diff options
| -rw-r--r-- | application/config/doctypes.php | 1 | ||||
| -rwxr-xr-x | system/core/CodeIgniter.php | 20 | ||||
| -rwxr-xr-x | system/core/Input.php | 2 | ||||
| -rwxr-xr-x | system/core/Security.php | 3 | ||||
| -rw-r--r-- | system/database/DB_active_rec.php | 2 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 5 | ||||
| -rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 19 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 21 | ||||
| -rw-r--r-- | system/libraries/Email.php | 30 | ||||
| -rw-r--r-- | system/libraries/Sha1.php | 4 | ||||
| -rw-r--r-- | system/libraries/Table.php | 4 | ||||
| -rw-r--r-- | system/libraries/Typography.php | 4 | ||||
| -rw-r--r-- | system/libraries/Unit_test.php | 4 | ||||
| -rw-r--r-- | user_guide/changelog.html | 9 | ||||
| -rw-r--r-- | user_guide/general/cli.html | 4 | ||||
| -rw-r--r-- | user_guide/general/managing_apps.html | 6 | ||||
| -rw-r--r-- | user_guide/general/profiling.html | 4 | ||||
| -rw-r--r-- | user_guide/helpers/html_helper.html | 5 | ||||
| -rw-r--r-- | user_guide/libraries/email.html | 5 |
19 files changed, 78 insertions, 74 deletions
diff --git a/application/config/doctypes.php b/application/config/doctypes.php index f7e1d19a2..c9f16eedc 100644 --- a/application/config/doctypes.php +++ b/application/config/doctypes.php @@ -5,6 +5,7 @@ $_doctypes = array( 'xhtml1-strict' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">', 'xhtml1-trans' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">', 'xhtml1-frame' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">', + 'xhtml-basic11' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.1//EN" "http://www.w3.org/TR/xhtml-basic/xhtml-basic11.dtd">', 'html5' => '<!DOCTYPE html>', 'html4-strict' => '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">', 'html4-trans' => '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">', diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index aca4fb23c..9f88384b1 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,28 +33,8 @@ * @var string * */ - /** - * CodeIgniter Version - * - * @var string - * - */ define('CI_VERSION', '2.1.0-dev'); -/** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var boolean - * - */ - /** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var string - * - */ - define('CI_CORE', FALSE); - /* * ------------------------------------------------------ * Load the global functions diff --git a/system/core/Input.php b/system/core/Input.php index f39371fb0..6f8442107 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -555,7 +555,7 @@ class CI_Input { } // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) { $str = stripslashes($str); } diff --git a/system/core/Security.php b/system/core/Security.php index 6c4c59057..84ecb06db 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -886,7 +886,8 @@ class CI_Security { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } - return $this->_csrf_hash = md5(uniqid(rand(), TRUE)); + $this->_csrf_hash = md5(uniqid(rand(), TRUE)); + $this->csrf_set_cookie(); } return $this->_csrf_hash; diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 7162e2ac5..83518232e 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -196,7 +196,7 @@ class CI_DB_active_record extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$this->_protect_identifiers(trim($alias)); + $sql = $this->_protect_identifiers($type.'('.trim($select).')').' AS '.$this->_protect_identifiers(trim($alias)); $this->ar_select[] = $sql; diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 300ca2977..17649f7b1 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -950,6 +950,7 @@ class CI_DB_driver { foreach ($where as $key => $val) { $prefix = (count($dest) == 0) ? '' : ' AND '; + $key = $this->_protect_identifiers($key); if ($val !== '') { @@ -1165,7 +1166,7 @@ class CI_DB_driver { if ($native == TRUE) { - $message = $error; + $message = (array) $error; } else { @@ -1390,4 +1391,4 @@ class CI_DB_driver { /* End of file DB_driver.php */ -/* Location: ./system/database/DB_driver.php */
