summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/autoload.php5
-rw-r--r--composer.json3
-rw-r--r--system/core/Loader.php8
-rw-r--r--system/core/Log.php4
-rw-r--r--system/core/Security.php9
-rw-r--r--system/database/DB_query_builder.php60
-rw-r--r--system/database/drivers/ibase/ibase_driver.php2
-rw-r--r--system/libraries/Cache/drivers/Cache_apc.php27
-rw-r--r--system/libraries/Cache/drivers/Cache_memcached.php26
-rw-r--r--system/libraries/Cache/drivers/Cache_redis.php6
-rw-r--r--system/libraries/Cache/drivers/Cache_wincache.php27
-rw-r--r--system/libraries/Profiler.php44
-rw-r--r--system/libraries/Session/Session_driver.php20
-rw-r--r--system/libraries/Session/drivers/Session_database_driver.php21
-rw-r--r--system/libraries/Session/drivers/Session_memcached_driver.php57
-rw-r--r--system/libraries/Session/drivers/Session_redis_driver.php20
-rw-r--r--tests/codeigniter/core/Log_test.php11
-rw-r--r--tests/codeigniter/core/Security_test.php6
-rw-r--r--tests/codeigniter/database/query_builder/join_test.php27
-rw-r--r--user_guide_src/source/changelog.rst29
-rw-r--r--user_guide_src/source/database/db_driver_reference.rst7
-rw-r--r--user_guide_src/source/database/queries.rst8
-rw-r--r--user_guide_src/source/installation/downloads.rst3
-rw-r--r--user_guide_src/source/installation/upgrade_306.rst14
-rw-r--r--user_guide_src/source/installation/upgrading.rst1
25 files changed, 316 insertions, 129 deletions
diff --git a/application/config/autoload.php b/application/config/autoload.php
index aeacbdb66..7cdc9013c 100644
--- a/application/config/autoload.php
+++ b/application/config/autoload.php
@@ -73,10 +73,11 @@ $autoload['libraries'] = array();
|
| $autoload['drivers'] = array('cache');
|
-| You can also supply an alternative library name to be assigned in
+| You can also supply an alternative property name to be assigned in
| the controller:
|
-| $autoload['drivers'] = array('cache' => 'cch');
+| $autoload['drivers'] = array('cache' => 'cch');
+|
*/
$autoload['drivers'] = array();
diff --git a/composer.json b/composer.json
index 4a9e8748e..64d1be155 100644
--- a/composer.json
+++ b/composer.json
@@ -13,6 +13,9 @@
"require": {
"php": ">=5.2.4"
},
+ "suggest": {
+ "paragonie/random_compat": "Provides better randomness in PHP 5.x"
+ },
"require-dev": {
"mikey179/vfsStream": "1.1.*"
}
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 62781a7bf..c742ae71a 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -936,6 +936,14 @@ class CI_Loader {
*/
if (is_array($_ci_vars))
{
+ foreach (array_keys($_ci_vars) as $key)
+ {
+ if (strncmp($key, '_ci_', 4) === 0)
+ {
+ unset($_ci_vars[$key]);
+ }
+ }
+
$this->_ci_cached_vars = array_merge($this->_ci_cached_vars, $_ci_vars);
}
extract($this->_ci_cached_vars);
diff --git a/system/core/Log.php b/system/core/Log.php
index 7c81d358b..1abdaa00e 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -191,6 +191,8 @@ class CI_Log {
return FALSE;
}
+ flock($fp, LOCK_EX);
+
// Instantiating DateTime with microseconds appended to initial date is needed for proper support of this format
if (strpos($this->_date_fmt, 'u') !== FALSE)
{
@@ -206,8 +208,6 @@ class CI_Log {
$message .= $this->_format_line($level, $date, $msg);
- flock($fp, LOCK_EX);
-
for ($written = 0, $length = strlen($message); $written < $length; $written += $result)
{
if (($result = fwrite($fp, substr($message, $written))) === FALSE)
diff --git a/system/core/Security.php b/system/core/Security.php
index bad511dd3..d5305d1ca 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -762,7 +762,14 @@ class CI_Security {
*/
public function strip_image_tags($str)
{
