diff options
| -rw-r--r-- | system/core/Common.php | 15 | ||||
| -rw-r--r-- | system/libraries/Email.php | 2 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 2 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 2 |
4 files changed, 18 insertions, 3 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index cad340f33..cb087cb22 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -346,7 +346,20 @@ if ( ! function_exists('is_https')) */ function is_https() { - return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on'); + if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on') + { + return TRUE; + } + elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') + { + return TRUE; + } + elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] === 'on') + { + return TRUE; + } + + return FALSE; } } diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 0c83a8ba9..11ee29041 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -739,7 +739,7 @@ class CI_Email { */ public function set_header($header, $value) { - $this->_headers[$header] = $value; + $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value); } // -------------------------------------------------------------------- diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 1ed50844c..40ba01202 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1405,7 +1405,7 @@ class CI_Form_validation { */ public function valid_base64($str) { - return ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str); + return (base64_encode(base64_decode($str)) === $str); } // -------------------------------------------------------------------- diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 44ae52492..b60580919 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -265,6 +265,7 @@ Release Date: Not Released - Internal method ``_prep_q_encoding()`` now utilizes PHP's *mbstring* and *iconv* extensions (when available) and no longer has a second (``$from``) argument. - Added an optional parameter to ``print_debugger()`` to allow specifying which parts of the message should be printed ('headers', 'subject', 'body'). - Added SMTP keepalive option to avoid opening the connection for each ``Email::send()``. Accessible as ``$smtp_keepalive``. + - Public method ``set_header()`` now filters the input by removing all "\\r" and "\\n" characters. - :doc:`Pagination Library <libraries/pagination>` changes include: - Added support for the anchor "rel" attribute. - Added support for setting custom attributes. @@ -499,6 +500,7 @@ Bug fixes for 3.0 - Fixed a bug (#77) - :doc:`Database Class <database/index>` didn't properly handle the transaction "test mode" flag. - Fixed a bug (#2380) - :doc:`URI Routing <general/routing>` method ``fetch_method()`` returned 'index' if the requested method name matches its controller name. - Fixed a bug (#2388) - :doc:`Email Library <libraries/email>` used to ignore attachment errors, resulting in broken emails being sent. +- Fixed a bug (#2498) - :doc:`Form Validation Library <libraries/form_validation>` rule **valid_base64** only checked characters instead of actual validity. Version 2.1.3 ============= |