diff options
-rw-r--r-- | application/config/mimes.php | 3 | ||||
-rw-r--r-- | application/config/user_agents.php | 2 | ||||
-rw-r--r-- | system/core/CodeIgniter.php | 2 | ||||
-rw-r--r-- | system/database/DB_driver.php | 2 | ||||
-rw-r--r-- | system/database/DB_query_builder.php | 8 | ||||
-rw-r--r-- | system/helpers/html_helper.php | 6 | ||||
-rw-r--r-- | system/helpers/url_helper.php | 2 | ||||
-rw-r--r-- | system/libraries/Email.php | 12 | ||||
-rw-r--r-- | system/libraries/Form_validation.php | 6 | ||||
-rw-r--r-- | system/libraries/Session/Session.php | 2 | ||||
-rw-r--r-- | system/libraries/Session/Session_driver.php | 17 | ||||
-rw-r--r-- | system/libraries/Session/drivers/Session_database_driver.php | 26 | ||||
-rw-r--r-- | system/libraries/Session/drivers/Session_files_driver.php | 18 | ||||
-rw-r--r-- | system/libraries/Session/drivers/Session_memcached_driver.php | 19 | ||||
-rw-r--r-- | system/libraries/Session/drivers/Session_redis_driver.php | 18 |
15 files changed, 127 insertions, 16 deletions
diff --git a/application/config/mimes.php b/application/config/mimes.php index 017653335..0ec9db0a0 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -155,7 +155,8 @@ return array( 'ics' => 'text/calendar', 'ical' => 'text/calendar', 'zsh' => 'text/x-scriptzsh', - '7zip' => array('application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'), + '7z' => array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'), + '7zip' => array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'), 'cdr' => array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'), 'wma' => array('audio/x-ms-wma', 'video/x-ms-asf'), 'jar' => array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'), diff --git a/application/config/user_agents.php b/application/config/user_agents.php index 798086b65..b6c85631e 100644 --- a/application/config/user_agents.php +++ b/application/config/user_agents.php @@ -61,7 +61,7 @@ $platforms = array( $browsers = array( 'OPR' => 'Opera', 'Flock' => 'Flock', - 'Edge' => 'Spartan', + 'Edge' => 'Edge', 'Chrome' => 'Chrome', // Opera 10+ always reports Opera/9.80 and appends Version/<real version> to the user agent string 'Opera.*?Version' => 'Opera', diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 4ad513dd6..7b1dcc2f1 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @var string * */ - const CI_VERSION = '3.1.8'; + const CI_VERSION = '3.1.9'; /* * ------------------------------------------------------ diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 059849771..f8956f069 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1528,7 +1528,7 @@ abstract class CI_DB_driver { return 'UPDATE '.$table.' SET '.implode(', ', $valstr) .$this->_compile_wh('qb_where') .$this->_compile_order_by() - .($this->qb_limit ? ' LIMIT '.$this->qb_limit : ''); + .($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : ''); } // -------------------------------------------------------------------- diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 8f477e3a1..3d0c329b0 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -970,7 +970,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $v = "'{$v}'"; break; case 'before': - $v = "%'{$v}'"; + $v = "'%{$v}'"; break; case 'after': $v = "'{$v}%'"; @@ -987,7 +987,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $v .= sprintf($this->_like_escape_str, $this->_like_escape_chr); } - $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE", 'value' => $v, 'escape' => $escape); + $qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE {$v}", 'value' => NULL, 'escape' => $escape); $this->qb_where[] = $qb_where; if ($this->qb_caching === TRUE) { @@ -2215,7 +2215,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { protected function _delete($table) { return 'DELETE FROM '.$table.$this->_compile_wh('qb_where') - .($this->qb_limit ? ' LIMIT '.$this->qb_limit : ''); + .($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : ''); } // -------------------------------------------------------------------- @@ -2365,7 +2365,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { .$this->_compile_order_by(); // ORDER BY // LIMIT - if ($this->qb_limit OR $this->qb_offset) + if ($this->qb_limit !== FALSE OR $this->qb_offset) { return $this->_limit($sql."\n"); } diff --git a/system/helpers/html_helper.php b/system/helpers/html_helper.php index 5cec4597b..260afe9a2 100644 --- a/system/helpers/html_helper.php +++ b/system/helpers/html_helper.php @@ -200,7 +200,7 @@ if ( ! function_exists('img')) } else { - $img .= ' src="'.get_instance()->config->slash_item('base_url').$v.'"'; + $img .= ' src="'.get_instance()->config->base_url($v).'"'; } } else @@ -292,7 +292,7 @@ if ( ! function_exists('link_tag')) } else { - $link .= 'href="'.$CI->config->slash_item('base_url').$v.'" '; + $link .= 'href="'.$CI->config->base_url($v).'" '; } } else @@ -313,7 +313,7 @@ if ( ! function_exists('link_tag')) } else { - $link .= 'href="'.$CI->config->slash_item('base_url').$href.'" '; + $link .= 'href="'.$CI->config->base_url($href).'" '; } $link .= 'rel="'.$rel.'" type="'.