summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/user_agents.php146
-rw-r--r--application/errors/error_404.php2
-rw-r--r--application/errors/error_db.php2
-rw-r--r--application/errors/error_general.php2
-rwxr-xr-xsystem/core/Security.php21
-rw-r--r--system/database/drivers/interbase/interbase_utility.php2
-rw-r--r--system/libraries/Form_validation.php2
-rw-r--r--system/libraries/Upload.php8
-rw-r--r--system/libraries/User_agent.php24
-rw-r--r--user_guide_src/source/changelog.rst7
10 files changed, 114 insertions, 102 deletions
diff --git a/application/config/user_agents.php b/application/config/user_agents.php
index 60f256e01..76114616b 100644
--- a/application/config/user_agents.php
+++ b/application/config/user_agents.php
@@ -36,7 +36,7 @@
|
*/
-$platforms = array (
+$platforms = array(
'windows nt 6.1' => 'Windows 7',
'windows nt 6.0' => 'Windows Vista',
'windows nt 5.2' => 'Windows 2003',
@@ -51,6 +51,11 @@ $platforms = array (
'windows 95' => 'Windows 95',
'win95' => 'Windows 95',
'windows' => 'Unknown Windows OS',
+ 'android' => 'Android',
+ 'blackberry' => 'BlackBerry',
+ 'iphone' => 'iOS',
+ 'ipad' => 'iOS',
+ 'ipod' => 'iOS',
'os x' => 'Mac OS X',
'ppc mac' => 'Power PC Mac',
'freebsd' => 'FreeBSD',
@@ -117,84 +122,83 @@ $mobiles = array(
// 'motorola' => 'Motorola'
// Phones and Manufacturers
- 'motorola' => "Motorola",
- 'nokia' => "Nokia",
- 'palm' => "Palm",
- 'iphone' => "Apple iPhone",
- 'ipad' => "iPad",
- 'ipod' => "Apple iPod Touch",
- 'sony' => "Sony Ericsson",
- 'ericsson' => "Sony Ericsson",
- 'blackberry' => "BlackBerry",
- 'cocoon' => "O2 Cocoon",
- 'blazer' => "Treo",
- 'lg' => "LG",
- 'amoi' => "Amoi",
- 'xda' => "XDA",
- 'mda' => "MDA",
- 'vario' => "Vario",
- 'htc' => "HTC",
- 'samsung' => "Samsung",
- 'sharp' => "Sharp",
- 'sie-' => "Siemens",
- 'alcatel' => "Alcatel",
- 'benq' => "BenQ",
- 'ipaq' => "HP iPaq",
- 'mot-' => "Motorola",
- 'playstation portable' => "PlayStation Portable",
- 'hiptop' => "Danger Hiptop",
- 'nec-' => "NEC",
- 'panasonic' => "Panasonic",
- 'philips' => "Philips",
- 'sagem' => "Sagem",
- 'sanyo' => "Sanyo",
- 'spv' => "SPV",
- 'zte' => "ZTE",
- 'sendo' => "Sendo",
- 'dsi' => "Nintendo DSi",
- 'ds' => "Nintendo DS",
- 'wii' => "Nintendo Wii",
- '3ds' => "Nintendo 3DS",
- 'open web' => "Open Web",
- 'openweb' => "OpenWeb",
+ 'motorola' => 'Motorola',
+ 'nokia' => 'Nokia',
+ 'palm' => 'Palm',
+ 'iphone' => 'Apple iPhone',
+ 'ipad' => 'iPad',
+ 'ipod' => 'Apple iPod Touch',
+ 'sony' => 'Sony Ericsson',
+ 'ericsson' => 'Sony Ericsson',
+ 'blackberry' => 'BlackBerry',
+ 'cocoon' => 'O2 Cocoon',
+ 'blazer' => 'Treo',