- return preg_replace(array('#<img[\s/]+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img[\s/]+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ return preg_replace(
+ array(
+ '#<img[\s/]+.*?src\s*=\s*(["\'])([^\\1]+?)\\1.*?\>#i',
+ '#<img[\s/]+.*?src\s*=\s*?(([^\s"\'=<>`]+)).*?\>#i'
+ ),
+ '\\2',
+ $str
+ );
}
// ----------------------------------------------------------------
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index eb9620f16..c862d937d 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -531,38 +531,46 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
is_bool($escape) OR $escape = $this->_protect_identifiers;
- // Split multiple conditions
- if ($escape === TRUE && preg_match_all('/\sAND\s|\sOR\s/i', $cond, $m, PREG_OFFSET_CAPTURE))
+ if ( ! $this->_has_operator($cond))
{
- $newcond = '';
- $m[0][] = array('', strlen($cond));
-
- for ($i = 0, $c = count($m[0]), $s = 0;
- $i < $c;
- $s = $m[0][$i][1] + strlen($m[0][$i][0]), $i++)
- {
- $temp = substr($cond, $s, ($m[0][$i][1] - $s));
- $newcond .= preg_match("/(\(*)?([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match)
- ? $match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4])
- : $temp;
-
- $newcond .= $m[0][$i][0];
- }
-
- $cond = ' ON '.$newcond;
- }
- // Split apart the condition and protect the identifiers
- elseif ($escape === TRUE && preg_match("/(\(*)?([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match))
- {
- $cond = ' ON '.$match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4]);
+ $cond = ' USING ('.($escape ? $this->escape_identifiers($cond) : $cond).')';
}
- elseif ( ! $this->_has_operator($cond))
+ elseif ($escape === FALSE)
{
- $cond = ' USING ('.($escape ? $this->escape_identifiers($cond) : $cond).')';
+ $cond = ' ON '.$cond;
}
else
{
- $cond = ' ON '.$cond;
+ // Split multiple conditions
+ if (preg_match_all('/\sAND\s|\sOR\s/i', $cond, $joints, PREG_OFFSET_CAPTURE))
+ {
+ $conditions = array();
+ $joints = $joints[0];
+ array_unshift($joints, array('', 0));
+
+ for ($i = count($joints) - 1, $pos = strlen($cond); $i >= 0; $i--)
+ {
+ $joints[$i][1] += strlen($joints[$i][0]); // offset
+ $conditions[$i] = substr($cond, $joints[$i][1], $pos - $joints[$i][1]);
+ $pos = $joints[$i][1] - strlen($joints[$i][0]);
+ $joints[$i] = $joints[$i][0];
+ }
+ }
+ else
+ {
+ $conditions = array($cond);
+ $joints = array('');
+ }
+
+ $cond = ' ON ';
+ for ($i = 0, $c = count($conditions); $i < $c; $i++)
+ {
+ $operator = $this->_get_operator($conditions[$i]);
+ $cond .= $joints[$i];
+ $cond .= preg_match("/(\(*)?([\[\]\w\.'-]+)".preg_quote($operator)."(.*)/i", $conditions[$i], $match)
+ ? $match[1].$this->protect_identifiers($match[2]).$operator.$this->protect_identifiers($match[3])
+ : $conditions[$i];
+ }
}
// Do we want to escape the table name?
diff --git a/system/database/drivers/ibase/ibase_driver.php b/system/database/drivers/ibase/ibase_driver.php
index cbc1022ff..c1055c1e6 100644
--- a/system/database/drivers/ibase/ibase_driver.php
+++ b/system/database/drivers/ibase/ibase_driver.php
@@ -126,7 +126,7 @@ class CI_DB_ibase_driver extends CI_DB {
*/
protected function _execute($sql)
{
- return ibase_query($this->conn_id, $sql);
+ return ibase_query(isset($this->_ibase_trans) ? $this->_ibase_trans : $this->conn_id, $sql);
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php
index dd18e7bc8..07ea8f474 100644
--- a/system/libraries/Cache/drivers/Cache_apc.php
+++ b/system/libraries/Cache/drivers/Cache_apc.php
@@ -49,6 +49,24 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class CI_Cache_apc extends CI_Driver {
/**
+ * Class constructor
+ *
+ * Only present so that an error message is logged
+ * if APC is not available.