\ No newline at end of file +/* Location: ./system/database/DB_driver.php */ diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index f87cfea4b..dc020c624 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -56,7 +56,7 @@ class CI_DB_mysql_driver extends CI_DB { // whether SET NAMES must be used to set the character set var $use_set_names; - + /** * Non-persistent database connection * @@ -135,20 +135,9 @@ class CI_DB_mysql_driver extends CI_DB { */ function db_set_charset($charset, $collation) { - if ( ! isset($this->use_set_names)) - { - // mysql_set_charset() requires PHP >= 5.2.3 and MySQL >= 5.0.7, use SET NAMES as fallback - $this->use_set_names = (version_compare(PHP_VERSION, '5.2.3', '>=') && version_compare(mysql_get_server_info(), '5.0.7', '>=')) ? FALSE : TRUE; - } - - if ($this->use_set_names === TRUE) - { - return @mysql_query("SET NAMES '".$this->escape_str($charset)."' COLLATE '".$this->escape_str($collation)."'", $this->conn_id); - } - else - { - return @mysql_set_charset($charset, $this->conn_id); - } + return function_exists('mysql_set_charset') + ? @mysql_set_charset($charset, $this->conn_id) + : @mysql_query("SET NAMES '".$this->escape_str($charset)."' COLLATE '".$this->escape_str($collation)."'", $this->conn_id); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index ccd110f79..abef80fbd 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -56,7 +56,7 @@ class CI_DB_mysqli_driver extends CI_DB { // whether SET NAMES must be used to set the character set var $use_set_names; - + // -------------------------------------------------------------------- /** @@ -135,20 +135,9 @@ class CI_DB_mysqli_driver extends CI_DB { */ function _db_set_charset($charset, $collation) { - if ( ! isset($this->use_set_names)) - { - // mysqli_set_charset() requires MySQL >= 5.0.7, use SET NAMES as fallback - $this->use_set_names = (version_compare(mysqli_get_server_info($this->conn_id), '5.0.7', '>=')) ? FALSE : TRUE; - } - - if ($this->use_set_names === TRUE) - { - return @mysqli_query($this->conn_id, "SET NAMES '".$this->escape_str($charset)."' COLLATE '".$this->escape_str($collation)."'"); - } - else - { - return @mysqli_set_charset($this->conn_id, $charset); - } + return function_exists('mysqli_set_charset') + ? @mysqli_set_charset($this->conn_id, $charset) + : @mysqli_query($this->conn_id, "SET NAMES '".$this->escape_str($charset)."' COLLATE '".$this->escape_str($collation)."'"); } // -------------------------------------------------------------------- @@ -570,7 +559,7 @@ class CI_DB_mysqli_driver extends CI_DB { { return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES ".implode(', ', $values); } - + // -------------------------------------------------------------------- /** diff --git a/system/libraries/Email.php b/system/libraries/Email.php index c8cb8549e..ef20e1978 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -36,6 +36,7 @@ class CI_Email { var $smtp_pass = ""; // SMTP Password var $smtp_port = "25"; // SMTP Port var $smtp_timeout = 5; // SMTP Timeout in seconds + var $smtp_crypto = ""; // SMTP Encryption. Can be null, tls or ssl. var $wordwrap = TRUE; // TRUE/FALSE Turns word-wrap on/off var $wrapchars = "76"; // Number of characters to wrap at. var $mailtype = "text"; // text/html Defines email formatting @@ -1667,7 +1668,14 @@ class CI_Email { */ protected function _smtp_connect() { - $this->_smtp_connect = fsockopen($this->smtp_host, + $ssl = NULL; + + if ($this->smtp_crypto == 'ssl') + { + $ssl = 'ssl://'; + } + + $this->_smtp_connect = fsockopen($ssl.$this->smtp_host, $this->smtp_port, $errno, $errstr, @@ -1680,6 +1688,20 @@ class CI_Email { } $this->_set_error_message($this->_get_smtp_data()); + + if ($this->smtp_crypto == 'tls') + { + $this->_send_command('hello'); + $this->_send_command('starttls'); + $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT); + } + + if ($crypto !== TRUE) + { + $this->_set_error_message('lang:email_smtp_error', $this->_get_smtp_data()); + return FALSE; + } + return $this->_send_command('hello'); } @@ -1706,6 +1728,12 @@ class CI_Email { $resp = 250; break; + case 'starttls' : + + $this->_send_data('STARTTLS'); + + $resp = 220; + break; case 'from' : $this->_send_data('MAIL FROM:<'.$data.'>'); diff --git a/system/libraries/Sha1.php b/system/libraries/Sha1.php index 1a657572b..8e991f54a 100644 --- a/system/libraries/Sha1.php +++ b/system/libraries/Sha1.php @@ -40,7 +40,7 @@ * @subpackage Libraries * @category Encryption * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/general/encryption.html + * @link http://codeigniter.com/user_guide/libraries/encryption.html */ class CI_SHA1 { @@ -248,4 +248,4 @@ class CI_SHA1 { // END CI_SHA /* End of file Sha1.php */ -/* Location: ./system/libraries/Sha1.php */
