summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/mimes.php3
-rw-r--r--application/config/user_agents.php2
-rw-r--r--system/core/CodeIgniter.php2
-rw-r--r--system/database/DB_driver.php2
-rw-r--r--system/database/DB_query_builder.php8
-rw-r--r--system/helpers/html_helper.php6
-rw-r--r--system/helpers/url_helper.php2
-rw-r--r--system/libraries/Email.php12
-rw-r--r--system/libraries/Form_validation.php6
-rw-r--r--system/libraries/Session/Session.php2
-rw-r--r--system/libraries/Session/Session_driver.php17
-rw-r--r--system/libraries/Session/drivers/Session_database_driver.php26
-rw-r--r--system/libraries/Session/drivers/Session_files_driver.php18
-rw-r--r--system/libraries/Session/drivers/Session_memcached_driver.php19
-rw-r--r--system/libraries/Session/drivers/Session_redis_driver.php18
15 files changed, 127 insertions, 16 deletions
diff --git a/application/config/mimes.php b/application/config/mimes.php
index 017653335..0ec9db0a0 100644
--- a/application/config/mimes.php
+++ b/application/config/mimes.php
@@ -155,7 +155,8 @@ return array(
'ics' => 'text/calendar',
'ical' => 'text/calendar',
'zsh' => 'text/x-scriptzsh',
- '7zip' => array('application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
+ '7z' => array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
+ '7zip' => array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'),
'cdr' => array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'),
'wma' => array('audio/x-ms-wma', 'video/x-ms-asf'),
'jar' => array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'),
diff --git a/application/config/user_agents.php b/application/config/user_agents.php
index 798086b65..b6c85631e 100644
--- a/application/config/user_agents.php
+++ b/application/config/user_agents.php
@@ -61,7 +61,7 @@ $platforms = array(
$browsers = array(
'OPR' => 'Opera',
'Flock' => 'Flock',
- 'Edge' => 'Spartan',
+ 'Edge' => 'Edge',
'Chrome' => 'Chrome',
// Opera 10+ always reports Opera/9.80 and appends Version/<real version> to the user agent string
'Opera.*?Version' => 'Opera',
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 4ad513dd6..7b1dcc2f1 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @var string
*
*/
- const CI_VERSION = '3.1.8';
+ const CI_VERSION = '3.1.9';
/*
* ------------------------------------------------------
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 059849771..f8956f069 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1528,7 +1528,7 @@ abstract class CI_DB_driver {
return 'UPDATE '.$table.' SET '.implode(', ', $valstr)
.$this->_compile_wh('qb_where')
.$this->_compile_order_by()
- .($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');
+ .($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');
}
// --------------------------------------------------------------------
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 8f477e3a1..3d0c329b0 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -970,7 +970,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$v = "'{$v}'";
break;
case 'before':
- $v = "%'{$v}'";
+ $v = "'%{$v}'";
break;
case 'after':
$v = "'{$v}%'";
@@ -987,7 +987,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$v .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
}
- $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE", 'value' => $v, 'escape' => $escape);
+ $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE {$v}", 'value' => NULL, 'escape' => $escape);
$this->qb_where[] = $qb_where;
if ($this->qb_caching === TRUE)
{
@@ -2215,7 +2215,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
protected function _delete($table)
{
return 'DELETE FROM '.$table.$this->_compile_wh('qb_where')
- .($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');
+ .($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');
}
// --------------------------------------------------------------------
@@ -2365,7 +2365,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
.$this->_compile_order_by(); // ORDER BY
// LIMIT
- if ($this->qb_limit OR $this->qb_offset)
+ if ($this->qb_limit !== FALSE OR $this->qb_offset)
{
return $this->_limit($sql."\n");
}
diff --git a/system/helpers/html_helper.php b/system/helpers/html_helper.php
index 5cec4597b..260afe9a2 100644
--- a/system/helpers/html_helper.php
+++ b/system/helpers/html_helper.php
@@ -200,7 +200,7 @@ if ( ! function_exists('img'))
}
else
{
- $img .= ' src="'.get_instance()->config->slash_item('base_url').$v.'"';
+ $img .= ' src="'.get_instance()->config->base_url($v).'"';
}
}
else
@@ -292,7 +292,7 @@ if ( ! function_exists('link_tag'))
}
else
{
- $link .= 'href="'.$CI->config->slash_item('base_url').$v.'" ';
+ $link .= 'href="'.$CI->config->base_url($v).'" ';
}
}
else
@@ -313,7 +313,7 @@ if ( ! function_exists('link_tag'))
}
else
{
- $link .= 'href="'.$CI->config->slash_item('base_url').$href.'" ';
+ $link .= 'href="'.$CI->config->base_url($href).'" ';
}
$link .= 'rel="'.$rel.'" type="'.$type.'" ';
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index 0359ac92c..a22c4c215 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -396,7 +396,7 @@ if ( ! function_exists('auto_link'))
if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
{
// Set our target HTML if using popup links.
