diff options
-rw-r--r-- | application/config/user_agents.php | 146 | ||||
-rw-r--r-- | application/errors/error_404.php | 2 | ||||
-rw-r--r-- | application/errors/error_db.php | 2 | ||||
-rw-r--r-- | application/errors/error_general.php | 2 | ||||
-rwxr-xr-x | system/core/Security.php | 21 | ||||
-rw-r--r-- | system/database/drivers/interbase/interbase_utility.php | 2 | ||||
-rw-r--r-- | system/libraries/Form_validation.php | 2 | ||||
-rw-r--r-- | system/libraries/Upload.php | 8 | ||||
-rw-r--r-- | system/libraries/User_agent.php | 24 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 7 |
10 files changed, 114 insertions, 102 deletions
diff --git a/application/config/user_agents.php b/application/config/user_agents.php index 60f256e01..76114616b 100644 --- a/application/config/user_agents.php +++ b/application/config/user_agents.php @@ -36,7 +36,7 @@ | */ -$platforms = array ( +$platforms = array( 'windows nt 6.1' => 'Windows 7', 'windows nt 6.0' => 'Windows Vista', 'windows nt 5.2' => 'Windows 2003', @@ -51,6 +51,11 @@ $platforms = array ( 'windows 95' => 'Windows 95', 'win95' => 'Windows 95', 'windows' => 'Unknown Windows OS', + 'android' => 'Android', + 'blackberry' => 'BlackBerry', + 'iphone' => 'iOS', + 'ipad' => 'iOS', + 'ipod' => 'iOS', 'os x' => 'Mac OS X', 'ppc mac' => 'Power PC Mac', 'freebsd' => 'FreeBSD', @@ -117,84 +122,83 @@ $mobiles = array( // 'motorola' => 'Motorola' // Phones and Manufacturers - 'motorola' => "Motorola", - 'nokia' => "Nokia", - 'palm' => "Palm", - 'iphone' => "Apple iPhone", - 'ipad' => "iPad", - 'ipod' => "Apple iPod Touch", - 'sony' => "Sony Ericsson", - 'ericsson' => "Sony Ericsson", - 'blackberry' => "BlackBerry", - 'cocoon' => "O2 Cocoon", - 'blazer' => "Treo", - 'lg' => "LG", - 'amoi' => "Amoi", - 'xda' => "XDA", - 'mda' => "MDA", - 'vario' => "Vario", - 'htc' => "HTC", - 'samsung' => "Samsung", - 'sharp' => "Sharp", - 'sie-' => "Siemens", - 'alcatel' => "Alcatel", - 'benq' => "BenQ", - 'ipaq' => "HP iPaq", - 'mot-' => "Motorola", - 'playstation portable' => "PlayStation Portable", - 'hiptop' => "Danger Hiptop", - 'nec-' => "NEC", - 'panasonic' => "Panasonic", - 'philips' => "Philips", - 'sagem' => "Sagem", - 'sanyo' => "Sanyo", - 'spv' => "SPV", - 'zte' => "ZTE", - 'sendo' => "Sendo", - 'dsi' => "Nintendo DSi", - 'ds' => "Nintendo DS", - 'wii' => "Nintendo Wii", - '3ds' => "Nintendo 3DS", - 'open web' => "Open Web", - 'openweb' => "OpenWeb", + 'motorola' => 'Motorola', + 'nokia' => 'Nokia', + 'palm' => 'Palm', + 'iphone' => 'Apple iPhone', + 'ipad' => 'iPad', + 'ipod' => 'Apple iPod Touch', + 'sony' => 'Sony Ericsson', + 'ericsson' => 'Sony Ericsson', + 'blackberry' => 'BlackBerry', + 'cocoon' => 'O2 Cocoon', + 'blazer' => 'Treo', + 'lg' => 'LG', + 'amoi' => 'Amoi', + 'xda' => 'XDA', + 'mda' => 'MDA', + 'vario' => 'Vario', + 'htc' => 'HTC', + 'samsung' => 'Samsung', + 'sharp' => 'Sharp', + 'sie-' => 'Siemens', + 'alcatel' => 'Alcatel', + 'benq' => 'BenQ', + 'ipaq' => 'HP iPaq', + 'mot-' => 'Motorola', + 'playstation portable' => 'PlayStation Portable', + 'hiptop' => 'Danger Hiptop', + 'nec-' => 'NEC', + 'panasonic' => 'Panasonic', + 'philips' => 'Philips', + 'sagem' => 'Sagem', + 'sanyo' => 'Sanyo', + 'spv' => 'SPV', + 'zte' => 'ZTE', + 'sendo' => 'Sendo', + 'dsi' => 'Nintendo DSi', + 'ds' => 'Nintendo DS', + 'wii' => 'Nintendo Wii', + '3ds' => 'Nintendo 3DS', + 'open web' => 'Open Web', + 'openweb' => 'OpenWeb', // Operating Systems - 'android' => "Android", - 'symbian' => "Symbian", - 'SymbianOS' => "SymbianOS", - 'elaine' => "Palm", - 'palm' => "Palm", - 'series60' => "Symbian S60", - 'windows ce' => "Windows CE", + 'android' => 'Android', + 'symbian' => 'Symbian', + 'SymbianOS' => 'SymbianOS', + 'elaine' => 'Palm', + 'series60' => 'Symbian S60', + 'windows ce' => 'Windows CE', // Browsers - 'obigo' => "Obigo", - 