\ No newline at end of file +/* Location: ./system/libraries/Sha1.php */ diff --git a/system/libraries/Table.php b/system/libraries/Table.php index def696776..c14da727e 100644 --- a/system/libraries/Table.php +++ b/system/libraries/Table.php @@ -24,7 +24,7 @@ * @subpackage Libraries * @category HTML Tables * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/libraries/uri.html + * @link http://codeigniter.com/user_guide/libraries/table.html */ class CI_Table { @@ -528,4 +528,4 @@ class CI_Table { /* End of file Table.php */ -/* Location: ./system/libraries/Table.php */
\ No newline at end of file +/* Location: ./system/libraries/Table.php */ diff --git a/system/libraries/Typography.php b/system/libraries/Typography.php index 734cec104..f061311b0 100644 --- a/system/libraries/Typography.php +++ b/system/libraries/Typography.php @@ -22,7 +22,7 @@ * @access private * @category Helpers * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/helpers/ + * @link http://codeigniter.com/user_guide/libraries/typography.html */ class CI_Typography { @@ -407,4 +407,4 @@ class CI_Typography { // END Typography Class /* End of file Typography.php */ -/* Location: ./system/libraries/Typography.php */
\ No newline at end of file +/* Location: ./system/libraries/Typography.php */ diff --git a/system/libraries/Unit_test.php b/system/libraries/Unit_test.php index 5bd7e801a..d9bc8ef6b 100644 --- a/system/libraries/Unit_test.php +++ b/system/libraries/Unit_test.php @@ -24,7 +24,7 @@ * @subpackage Libraries * @category UnitTesting * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/libraries/uri.html + * @link http://codeigniter.com/user_guide/libraries/unit_testing.html */ class CI_Unit_test { @@ -380,4 +380,4 @@ function is_false($test) /* End of file Unit_test.php */ -/* Location: ./system/libraries/Unit_test.php */
\ No newline at end of file +/* Location: ./system/libraries/Unit_test.php */ diff --git a/user_guide/changelog.html b/user_guide/changelog.html index fdf7227f3..db728f5e3 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -82,6 +82,7 @@ Change Log <li>Altered form helper - made action on form_open_multipart helper function call optional. Fixes (#65)</li> <li><samp>url_title()</samp> will now trim extra dashes from beginning and end.</li> <li>Improved speed of <a href="helpers/string_helper.html">String Helper</a>'s <b>random_string()</b> method</li> + <li>Added XHTML Basic 1.1 doctype to <a href="helpers/html_helper.html">HTML Helper</a>.</li> </ul> </li> <li>Database @@ -105,11 +106,13 @@ Change Log <li>Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> <li>Modified valid_ip() to use PHP's filter_var() when possible (>= PHP 5.2) in the <a href="libraries/form_validation.html">Form Validation</a> library.</li> <li>Added <kbd>$config['use_page_numbers']</kbd> to the <a href="libraries/pagination.html">Pagination library</a>, which enables real page numbers in the URI.</li> + <li>Added TLS and SSL Encryption for SMTP.</li> </ul> </li> <li>Core <ul> <li>Changed private functions in CI_URI to protected so MY_URI can override them.</li> + <li>Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions).</li> </ul> </li> </ul> @@ -132,7 +135,11 @@ Change Log <li>Fixed a bug (#344) - Using schema found in <a href="libraries/sessions.html">Saving Session Data to a Database</a>, system would throw error "user_data does not have a default value" when deleting then creating a session.</li> <li>Fixed a bug (#112) - OCI8 (Oracle) driver didn't pass the configured database character set when connecting.</li> <li>Fixed a bug (#182) - OCI8 (Oracle) driver used to re-execute the statement whenever num_rows() is called.</li> - <li>Fixed a bug (#60) - Added _file_mime_type() method to the <a href="libraries/file_uploading.html">File Uploading Library</a> in order to fix a possible MIME-type injection.</li> + <li>Fixed a bug (#82) - WHERE clause field names in the DB <samp>update_string()</samp> method were not escaped, resulting in failed queries in some cases.</li> + <li>Fixed a bug (#89) - Fix a variable type mismatch in DB <samp>display_error()</samp> where an array is expected, but a string could be set instead.</li> + <li>Fixed a bug (#467) - Suppress warnings generated from get_magic_quotes_gpc() (deprecated in PHP 5.4)</li> + <li>Fixed a bug (#484) - First time _csrf_set_hash() is called, hash is never set to the cookie (in Security.php).