+ *
+ * @return void
+ */
+ public function __construct()
+ {
+ if ( ! $this->is_supported())
+ {
+ log_message('error', 'Cache: Failed to initialize APC; extension not loaded/enabled?');
+ }
+ }
+
+ // ------------------------------------------------------------------------
+
+ /**
* Get
*
* Look for a value in the cache. If it exists, return the data
@@ -198,13 +216,6 @@ class CI_Cache_apc extends CI_Driver {
*/
public function is_supported()
{
- if ( ! extension_loaded('apc') OR ! ini_get('apc.enabled'))
- {
- log_message('debug', 'The APC PHP extension must be loaded to use APC Cache.');
- return FALSE;
- }
-
- return TRUE;
+ return (extension_loaded('apc') && ini_get('apc.enabled'));
}
-
}
diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php
index c44958b97..56ab5b85b 100644
--- a/system/libraries/Cache/drivers/Cache_memcached.php
+++ b/system/libraries/Cache/drivers/Cache_memcached.php
@@ -107,6 +107,7 @@ class CI_Cache_memcached extends CI_Driver {
else
{
log_message('error', 'Cache: Failed to create Memcache(d) object; extension not loaded?');
+ return;
}
foreach ($this->_memcache_conf as $cache_server)
@@ -186,7 +187,7 @@ class CI_Cache_memcached extends CI_Driver {
/**
* Delete from Cache
*
- * @param mixed key to be deleted.
+ * @param mixed $id key to be deleted.
* @return bool true on success, false on failure
*/
public function delete($id)
@@ -251,7 +252,7 @@ class CI_Cache_memcached extends CI_Driver {
/**
* Get Cache Metadata
*
- * @param mixed key to get cache metadata on
+ * @param mixed $id key to get cache metadata on
* @return mixed FALSE on failure, array on success.
*/
public function get_metadata($id)
@@ -286,4 +287,25 @@ class CI_Cache_memcached extends CI_Driver {
{
return (extension_loaded('memcached') OR extension_loaded('memcache'));
}
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class destructor
+ *
+ * Closes the connection to Memcache(d) if present.
+ *
+ * @return void
+ */
+ public function __destruct()
+ {
+ if ($this->_memcached instanceof Memcache)
+ {
+ $this->_memcached->close();
+ }
+ elseif ($this->_memcached instanceof Memcached)
+ {
+ $this->_memcached->quit();
+ }
+ }
}
diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php
index 9d48da8f9..a58aaef4e 100644
--- a/system/libraries/Cache/drivers/Cache_redis.php
+++ b/system/libraries/Cache/drivers/Cache_redis.php
@@ -91,6 +91,12 @@ class CI_Cache_redis extends CI_Driver
*/
public function __construct()
{
+ if ( ! $this->is_supported())
+ {
+ log_message('error', 'Cache: Failed to create Redis object; extension not loaded?');
+ return;
+ }
+
$config = array();
$CI =& get_instance();
diff --git a/system/libraries/Cache/drivers/Cache_wincache.php b/system/libraries/Cache/drivers/Cache_wincache.php
index f66080514..d6a0d4fb6 100644
--- a/system/libraries/Cache/drivers/Cache_wincache.php
+++ b/system/libraries/Cache/drivers/Cache_wincache.php
@@ -52,6 +52,24 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class CI_Cache_wincache extends CI_Driver {
/**
+ * Class constructor
+ *
+ * Only present so that an error message is logged
+ * if APC is not available.
+ *
+ * @return void
+ */
+ public function __construct()
+ {
+ if ( ! $this->is_supported())
+ {
+ log_message('error', 'Cache: Failed to initialize Wincache; extension not loaded/enabled?');
+ }
+ }
+
+ // ------------------------------------------------------------------------
+
+ /**
* Get
*
* Look for a value in the cache. If it exists, return the data,
@@ -194,13 +212,6 @@ class CI_Cache_wincache extends CI_Driver {
*/
public function is_supported()
{
- if ( ! extension_loaded('wincache') OR ! ini_get('wincache.ucenabled'))
- {
- log_message('debug', 'The Wincache PHP extension must be loaded to use Wincache Cache.');
- return FALSE;
- }
-
- return TRUE;
+ return (extension_loaded('wincache') && ini_get('wincache.ucenabled'));
}
-
}
diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index cc7641436..cf455d3da 100644
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -314,12 +314,14 @@ class CI_Profiler {
foreach ($_GET as $key => $val)
{
- is_int($key) OR $key = "'".$key."'";
+ is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'";
+ $val = (is_array($val) OR is_object($val))
+ ? '<pre>'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+ : htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
$output .= '<tr><td style="width:50%;color:#000;background-color:#ddd;padding:5px;">&#36;_GET['
.$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#cd6e00;font-weight:normal;background-color:#ddd;">'
- .((is_array($val) OR is_object($val)) ? '<pre>'.htmlspecialchars(stripslashes(print_r($val, TRUE))).'</pre>' : htmlspecialchars(stripslashes($val)))
- ."</td></tr>\n";
+ .$val."</td></tr>\n";
}
$output .= "</table>\n";
@@ -352,36 +354,26 @@ class CI_Profiler {
foreach ($_POST as $key => $val)
{
- is_int($key) OR $key = "'".$key."'";
+ is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'";
+ $val = (is_array($val) OR is_object($val))
+ ? '<pre>'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+ : htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
$output .= '<tr><td style="width:50%;padding:5px;color:#000;background-color:#ddd;">&#36;_POST['
- .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">';
-
- if (is_array($val) OR is_object($val))
- {
- $output .= '<pre>'.htmlspecialchars(stripslashes(print_r($val, TRUE))).'</pre>';
- }
- else
- {
- $output .= htmlspecialchars(stripslashes($val));
- }
-
- $output .= "</td></tr>\n";
+ .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">'
