $match[1], + preg_replace( + '#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', + '', + $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) + ), + $match[0] + ); } // -------------------------------------------------------------------- @@ -819,14 +833,11 @@ class CI_Security { */ protected function _do_never_allowed($str) { - foreach ($this->_never_allowed_str as $key => $val) - { - $str = str_replace($key, $val, $str); - } + $str = str_replace(array_keys($this->_never_allowed_str), $this->_never_allowed_str, $str); - foreach ($this->_never_allowed_regex as $key => $val) + foreach ($this->_never_allowed_regex as $regex) { - $str = preg_replace("#".$key."#i", $val, $str); + $str = preg_replace('#'.$regex.'#is', '[removed]', $str); } return $str; diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 6161f149b..775fd3354 100755..100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1267,12 +1267,15 @@ class CI_DB_driver { // If the item has an alias declaration we remove it and set it aside. // Basically we remove everything to the right of the first space - $alias = ''; if (strpos($item, ' ') !== FALSE) { - $alias = strstr($item, " "); + $alias = strstr($item, ' '); $item = substr($item, 0, - strlen($alias)); } + else + { + $alias = ''; + } // This is basically a bug fix for queries that use MAX, MIN, etc. // If a parenthesis is found we know that we do not need to @@ -1387,7 +1390,7 @@ class CI_DB_driver { return $item.$alias; } - + // -------------------------------------------------------------------- /** @@ -1395,16 +1398,13 @@ class CI_DB_driver { * * This function is used extensively by every db driver. * - * @access private * @return void */ protected function _reset_select() { - } } - /* End of file DB_driver.php */ -/* Location: ./system/database/DB_driver.php */ +/* Location: ./system/database/DB_driver.php */
\ No newline at end of file diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 952016848..1ecc90a82 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.2 * @filesource */ diff --git a/system/database/drivers/pdo/pdo_forge.php b/system/database/drivers/pdo/pdo_forge.php index 1462e8c21..9a7822080 100644 --- a/system/database/drivers/pdo/pdo_forge.php +++ b/system/database/drivers/pdo/pdo_forge.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.2 * @filesource */ diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php index c05fbc908..a366a5f12 100644 --- a/system/database/drivers/pdo/pdo_result.php +++ b/system/database/drivers/pdo/pdo_result.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.2 * @filesource */ diff --git a/system/database/drivers/pdo/pdo_utility.php b/system/database/drivers/pdo/pdo_utility.php index 29aefca80..88ce033aa 100644 --- a/system/database/drivers/pdo/pdo_utility.php +++ b/system/database/drivers/pdo/pdo_utility.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.2 * @filesource */ diff --git a/system/libraries/Cache/Cache.php b/system/libraries/Cache/Cache.php index 61e7aa761..261fc367b 100755 --- a/system/libraries/Cache/Cache.php +++ b/system/libraries/Cache/Cache.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php index 79d91b320..f750e6cb7 100755 --- a/system/libraries/Cache/drivers/Cache_apc.php +++ b/system/libraries/Cache/drivers/Cache_apc.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cache/drivers/Cache_dummy.php b/system/libraries/Cache/drivers/Cache_dummy.php index f96a68e27..b11b5b8fc 100755 --- a/system/libraries/Cache/drivers/Cache_dummy.php +++ b/system/libraries/Cache/drivers/Cache_dummy.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php index 13e2d1af6..c50043660 100755 --- a/system/libraries/Cache/drivers/Cache_file.php +++ b/system/libraries/Cache/drivers/Cache_file.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php index fc586e025..747842091 100755 --- a/system/libraries/Cache/drivers/Cache_memcached.php +++ b/system/libraries/Cache/drivers/Cache_memcached.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index ab5a70c98..da47b5a19 100755 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Driver.php b/system/libraries/Driver.php index a199d45f0..4912c4aa7 100755 --- a/system/libraries/Driver.php +++ b/system/libraries/Driver.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php index 3943ec130..5a41377ea 100644 --- a/system/libraries/Migration.php +++ b/system/libraries/Migration.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 |