+ 'lg' => 'LG',
+ 'amoi' => 'Amoi',
+ 'xda' => 'XDA',
+ 'mda' => 'MDA',
+ 'vario' => 'Vario',
+ 'htc' => 'HTC',
+ 'samsung' => 'Samsung',
+ 'sharp' => 'Sharp',
+ 'sie-' => 'Siemens',
+ 'alcatel' => 'Alcatel',
+ 'benq' => 'BenQ',
+ 'ipaq' => 'HP iPaq',
+ 'mot-' => 'Motorola',
+ 'playstation portable' => 'PlayStation Portable',
+ 'hiptop' => 'Danger Hiptop',
+ 'nec-' => 'NEC',
+ 'panasonic' => 'Panasonic',
+ 'philips' => 'Philips',
+ 'sagem' => 'Sagem',
+ 'sanyo' => 'Sanyo',
+ 'spv' => 'SPV',
+ 'zte' => 'ZTE',
+ 'sendo' => 'Sendo',
+ 'dsi' => 'Nintendo DSi',
+ 'ds' => 'Nintendo DS',
+ 'wii' => 'Nintendo Wii',
+ '3ds' => 'Nintendo 3DS',
+ 'open web' => 'Open Web',
+ 'openweb' => 'OpenWeb',
// Operating Systems
- 'android' => "Android",
- 'symbian' => "Symbian",
- 'SymbianOS' => "SymbianOS",
- 'elaine' => "Palm",
- 'palm' => "Palm",
- 'series60' => "Symbian S60",
- 'windows ce' => "Windows CE",
+ 'android' => 'Android',
+ 'symbian' => 'Symbian',
+ 'SymbianOS' => 'SymbianOS',
+ 'elaine' => 'Palm',
+ 'series60' => 'Symbian S60',
+ 'windows ce' => 'Windows CE',
// Browsers
- 'obigo' => "Obigo",
- 'netfront' => "Netfront Browser",
- 'openwave' => "Openwave Browser",
- 'mobilexplorer' => "Mobile Explorer",
- 'operamini' => "Opera Mini",
- 'opera mini' => "Opera Mini",
- 'opera mobi' => "Opera Mobile",
+ 'obigo' => 'Obigo',
+ 'netfront' => 'Netfront Browser',
+ 'openwave' => 'Openwave Browser',
+ 'mobilexplorer' => 'Mobile Explorer',
+ 'operamini' => 'Opera Mini',
+ 'opera mini' => 'Opera Mini',
+ 'opera mobi' => 'Opera Mobile',
// Other
- 'digital paths' => "Digital Paths",
- 'avantgo' => "AvantGo",
- 'xiino' => "Xiino",
- 'novarra' => "Novarra Transcoder",
- 'vodafone' => "Vodafone",
- 'docomo' => "NTT DoCoMo",
- 'o2' => "O2",
+ 'digital paths' => 'Digital Paths',
+ 'avantgo' => 'AvantGo',
+ 'xiino' => 'Xiino',
+ 'novarra' => 'Novarra Transcoder',
+ 'vodafone' => 'Vodafone',
+ 'docomo' => 'NTT DoCoMo',
+ 'o2' => 'O2',
// Fallback
- 'mobile' => "Generic Mobile",
- 'wireless' => "Generic Mobile",
- 'j2me' => "Generic Mobile",
- 'midp' => "Generic Mobile",
- 'cldc' => "Generic Mobile",
- 'up.link' => "Generic Mobile",
- 'up.browser' => "Generic Mobile",
- 'smartphone' => "Generic Mobile",
- 'cellphone' => "Generic Mobile"
+ 'mobile' => 'Generic Mobile',
+ 'wireless' => 'Generic Mobile',
+ 'j2me' => 'Generic Mobile',
+ 'midp' => 'Generic Mobile',
+ 'cldc' => 'Generic Mobile',
+ 'up.link' => 'Generic Mobile',
+ 'up.browser' => 'Generic Mobile',
+ 'smartphone' => 'Generic Mobile',
+ 'cellphone' => 'Generic Mobile'
);
// There are hundreds of bots but these are the most common.