+ .$val."</td></tr>\n";
}
foreach ($_FILES as $key => $val)
{
- is_int($key) OR $key = "'".$key."'";
+ is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'";
+ $val = (is_array($val) OR is_object($val))
+ ? '<pre>'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+ : htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
$output .= '<tr><td style="width:50%;padding:5px;color:#000;background-color:#ddd;">&#36;_FILES['
- .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">';
-
- if (is_array($val) OR is_object($val))
- {
- $output .= '<pre>'.htmlspecialchars(stripslashes(print_r($val, TRUE))).'</pre>';
- }
-
- $output .= "</td></tr>\n";
+ .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">'
+ .$val."</td></tr>\n";
}
$output .= "</table>\n";
@@ -465,7 +457,7 @@ class CI_Profiler {
foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR', 'HTTP_DNT') as $header)
{
- $val = isset($_SERVER[$header]) ? $_SERVER[$header] : '';
+ $val = isset($_SERVER[$header]) ? htmlspecialchars($_SERVER[$header], ENT_QUOTES, config_item('charset')) : '';
$output .= '<tr><td style="vertical-align:top;width:50%;padding:5px;color:#900;background-color:#ddd;">'
.$header.'&nbsp;&nbsp;</td><td style="width:50%;padding:5px;color:#000;background-color:#ddd;">'.$val."</td></tr>\n";
}
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index 98fc897e3..55ddb25e0 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -168,4 +168,24 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
return TRUE;
}
+ // ------------------------------------------------------------------------
+
+ /**
+ * Fail
+ *
+ * Drivers other than the 'files' one don't (need to) use the
+ * session.save_path INI setting, but that leads to confusing
+ * error messages emitted by PHP when open() or write() fail,
+ * as the message contains session.save_path ...
+ * To work around the problem, the drivers will call this method
+ * so that the INI is set just in time for the error message to
+ * be properly generated.
+ *
+ * @return mixed
+ */
+ protected function _fail()
+ {
+ ini_set('session.save_path', config_item('sess_save_path'));
+ return $this->_failure;
+ }
}
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index 3ba9d3d36..317bd7d4d 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -127,7 +127,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
{
if (empty($this->_db->conn_id) && ! $this->_db->db_connect())
{
- return $this->_failure;
+ return $this->_fail();
}
return $this->_success;
@@ -163,7 +163,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
$this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
}
- if (($result = $this->_db->get()->row()) === NULL)
+ if ( ! ($result = $this->_db->get()) OR ($result = $result->row()) === NULL)
{
// PHP7 will reuse the same SessionHandler object after
// ID regeneration, so we need to explicitly set this to
@@ -210,7 +210,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
{
if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
{
- return $this->_failure;
+ return $this->_fail();
}
$this->_row_exists = FALSE;
@@ -218,7 +218,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
}
elseif ($this->_lock === FALSE)
{
- return $this->_failure;
+ return $this->_fail();
}
if ($this->_row_exists === FALSE)
@@ -237,7 +237,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
return $this->_success;
}
- return $this->_failure;
+ return $this->_fail();
}
$this->_db->where('id', $session_id);
@@ -260,7 +260,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
return $this->_success;
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -275,7 +275,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
public function close()
{
return ($this->_lock && ! $this->_release_lock())
- ? $this->_failure
+ ? $this->_fail()
: $this->_success;
}
@@ -304,7 +304,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
if ( ! $this->_db->delete($this->_config['save_path']))
{
- return $this->_failure;
+ return $this->_fail();
}
}
@@ -314,7 +314,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
return $this->_success;
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -334,7 +334,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
return ($this->_db->delete($this->_config['save_path'], 'timestamp < '.(time() - $maxlifetime)))
? $this->_success
- : $this->_failure;
+ : $this->_fail();
}
// ------------------------------------------------------------------------
@@ -414,5 +414,4 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
return parent::_release_lock();
}
-
} \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index d017dfb2f..88eb4b3a6 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -117,7 +117,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
{
$this->_memcached = NULL;
log_message('error', 'Session: Invalid Memcached save path format: '.$this->_config['save_path']);
- return $this->_failure;
+ return $this->_fail();
}
foreach ($matches as $match)
@@ -142,7 +142,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
if (empty($server_list))
{
log_message('error', 'Session: Memcached server pool is empty.');
- return $this->_failure;
+ return $this->_fail();
}
return $this->_success;
@@ -170,7 +170,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
return $session_data;
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -188,14 +188,14 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
{
if ( ! isset($this->_memcached))
{
- return $this->_failure;
+ return $this->_fail();
}
// Was the ID regenerated?