$type.'" '; diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 0359ac92c..a22c4c215 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -396,7 +396,7 @@ if ( ! function_exists('auto_link')) if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER)) { // Set our target HTML if using popup links. - $target = ($popup) ? ' target="_blank"' : ''; + $target = ($popup) ? ' target="_blank" rel="noopener"' : ''; // We process the links in reverse order (last -> first) so that // the returned string offsets from preg_match_all() are not diff --git a/system/libraries/Email.php b/system/libraries/Email.php index a53e7e72a..cd74d6da1 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1038,7 +1038,11 @@ class CI_Email { $domain = defined('INTL_IDNA_VARIANT_UTS46') ? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46) : idn_to_ascii($domain); - $email = $account.'@'.$domain; + + if ($domain !== FALSE) + { + $email = $account.'@'.$domain; + } } return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); @@ -1859,7 +1863,11 @@ class CI_Email { $domain = defined('INTL_IDNA_VARIANT_UTS46') ? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46) : idn_to_ascii($domain); - $email = $account.'@'.$domain; + + if ($domain !== FALSE) + { + $email = $account.'@'.$domain; + } } return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email)); diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 6a97ee599..27187df2c 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1234,7 +1234,11 @@ class CI_Form_validation { $domain = defined('INTL_IDNA_VARIANT_UTS46') ? idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46) : idn_to_ascii($matches[2]); - $str = $matches[1].'@'.$domain; + + if ($domain !== FALSE) + { + $str = $matches[1].'@'.$domain; + } } return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 9e762745f..aa1fafb5b 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -604,7 +604,7 @@ class CI_Session { // ------------------------------------------------------------------------ /** - * Unmark flash + * Unmark temp * * @param mixed $key Session data key(s) * @return void diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index bef5ee41f..2fe30b8a2 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -113,6 +113,23 @@ abstract class CI_Session_driver implements SessionHandlerInterface { // ------------------------------------------------------------------------ /** + * PHP 5.x validate ID + * + * Enforces session.use_strict_mode on PHP 5.x (7+ does it by itself) + * + * @return void + */ + public function php5_validate_id() + { + if (PHP_VERSION_ID < 70000 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']])) + { + unset($_COOKIE[$this->_config['cookie_name']]); + } + } + + // ------------------------------------------------------------------------ + + /** * Cookie destroy * * Internal method to force removal of a cookie by the client diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index ae7a1b4a1..074accfe7 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -133,6 +133,8 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan return $this->_fail(); } + $this->php5_validate_id(); + return $this->_success; } @@ -340,6 +342,30 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan : $this->_fail(); } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + + $this->_db->select('1')->from($this->_config['save_path'])->where('id', $id); + empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); + $result = $this->_db->get(); + empty($result) OR $result = $result->row(); + + return ! empty($result); + } + // ------------------------------------------------------------------------ /** diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index c6d789aae..654f30010 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -148,6 +148,8 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle .$name // we'll use the session cookie name as a prefix to avoid collisions .($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : ''); + $this->php5_validate_id(); + return $this->_success; } @@ -392,6 +394,22 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle // -------------------------------------------------------------------- /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + return is_file($this->_file_path.$id); + } + + // -------------------------------------------------------------------- + + /** * Byte-safe strlen() * * @param string $str diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index b109738c2..7d8e39022 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -145,6 +145,8 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa return $this->_fail(); } + $this->php5_validate_id(); + return $this->_success; } @@ -290,6 +292,23 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa return $this->_success; } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + $this->_memcached-get($this->_key_prefix.$id); + return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS); + } + // ------------------------------------------------------------------------ /** diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index 413c30d67..d7a57550a 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -153,6 +153,8 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle return $this->_success; } + $this->php5_validate_id(); + return $this->_fail(); } @@ -310,6 +312,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle return $this->_success; } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + return (bool) $this->_redis->exists($this->_key_prefix.$id); + } + // ------------------------------------------------------------------------ /** |