diff --git a/application/errors/error_404.php b/application/errors/error_404.php
index 746032956..c19bedfcd 100644
--- a/application/errors/error_404.php
+++ b/application/errors/error_404.php
@@ -72,7 +72,7 @@ code {
#container {
margin: 10px;
border: 1px solid #D0D0D0;
- -webkit-box-shadow: 0 0 8px #D0D0D0;
+ box-shadow: 0 0 8px #D0D0D0;
}
p {
diff --git a/application/errors/error_db.php b/application/errors/error_db.php
index eb3a75260..3b244e094 100644
--- a/application/errors/error_db.php
+++ b/application/errors/error_db.php
@@ -72,7 +72,7 @@ code {
#container {
margin: 10px;
border: 1px solid #D0D0D0;
- -webkit-box-shadow: 0 0 8px #D0D0D0;
+ box-shadow: 0 0 8px #D0D0D0;
}
p {
diff --git a/application/errors/error_general.php b/application/errors/error_general.php
index 59896e1ea..c88afe168 100644
--- a/application/errors/error_general.php
+++ b/application/errors/error_general.php
@@ -72,7 +72,7 @@ code {
#container {
margin: 10px;
border: 1px solid #D0D0D0;
- -webkit-box-shadow: 0 0 8px #D0D0D0;
+ box-shadow: 0 0 8px #D0D0D0;
}
p {
diff --git a/system/core/Security.php b/system/core/Security.php
index 974e2e428..c82b69ff9 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -95,13 +95,14 @@ class CI_Security {
*
* @var array
*/
- protected $_never_allowed_regex = array(
+ protected $_never_allowed_regex = array(
'javascript\s*:',
'expression\s*(\(|&\#40;)', // CSS and IE
'vbscript\s*:', // IE, surprise!
- 'Redirect\s+302'
+ 'Redirect\s+302',
+ "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
);
-
+
/**
* Initialize security class
*/
@@ -365,10 +366,11 @@ class CI_Security {
* These words are compacted back to their correct state.
*/
$words = array(
- 'javascript', 'expression', 'vbscript', 'script',
+ 'javascript', 'expression', 'vbscript', 'script', 'base64',
'applet', 'alert', 'document', 'write', 'cookie', 'window'
);
+
foreach ($words as $word)
{
$word = implode('\s*', str_split($word)).'\s*';
@@ -605,10 +607,11 @@ class CI_Security {
$attribs = array();
// find occurrences of illegal attribute strings without quotes
- preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s]*)/is', $str, $matches, PREG_SET_ORDER);
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
+
$attribs[] = preg_quote($attr[0], '/');
}
@@ -623,7 +626,7 @@ class CI_Security {
// replace illegal attribute strings that are inside an html tag
if (count($attribs) > 0)
{
- $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z\-])('.implode('|', $attribs).')([\s><])([><]*)/i', '<$1$2$4$5', $str, -1, $count);
+ $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count);
}
} while ($count);
@@ -664,7 +667,7 @@ class CI_Security {
protected function _js_link_removal($match)
{
return str_replace($match[1],
- preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+ preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),
@@ -804,7 +807,7 @@ class CI_Security {
foreach ($this->_never_allowed_regex as $regex)
{
- $str = preg_replace('#'.$regex.'#i', '[removed]', $str);
+ $str = preg_replace('#'.$regex.'#is', '[removed]', $str);
}
return $str;
@@ -841,4 +844,4 @@ class CI_Security {
}
/* End of file Security.php */
-/* Location: ./system/core/Security.php */ \ No newline at end of file
+/* Location: ./system/core/Security.php */
diff --git a/system/database/drivers/interbase/interbase_utility.php b/system/database/drivers/interbase/interbase_utility.php
index 1b92af9b6..164211836 100644
--- a/system/database/drivers/interbase/interbase_utility.php
+++ b/system/database/drivers/interbase/interbase_utility.php
@@ -42,7 +42,7 @@ class CI_DB_interbase_utility extends CI_DB_utility {
* @param string $filename
* @return mixed
*/
- protected function backup($filename)
+ protected function _backup($filename)
{
if ($service = ibase_service_attach($this->db->hostname, $this->db->username, $this->db->password))
{
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 5547c6a69..c396580be 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -448,7 +448,7 @@ class CI_Form_validation {
{
$this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']);
}
- elseif ( ! empty($validation_array[$field]))
+ elseif (isset($validation_array[$field]) && $validation_array[$field] !== '')