elseif ($session_id !== $this->_session_id)
{
if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
{
- return $this->_failure;
+ return $this->_fail();
}
$this->_fingerprint = md5('');
@@ -204,24 +204,33 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
if (isset($this->_lock_key))
{
+ $key = $this->_key_prefix.$session_id;
+
$this->_memcached->replace($this->_lock_key, time(), 300);
if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
{
- if ($this->_memcached->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
+ if (
+ $this->_memcached->replace($key, $session_data, $this->_config['expiration'])
+ OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
+ )
{
$this->_fingerprint = $fingerprint;
return $this->_success;
}
- return $this->_failure;
+ return $this->_fail();
}
- return $this->_memcached->touch($this->_key_prefix.$session_id, $this->_config['expiration'])
- ? $this->_success
- : $this->_failure;
+ if (
+ $this->_memcached->touch($key, $this->_config['expiration'])
+ OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
+ )
+ {
+ return $this->_success;
+ }
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -237,17 +246,17 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
{
if (isset($this->_memcached))
{
- isset($this->_lock_key) && $this->_memcached->delete($this->_lock_key);
+ $this->_release_lock();
if ( ! $this->_memcached->quit())
{
- return $this->_failure;
+ return $this->_fail();
}
$this->_memcached = NULL;
return $this->_success;
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -269,7 +278,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
return $this->_success;
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -305,9 +314,12 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
// correct session ID.
if ($this->_lock_key === $this->_key_prefix.$session_id.':lock')
{
- return ($this->_memcached->replace($this->_lock_key, time(), 300))
- ? $this->_success
- : $this->_failure;
+ if ( ! $this->_memcached->replace($this->_lock_key, time(), 300))
+ {
+ return ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND)
+ ? $this->_memcached->set($this->_lock_key, time(), 300)
+ : FALSE;
+ }
}
// 30 attempts to obtain a lock, in case another request already has it
@@ -324,7 +336,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
if ( ! $this->_memcached->set($lock_key, time(), 300))
{
log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id);
- return $this->_failure;
+ return FALSE;
}
$this->_lock_key = $lock_key;
@@ -335,11 +347,11 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
if ($attempt === 30)
{
log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 30 attempts, aborting.');
- return $this->_failure;
+ return FALSE;
}
$this->_lock = TRUE;
- return $this->_success;
+ return TRUE;
}
// ------------------------------------------------------------------------
@@ -367,5 +379,4 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
return TRUE;
}
-
-}
+} \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index c0c20a7ca..ad14cbfdc 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -143,7 +143,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
{
if (empty($this->_config['save_path']))
{
- return $this->_failure;
+ return $this->_fail();
}
$redis = new Redis();
@@ -176,7 +176,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
log_message('error', 'Session: Unable to connect to Redis with the configured settings.');
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -206,7 +206,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
return $session_data;
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -224,14 +224,14 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
{
if ( ! isset($this->_redis))
{
- return $this->_failure;
+ return $this->_fail();
}
// Was the ID regenerated?