'netfront' => "Netfront Browser", - 'openwave' => "Openwave Browser", - 'mobilexplorer' => "Mobile Explorer", - 'operamini' => "Opera Mini", - 'opera mini' => "Opera Mini", - 'opera mobi' => "Opera Mobile", + 'obigo' => 'Obigo', + 'netfront' => 'Netfront Browser', + 'openwave' => 'Openwave Browser', + 'mobilexplorer' => 'Mobile Explorer', + 'operamini' => 'Opera Mini', + 'opera mini' => 'Opera Mini', + 'opera mobi' => 'Opera Mobile', // Other - 'digital paths' => "Digital Paths", - 'avantgo' => "AvantGo", - 'xiino' => "Xiino", - 'novarra' => "Novarra Transcoder", - 'vodafone' => "Vodafone", - 'docomo' => "NTT DoCoMo", - 'o2' => "O2", + 'digital paths' => 'Digital Paths', + 'avantgo' => 'AvantGo', + 'xiino' => 'Xiino', + 'novarra' => 'Novarra Transcoder', + 'vodafone' => 'Vodafone', + 'docomo' => 'NTT DoCoMo', + 'o2' => 'O2', // Fallback - 'mobile' => "Generic Mobile", - 'wireless' => "Generic Mobile", - 'j2me' => "Generic Mobile", - 'midp' => "Generic Mobile", - 'cldc' => "Generic Mobile", - 'up.link' => "Generic Mobile", - 'up.browser' => "Generic Mobile", - 'smartphone' => "Generic Mobile", - 'cellphone' => "Generic Mobile" + 'mobile' => 'Generic Mobile', + 'wireless' => 'Generic Mobile', + 'j2me' => 'Generic Mobile', + 'midp' => 'Generic Mobile', + 'cldc' => 'Generic Mobile', + 'up.link' => 'Generic Mobile', + 'up.browser' => 'Generic Mobile', + 'smartphone' => 'Generic Mobile', + 'cellphone' => 'Generic Mobile' ); // There are hundreds of bots but these are the most common. diff --git a/application/errors/error_404.php b/application/errors/error_404.php index 746032956..c19bedfcd 100644 --- a/application/errors/error_404.php +++ b/application/errors/error_404.php @@ -72,7 +72,7 @@ code { #container { margin: 10px; border: 1px solid #D0D0D0; - -webkit-box-shadow: 0 0 8px #D0D0D0; + box-shadow: 0 0 8px #D0D0D0; } p { diff --git a/application/errors/error_db.php b/application/errors/error_db.php index eb3a75260..3b244e094 100644 --- a/application/errors/error_db.php +++ b/application/errors/error_db.php @@ -72,7 +72,7 @@ code { #container { margin: 10px; border: 1px solid #D0D0D0; - -webkit-box-shadow: 0 0 8px #D0D0D0; + box-shadow: 0 0 8px #D0D0D0; } p { diff --git a/application/errors/error_general.php b/application/errors/error_general.php index 59896e1ea..c88afe168 100644 --- a/application/errors/error_general.php +++ b/application/errors/error_general.php @@ -72,7 +72,7 @@ code { #container { margin: 10px; border: 1px solid #D0D0D0; - -webkit-box-shadow: 0 0 8px #D0D0D0; + box-shadow: 0 0 8px #D0D0D0; } p { diff --git a/system/core/Security.php b/system/core/Security.php index 974e2e428..c82b69ff9 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -95,13 +95,14 @@ class CI_Security { * * @var array */ - protected $_never_allowed_regex = array( + protected $_never_allowed_regex = array( 'javascript\s*:', 'expression\s*(\(|&\#40;)', // CSS and IE 'vbscript\s*:', // IE, surprise! - 'Redirect\s+302' + 'Redirect\s+302', + "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?" ); - + /** * Initialize security class */ @@ -365,10 +366,11 @@ class CI_Security { * These words are compacted back to their correct state. */ $words = array( - 'javascript', 'expression', 'vbscript', 'script', + 'javascript', 'expression', 'vbscript', 'script', 'base64', 'applet', 'alert', 'document', 'write', 'cookie', 'window' ); + foreach ($words as $word) { $word = implode('\s*', str_split($word)).'\s*'; @@ -605,10 +607,11 @@ class CI_Security { $attribs = array(); // find occurrences of illegal attribute strings without quotes - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s]*)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { + $attribs[] = preg_quote($attr[0], '/'); } @@ -623,7 +626,7 @@ class CI_Security { // replace illegal attribute strings that are inside an html tag if (count($attribs) > 0) { - $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z\-])('.implode('|', $attribs).')