</li> + <li>Fixed a bug (#60) - Added _file_mime_type() method to the <a href="libraries/file_uploading.html">File Uploading Library</a> in order to fix a possible MIME-type injection (also fixes bug #394).</li> </ul> <h2>Version 2.0.3</h2> diff --git a/user_guide/general/cli.html b/user_guide/general/cli.html index 4e9bf8709..9091e9362 100644 --- a/user_guide/general/cli.html +++ b/user_guide/general/cli.html @@ -138,11 +138,11 @@ class Tools extends CI_Controller { <div id="footer"> <p> -Previous Topic: <a href="urls.html">CodeIgniter URLs</a> +Previous Topic: <a href="profiling.html">Profiling Your Application</a> · <a href="#top">Top of Page</a> · <a href="../index.html">User Guide Home</a> · -Next Topic: <a href="reserved_names.html">Reserved Names</a></p> +Next Topic: <a href="managing_apps.html">Managing Applications</a></p> <p><a href="http://codeigniter.com">CodeIgniter</a> · Copyright © 2006 - 2011 · <a href="http://ellislab.com/">EllisLab, Inc.</a></p> </div> diff --git a/user_guide/general/managing_apps.html b/user_guide/general/managing_apps.html index e716d1072..93585e212 100644 --- a/user_guide/general/managing_apps.html +++ b/user_guide/general/managing_apps.html @@ -120,14 +120,14 @@ calls the desired application. The index.php file can be named anything you wan <div id="footer"> <p> -Previous Topic: <a href="profiling.html">Profiling Your Application</a> +Previous Topic: <a href="cli.html">Running via the CLI</a> · <a href="#top">Top of Page</a> · <a href="../index.html">User Guide Home</a> · -Next Topic: <a href="alternative_php.html">Alternative PHP Syntax</a> +Next Topic: <a href="environments.html">Handling Multiple Environments</a> </p> <p><a href="http://codeigniter.com">CodeIgniter</a> · Copyright © 2006 - 2011 · <a href="http://ellislab.com/">EllisLab, Inc.</a></p> </div> </body> -</html>
\ No newline at end of file +</html> diff --git a/user_guide/general/profiling.html b/user_guide/general/profiling.html index 0993da5b4..c7c4ed38c 100644 --- a/user_guide/general/profiling.html +++ b/user_guide/general/profiling.html @@ -177,10 +177,10 @@ Previous Topic: <a href="caching.html">Caching</a> · <a href="#top">Top of Page</a> · <a href="../index.html">User Guide Home</a> · -Next Topic: <a href="managing_apps.html">Managing Applications</a> +Next Topic: <a href="cli.html">Running via the CLI</a> </p> <p><a href="http://codeigniter.com">CodeIgniter</a> · Copyright © 2006 - 2011 · <a href="http://ellislab.com/">EllisLab, Inc.</a></p> </div> </body> -</html>
\ No newline at end of file +</html> diff --git a/user_guide/helpers/html_helper.html b/user_guide/helpers/html_helper.html index 92bfdfb2e..4b1342724 100644 --- a/user_guide/helpers/html_helper.html +++ b/user_guide/helpers/html_helper.html @@ -348,6 +348,11 @@ echo doctype('html4-trans');<br /> <td class="td"><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"></td> </tr> <tr> + <td class="td">XHTML Basic 1.1</td> + <td class="td">doctype('xhtml-basic11')</td> + <td class="td"><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.1//EN" "http://www.w3.org/TR/xhtml-basic/xhtml-basic11.dtd"></td> + </tr> + <tr> <td class="td">HTML 5</td> <td class="td">doctype('html5')</td> <td class="td"><!DOCTYPE html></td> diff --git a/user_guide/libraries/email.html b/user_guide/libraries/email.html index d246254ab..de2f1c0c9 100644 --- a/user_guide/libraries/email.html +++ b/user_guide/libraries/email.html @@ -63,6 +63,7 @@ Email Class <ul> <li>Multiple Protocols: Mail, Sendmail, and SMTP</li> +<li>TLS and SSL Encryption for SMTP</li> <li>Multiple recipients</li> <li>CC and BCCs</li> <li>HTML or Plaintext email</li> @@ -152,6 +153,8 @@ will NOT need to use the <dfn>$this->email->initialize()</dfn> function if you s </tr><tr> <td class="td"><strong>smtp_timeout</strong></td><td class="td">5</td><td class="td">None</td><td class="td">SMTP Timeout (in seconds).</td> </tr><tr> +<td class="td"><strong>smtp_crypto</strong></td><td class="td">No Default</td><td class="td">tls or ssl</td><td class="td">SMTP Encryption.</td> +</tr><tr> <td class="td"><strong>wordwrap</strong></td><td class="td">TRUE</td><td class="td">TRUE or FALSE (boolean)</td><td class="td">Enable word-wrap.</td> </tr><tr> <td class="td"><strong>wrapchars</strong></td><td class="td">76</td><td class="td"> </td><td class="td">Character count to wrap at.</td> @@ -304,4 +307,4 @@ Next Topic: <a href="encryption.html">Encryption Class</a> </div> </body> -</html>
\ No newline at end of file +</html> |