elseif ($session_id !== $this->_session_id)
{
if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
{
- return $this->_failure;
+ return $this->_fail();
}
$this->_key_exists = FALSE;
@@ -250,15 +250,15 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
return $this->_success;
}
- return $this->_failure;
+ return $this->_fail();
}
return ($this->_redis->setTimeout($this->_key_prefix.$session_id, $this->_config['expiration']))
? $this->_success
- : $this->_failure;
+ : $this->_fail();
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
@@ -280,7 +280,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
$this->_release_lock();
if ($this->_redis->close() === $this->_failure)
{
- return $this->_failure;
+ return $this->_fail();
}
}
}
@@ -319,7 +319,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
return $this->_success;
}
- return $this->_failure;
+ return $this->_fail();
}
// ------------------------------------------------------------------------
diff --git a/tests/codeigniter/core/Log_test.php b/tests/codeigniter/core/Log_test.php
index d44cbac0f..2dd9d90d2 100644
--- a/tests/codeigniter/core/Log_test.php
+++ b/tests/codeigniter/core/Log_test.php
@@ -1,9 +1,13 @@
<?php
-
class Log_test extends CI_TestCase {
public function test_configuration()
{
+ if ( ! is_php('5.3'))
+ {
+ return $this->markTestSkipped("PHP 5.2 doesn't have ReflectionProperty::setAccessible() and can't run this test");
+ }
+
$path = new ReflectionProperty('CI_Log', '_log_path');
$path->setAccessible(TRUE);
$threshold = new ReflectionProperty('CI_Log', '_threshold');
@@ -50,6 +54,11 @@ class Log_test extends CI_TestCase {
public function test_format_line()
{
+ if ( ! is_php('5.3'))
+ {
+ return $this->markTestSkipped("PHP 5.2 doesn't have ReflectionProperty::setAccessible() and can't run this test");
+ }
+
$this->ci_set_config('log_path', '');
$this->ci_set_config('log_threshold', 0);
$instance = new CI_Log();
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 2ef822863..8328c37cb 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -299,7 +299,8 @@ class Security_test extends CI_TestCase {
'<img src="mdn-logo-sm.png" alt="MD Logo" srcset="mdn-logo-HD.png 2x, mdn-logo-small.png 15w, mdn-banner-HD.png 100w 2x" />',
'<img sqrc="/img/sunset.gif" height="100%" width="100%">',
'<img srqc="/img/sunset.gif" height="100%" width="100%">',
- '<img srcq="/img/sunset.gif" height="100%" width="100%">'
+ '<img srcq="/img/sunset.gif" height="100%" width="100%">',
+ '<img src=non-quoted.attribute foo="bar">'
);
$urls = array(
@@ -310,7 +311,8 @@ class Security_test extends CI_TestCase {
'mdn-logo-sm.png',
'<img sqrc="/img/sunset.gif" height="100%" width="100%">',
'<img srqc="/img/sunset.gif" height="100%" width="100%">',
- '<img srcq="/img/sunset.gif" height="100%" width="100%">'
+ '<img srcq="/img/sunset.gif" height="100%" width="100%">',
+ 'non-quoted.attribute'
);
for ($i = 0; $i < count($imgtags); $i++)
diff --git a/tests/codeigniter/database/query_builder/join_test.php b/tests/codeigniter/database/query_builder/join_test.php
index 58cb21492..54b2a4e18 100644
--- a/tests/codeigniter/database/query_builder/join_test.php
+++ b/tests/codeigniter/database/query_builder/join_test.php
@@ -37,6 +37,29 @@ class Join_test extends CI_TestCase {
// ------------------------------------------------------------------------
+ public function test_join_escape_is_null()
+ {
+ $expected = 'SELECT '.$this->db->escape_identifiers('field')
+ ."\nFROM ".$this->db->escape_identifiers('table1')
+ ."\nJOIN ".$this->db->escape_identifiers('table2').' ON '.$this->db->escape_identifiers('field').' IS NULL';
+
+ $this->assertEquals(
+ $expected,
+ $this->db->select('field')->from('table1')->join('table2', 'field IS NULL')->get_compiled_select()
+ );
+
+ $expected = 'SELECT '.$this->db->escape_identifiers('field')
+ ."\nFROM ".$this->db->escape_identifiers('table1')
+ ."\nJOIN ".$this->db->escape_identifiers('table2').' ON '.$this->db->escape_identifiers('field').' IS NOT NULL';
+
+ $this->assertEquals(
+ $expected,
+ $this->db->select('field')->from('table1')->join('table2', 'field IS NOT NULL')->get_compiled_select()
+ );
+ }
+
+ // ------------------------------------------------------------------------
+
public function test_join_escape_multiple_conditions()
{
// We just need a valid query produced, not one that makes sense
@@ -65,11 +88,11 @@ class Join_test extends CI_TestCase {
$expected = 'SELECT '.implode(', ', $fields)
."\nFROM ".$this->db->escape_identifiers('table1')
."\nRIGHT JOIN ".$this->db->escape_identifiers('table2').' ON '.implode(' = ', $fields)
- .' AND ('.$fields[0]." = 'foo' OR ".$fields[1].' = 0)';
+ .' AND ('.$fields[0]." = 'foo' OR ".$fields[1].' IS NULL)';
$result = $this->db->select('table1.field1, table2.field2')
->from('table1')
- ->join('table2', "table1.field1 = table2.field2 AND (table1.field1 = 'foo' OR table2.field2 = 0)", 'RIGHT')
+ ->join('table2', "table1.field1 = table2.field2 AND (table1.field1 = 'foo' OR table2.field2 IS NULL)", 'RIGHT')
->get_compiled_select();
$this->assertEquals($expected, $result);
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 8e1789fb9..938df9a8b 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -26,11 +26,26 @@ Release Date: Not Released
- Updated :doc:`HTML Helper <helpers/html_helper>` function :php:func:`meta()` with support for "charset" and "property" properties.