{
$this->_field_data[$field]['postdata'] = $validation_array[$field];
}
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 8ad67050d..24d4bd4d0 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -725,7 +725,7 @@ class CI_Upload {
public function get_extension($filename)
{
$x = explode('.', $filename);
- return '.'.end($x);
+ return (count($x) !== 1) ? '.'.end($x) : '';
}
// --------------------------------------------------------------------
@@ -850,6 +850,10 @@ class CI_Upload {
{
return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
}
+ else
+ {
+ return FALSE;
+ }
}
if (($data = @file_get_contents($file)) === FALSE)
@@ -1099,4 +1103,4 @@ class CI_Upload {
}
/* End of file Upload.php */
-/* Location: ./system/libraries/Upload.php */ \ No newline at end of file
+/* Location: ./system/libraries/Upload.php */
diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php
index 0ac605fa4..ff596f04b 100644
--- a/system/libraries/User_agent.php
+++ b/system/libraries/User_agent.php
@@ -51,14 +51,14 @@ class CI_User_agent {
* @var bool
*/
public $is_browser = FALSE;
-
+
/**
* Flag for if the user-agent is a robot
*
* @var bool
*/
public $is_robot = FALSE;
-
+
/**
* Flag for if the user-agent is a mobile browser
*
@@ -72,7 +72,7 @@ class CI_User_agent {
* @var array
*/
public $languages = array();
-
+
/**
* Character sets accepted by the current user agent
*
@@ -86,21 +86,21 @@ class CI_User_agent {
* @var array
*/
public $platforms = array();
-
+
/**
* List of browsers to compare against current user agent
*
* @var array
*/
public $browsers = array();
-
+
/**
* List of mobile browsers to compare against current user agent
*
* @var array
*/
public $mobiles = array();
-
+
/**
* List of robots to compare against current user agent
*
@@ -114,28 +114,28 @@ class CI_User_agent {
* @var string
*/
public $platform = '';
-
+
/**
* Current user-agent browser
*
* @var string
*/
public $browser = '';
-
+
/**
* Current user-agent version
*
* @var string
*/
public $version = '';
-
+
/**
* Current user-agent mobile name
*
* @var string
*/
public $mobile = '';
-
+
/**
* Current user-agent robot name
*
@@ -330,7 +330,7 @@ class CI_User_agent {
{
foreach ($this->mobiles as $key => $val)
{
- if (FALSE !== (strpos(strtolower($this->agent), $key)))
+ if (FALSE !== (stripos($this->agent, $key)))
{
$this->is_mobile = TRUE;
$this->mobile = $val;
@@ -604,7 +604,7 @@ class CI_User_agent {
/**
* Test for a particular character set
*
- * @param string $charset
+ * @param string $charset
* @return bool
*/
public function accept_charset($charset = 'utf-8')
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index a70531901..d457a3fbc 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -22,7 +22,7 @@ Release Date: Not Released
- PHP 5.1.6 is no longer supported. CodeIgniter now requires PHP 5.2.4.
- Added an optional backtrace to php-error template.
- Added Android to the list of user agents.
- - Added Windows 7 to the list of user platforms.
+ - Added Windows 7, Android, Blackberry and iOS to the list of user platforms.
- Ability to log certain error types, not all under a threshold.
- Added support for pem, p10, p12, p7a, p7c, p7m, p7r, p7s, crt, crl, der, kdb, rsa, cer, sst, csr Certs to mimes.php.
- Added support for pgp and gpg to mimes.php.
@@ -214,8 +214,9 @@ Bug fixes for 3.0
- Fixed a bug in SQLSRV's delete() method where like() and limit() conditions were ignored.
- Fixed a bug (#1265) - Database connections were always closed, regardless of the 'pconnect' option value.
- Fixed a bug (#128) - :doc:`Language Library <libraries/language>` did not correctly keep track of loaded language files.
-- Fixed a bug (#1242) Added Windows path compatibility to function read_dir of ZIP library
-- Fixed a bug (#1314) sess_destroy() did not destroy userdata.
+- Fixed a bug (#1242) - Added Windows path compatibility to function read_dir of ZIP library
+- Fixed a bug (#1314) - sess_destroy() did not destroy userdata.
+- Fixed a bug (#1349) - get_extension() in the `File Uploading Library <libraries/file_uploading>` returned the original filename when it didn't have an actual extension.
Version 2.1.1
=============