diff options
| -rw-r--r-- | system/database/DB_driver.php | 10 | ||||
| -rw-r--r-- | system/helpers/form_helper.php | 2 | ||||
| -rw-r--r-- | system/libraries/Image_lib.php | 2 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 7 | ||||
| -rw-r--r-- | user_guide/changelog.html | 5 |
5 files changed, 19 insertions, 7 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 8f530b482..4dfb584f2 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1015,8 +1015,14 @@ class CI_DB_driver { else { $args = (func_num_args() > 1) ? array_splice(func_get_args(), 1) : null; - - return call_user_func_array($function, $args); + if (is_null($args)) + { + return call_user_func($function); + } + else + { + return call_user_func_array($function, $args); + } } } diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index d9305c00b..8733ae053 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -65,7 +65,7 @@ if ( ! function_exists('form_open')) $form .= '>'; // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites - if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"'))) + if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index 8902f524d..7f905128b 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -208,7 +208,7 @@ class CI_Image_lib { } else { - if (strpos($this->new_image, '/') === FALSE) + if (strpos($this->new_image, '/') === FALSE AND strpos($this->new_image, '\\') === FALSE) { $this->dest_folder = $this->source_folder; $this->dest_image = $this->new_image; diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index fe5907ab2..506d15897 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1042,14 +1042,17 @@ class CI_Upload { if (function_exists('mime_content_type')) { $this->file_type = @mime_content_type($file['tmp_name']); - return; + if (strlen($this->file_type) > 0) // Turns out it's possible that mime_content_type() returns FALSE or an empty string + { + return; + } } /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type, * which is still more secure than depending on the value of $_FILES[$field]['type']. * * Notes: - * - a 'W' in the substr() expression bellow, would mean that we're using Windows + * - the DIRECTORY_SEPARATOR comparison ensures that we're not on a Windows system * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check */ if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec')) diff --git a/user_guide/changelog.html b/user_guide/changelog.html index a20f27956..b8fdcfc34 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -28,7 +28,7 @@ <div id="masthead"> <table cellpadding="0" cellspacing="0" border="0" style="width:100%"> <tr> -<td><h1>CodeIgniter User Guide Version 2.1.0</h1></td> +<td><h1>CodeIgniter User Guide Version 2.1.1</h1></td> <td id="breadcrumb_right"><a href="./toc.html">Table of Contents Page</a></td> </tr> </table> @@ -71,6 +71,9 @@ Change Log <h3>Bug fixes for 2.1.1</h3> <ul> <li>Fixed a bug (#697) - A wrong array key was used in the Upload library to check for mime-types.</li> + <li>Fixed a bug - form_open() compared $action against site_url() instead of base_url()</li> + <li>Fixed a bug - CI_Upload::_file_mime_type() could've failed if mime_content_type() is used for the detection and returns FALSE.</li> + <li>Fixed a bug (#538) - Windows paths were ignored when using the <a href="libraries/image_lib.html">Image Manipulation Class</a> to create a new file.</li> </ul> |