- Changed :doc:`HTML Helper <helpers/html_helper>` function :php:func:`doctype()` default document type to HTML 5.
-Version 3.0.5
+Version 3.0.6
=============
Release Date: Not Released
+
+Version 3.0.5
+=============
+
+Release Date: March 11, 2016
+
+- Core
+
+ - Changed :doc:`Loader Library <libraries/loader>` to allow ``$autoload['drivers']`` assigning with custom property names.
+ - Changed :doc:`Loader Library <libraries/loader>` to ignore variables prefixed with '_ci_' when loading views.
+
+- General Changes
+
+ - Updated the :doc:`Session Library <libraries/sessions>` to produce friendlier error messages on failures with drivers other than 'files'.
+
- :doc:`Query Builder <database/query_builder>`
- Added a ``$batch_size`` parameter to the ``insert_batch()`` method (defaults to 100).
@@ -47,11 +62,21 @@ Bug fixes for 3.0.5
- Fixed a regression in :doc:`Form Helper <helpers/form_helper>` functions :php:func:`set_checkbox()`, :php:func:`set_radio()` where "checked" inputs aren't recognized after a form submit.
- Fixed a bug (#4407) - :doc:`Text Helper <helpers/text_helper>` function :php:func:`word_censor()` doesn't work under PHP 7 if there's no custom replacement provided.
- Fixed a bug (#4415) - :doc:`Form Validation Library <libraries/form_validation>` rule **valid_url** didn't accept URLs with IPv6 addresses enclosed in square brackets under PHP 5 (upstream bug).
-- Fixed a bug (#4427) - :doc:`CAPTCHA Helper <helpers/capcha_helper>` triggers an error if the provided character pool is too small.
+- Fixed a bug (#4427) - :doc:`CAPTCHA Helper <helpers/captcha_helper>` triggers an error if the provided character pool is too small.
- Fixed a bug (#4430) - :doc:`File Uploading Library <libraries/file_uploading>` option **file_ext_tolower** didn't work.
- Fixed a bug (#4431) - :doc:`Query Builder <database/query_builder>` method ``join()`` discarded opening parentheses.
- Fixed a bug (#4424) - :doc:`Session Library <libraries/sessions>` triggered a PHP warning when writing a newly created session with the 'redis' driver.
- Fixed a bug (#4437) - :doc:`Inflector Helper <helpers/inflector_helper>` function :php:func:`humanize()` didn't escape its ``$separator`` parameter while using it in a regular expression.
+- Fixed a bug where :doc:`Session Library <libraries/sessions>` didn't properly handle its locks' statuses with the 'memcached' driver.
+- Fixed a bug where :doc:`Session Library <libraries/sessions>` triggered a PHP warning when writing a newly created session with the 'memcached' driver.
+- Fixed a bug (#4449) - :doc:`Query Builder <database/query_builder>` method ``join()`` breaks conditions containing ``IS NULL``, ``IS NOT NULL``.
+- Fixed a bug (#4491) - :doc:`Session Library <libraries/sessions>` didn't clean-up internal variables for emulated locks with the 'redis' driver.
+- Fixed a bug where :doc:`Session Library <libraries/sessions>` didn't clean-up internal variables for emulated locks with the 'memcached' driver.
+- Fixed a bug where :doc:`Database <database/index>` transactions didn't work with the 'ibase' driver.
+- Fixed a bug (#4475) - :doc:`Security Library <libraries/security>` method ``strip_image_tags()`` preserves only the first URL character from non-quoted *src* attributes.