- $target = ($popup) ? ' target="_blank"' : '';
+ $target = ($popup) ? ' target="_blank" rel="noopener"' : '';
// We process the links in reverse order (last -> first) so that
// the returned string offsets from preg_match_all() are not
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index a53e7e72a..cd74d6da1 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -1038,7 +1038,11 @@ class CI_Email {
$domain = defined('INTL_IDNA_VARIANT_UTS46')
? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46)
: idn_to_ascii($domain);
- $email = $account.'@'.$domain;
+
+ if ($domain !== FALSE)
+ {
+ $email = $account.'@'.$domain;
+ }
}
return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
@@ -1859,7 +1863,11 @@ class CI_Email {
$domain = defined('INTL_IDNA_VARIANT_UTS46')
? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46)
: idn_to_ascii($domain);
- $email = $account.'@'.$domain;
+
+ if ($domain !== FALSE)
+ {
+ $email = $account.'@'.$domain;
+ }
}
return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email));
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 6a97ee599..27187df2c 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1234,7 +1234,11 @@ class CI_Form_validation {
$domain = defined('INTL_IDNA_VARIANT_UTS46')
? idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46)
: idn_to_ascii($matches[2]);
- $str = $matches[1].'@'.$domain;
+
+ if ($domain !== FALSE)
+ {
+ $str = $matches[1].'@'.$domain;
+ }
}
return (bool) filter_var($str, FILTER_VALIDATE_EMAIL);
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 9e762745f..aa1fafb5b 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -604,7 +604,7 @@ class CI_Session {
// ------------------------------------------------------------------------
/**
- * Unmark flash
+ * Unmark temp
*
* @param mixed $key Session data key(s)
* @return void
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index bef5ee41f..2fe30b8a2 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -113,6 +113,23 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
// ------------------------------------------------------------------------
/**
+ * PHP 5.x validate ID
+ *
+ * Enforces session.use_strict_mode on PHP 5.x (7+ does it by itself)
+ *
+ * @return void
+ */
+ public function php5_validate_id()
+ {
+ if (PHP_VERSION_ID < 70000 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']]))
+ {
+ unset($_COOKIE[$this->_config['cookie_name']]);
+ }
+ }
+
+ // ------------------------------------------------------------------------
+
+ /**
* Cookie destroy
*
* Internal method to force removal of a cookie by the client
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index ae7a1b4a1..074accfe7 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -133,6 +133,8 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
return $this->_fail();
}
+ $this->php5_validate_id();
+
return $this->_success;
}
@@ -340,6 +342,30 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
: $this->_fail();
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Validate ID
+ *
+ * Checks whether a session ID record exists server-side,
+ * to enforce session.use_strict_mode.
+ *
+ * @param string $id
+ * @return bool
+ */
+ public function validateId($id)
+ {
+ // Prevent previous QB calls from messing with our queries
+ $this->_db->reset_query();
+
+ $this->_db->select('1')->from($this->_config['save_path'])->where('id', $id);
+ empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ $result = $this->_db->get();
+ empty($result) OR $result = $result->row();
+
+ return ! empty($result);
+ }
+
// ------------------------------------------------------------------------
/**
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
index c6d789aae..654f30010 100644
--- a/system/libraries/Session/drivers/Session_files_driver.php
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -148,6 +148,8 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
.$name // we'll use the session cookie name as a prefix to avoid collisions
.($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : '');
+ $this->php5_validate_id();
+
return $this->_success;
}
@@ -392,6 +394,22 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
// --------------------------------------------------------------------
/**
+ * Validate ID
+ *
+ * Checks whether a session ID record exists server-side,
+ * to enforce session.use_strict_mode.
+ *
+ * @param string $id
+ * @return bool
+ */
+ public function validateId($id)
+ {
+ return is_file($this->_file_path.$id);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Byte-safe strlen()
*
* @param string $str
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index b109738c2..7d8e39022 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -145,6 +145,8 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
return $this->_fail();
}
+ $this->php5_validate_id();
+
return $this->_success;
}
@@ -290,6 +292,23 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
return $this->_success;
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Validate ID
+ *
+ * Checks whether a session ID record exists server-side,
+ * to enforce session.use_strict_mode.
+ *
+ * @param string $id
+ * @return bool
+ */
+ public function validateId($id)
+ {
+ $this->_memcached-get($this->_key_prefix.$id);
+ return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS);
+ }
+
// ------------------------------------------------------------------------
/**
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index 413c30d67..d7a57550a 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -153,6 +153,8 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
return $this->_success;
}
+ $this->php5_validate_id();
+
return $this->_fail();
}
@@ -310,6 +312,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
return $this->_success;
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Validate ID
+ *
+ * Checks whether a session ID record exists server-side,
+ * to enforce session.use_strict_mode.
+ *
+ * @param string $id
+ * @return bool
+ */
+ public function validateId($id)
+ {
+ return (bool) $this->_redis->exists($this->_key_prefix.$id);
+ }
+
// ------------------------------------------------------------------------
/**