+- Fixed a bug where :doc:`Profiler Library <general/profiling>` didn't apply ``htmlspecialchars()`` to all displayed inputs.
+- Fixed a bug (#4277) - :doc:`Cache Library <libraries/caching>` triggered fatal errors if accessing the Memcache(d) and/or Redis driver and they are not available on the system.
+- Fixed a bug where :doc:`Cache Library <libraries/caching>` method ``is_supported()`` logged an error message on when it returns ``FALSE`` for the APC and Wincache drivers.
Version 3.0.4
=============
diff --git a/user_guide_src/source/database/db_driver_reference.rst b/user_guide_src/source/database/db_driver_reference.rst
index 75d1538bd..db0c67118 100644
--- a/user_guide_src/source/database/db_driver_reference.rst
+++ b/user_guide_src/source/database/db_driver_reference.rst
@@ -226,6 +226,13 @@ This article is intended to be a reference for them.
and ``_`` wildcard characters, so that they don't cause
false-positives in LIKE conditions.
+ .. important:: The ``escape_like_str()`` method uses '!' (exclamation mark)
+ to escape special characters for *LIKE* conditions. Because this
+ method escapes partial strings that you would wrap in quotes
+ yourself, it cannot automatically add the ``ESCAPE '!'``
+ condition for you, and so you'll have to manually do that.
+
+
.. php:method:: primary($table)
:param string $table: Table name
diff --git a/user_guide_src/source/database/queries.rst b/user_guide_src/source/database/queries.rst
index 43a0a30bf..d4ffd16cf 100644
--- a/user_guide_src/source/database/queries.rst
+++ b/user_guide_src/source/database/queries.rst
@@ -123,7 +123,13 @@ this:
$search = '20% raise';
$sql = "SELECT id FROM table WHERE column LIKE '%" .
- $this->db->escape_like_str($search)."%'";
+ $this->db->escape_like_str($search)."%' ESCAPE '!'";
+
+.. important:: The ``escape_like_str()`` method uses '!' (exclamation mark)
+ to escape special characters for *LIKE* conditions. Because this
+ method escapes partial strings that you would wrap in quotes
+ yourself, it cannot automatically add the ``ESCAPE '!'``
+ condition for you, and so you'll have to manually do that.
**************
diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst
index c7211c1de..8c2a56c5b 100644
--- a/user_guide_src/source/installation/downloads.rst
+++ b/user_guide_src/source/installation/downloads.rst
@@ -3,7 +3,8 @@ Downloading CodeIgniter
#######################
- `CodeIgniter v3.1.0-dev (Current version) <https://codeload.github.com/bcit-ci/CodeIgniter/zip/develop>`_
-- `CodeIgniter v3.0.5-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0-stable>`_
+- `CodeIgniter v3.0.6-dev <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0-stable>`_
+- `CodeIgniter v3.0.5 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.5>`_
- `CodeIgniter v3.0.4 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.4>`_
- `CodeIgniter v3.0.3 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.3>`_
- `CodeIgniter v3.0.2 <https://codeload.github.com/bcit-ci/CodeIgniter/zip/3.0.2>`_
diff --git a/user_guide_src/source/installation/upgrade_306.rst b/user_guide_src/source/installation/upgrade_306.rst
new file mode 100644
index 000000000..e9c4bdd79
--- /dev/null
+++ b/user_guide_src/source/installation/upgrade_306.rst
@@ -0,0 +1,14 @@
+#############################
+Upgrading from 3.0.5 to 3.0.6
+#############################
+
+Before performing an update you should take your site offline by
+replacing the index.php file with a static one.
+
+Step 1: Update your CodeIgniter files
+=====================================
+
+Replace all files and directories in your *system/* directory.
+
+.. note:: If you have any custom developed files in these directories,
+ please make copies of them first.
diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst
index 2aaaa2350..12a30d181 100644
--- a/user_guide_src/source/installation/upgrading.rst
+++ b/user_guide_src/source/installation/upgrading.rst
@@ -9,6 +9,7 @@ upgrading from.
:titlesonly:
Upgrading from 3.0.x to 3.1.x <upgrade_310>
+ Upgrading from 3.0.5 to 3.0.6 <upgrade_306>
Upgrading from 3.0.4 to 3.0.5 <upgrade_305>
Upgrading from 3.0.3 to 3.0.4 <upgrade_304>
Upgrading from 3.0.2 to 3.0.3 <upgrade_303>