([\s><])([><]*)/i', '<$1$2$4$5', $str, -1, $count); + $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count); } } while ($count); @@ -664,7 +667,7 @@ class CI_Security { protected function _js_link_removal($match) { return str_replace($match[1], - preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', + preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), @@ -804,7 +807,7 @@ class CI_Security { foreach ($this->_never_allowed_regex as $regex) { - $str = preg_replace('#'.$regex.'#i', '[removed]', $str); + $str = preg_replace('#'.$regex.'#is', '[removed]', $str); } return $str; @@ -841,4 +844,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */
\ No newline at end of file +/* Location: ./system/core/Security.php */ diff --git a/system/database/drivers/interbase/interbase_utility.php b/system/database/drivers/interbase/interbase_utility.php index 1b92af9b6..164211836 100644 --- a/system/database/drivers/interbase/interbase_utility.php +++ b/system/database/drivers/interbase/interbase_utility.php @@ -42,7 +42,7 @@ class CI_DB_interbase_utility extends CI_DB_utility { * @param string $filename * @return mixed */ - protected function backup($filename) + protected function _backup($filename) { if ($service = ibase_service_attach($this->db->hostname, $this->db->username, $this->db->password)) { diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 5547c6a69..c396580be 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -448,7 +448,7 @@ class CI_Form_validation { { $this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']); } - elseif ( ! empty($validation_array[$field])) + elseif (isset($validation_array[$field]) && $validation_array[$field] !== '') { $this->_field_data[$field]['postdata'] = $validation_array[$field]; } diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 8ad67050d..24d4bd4d0 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -725,7 +725,7 @@ class CI_Upload { public function get_extension($filename) { $x = explode('.', $filename); - return '.'.end($x); + return (count($x) !== 1) ? '.'.end($x) : ''; } // -------------------------------------------------------------------- @@ -850,6 +850,10 @@ class CI_Upload { { return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good } + else + { + return FALSE; + } } if (($data = @file_get_contents($file)) === FALSE) @@ -1099,4 +1103,4 @@ class CI_Upload { } /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */
\ No newline at end of file +/* Location: ./system/libraries/Upload.php */ diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php index 0ac605fa4..ff596f04b 100644 --- a/system/libraries/User_agent.php +++ b/system/libraries/User_agent.php @@ -51,14 +51,14 @@ class CI_User_agent { * @var bool */ public $is_browser = FALSE; - + /** * Flag for if the user-agent is a robot * * @var bool */ public $is_robot = FALSE; - + /** * Flag for if the user-agent is a mobile browser * @@ -72,7 +72,7 @@ class CI_User_agent { * @var array */ public $languages = array(); - + /** * Character sets accepted by the current user agent * @@ -86,21 +86,21 @@ class CI_User_agent { * @var array */ public $platforms = array(); - + /** * List of browsers to compare against current user agent * * @var array */ public $browsers = array(); - + /** * List of mobile browsers to compare against current user agent * * @var array */ public $mobiles = array(); - + /** * List of robots to compare against current user agent * @@ -114,28 +114,28 @@ class CI_User_agent { * @var string */ public $platform = ''; - + /** * Current user-agent browser * * @var string */ public $browser = ''; - + /** * Current user-agent version * * @var string */ public $version = ''; - + /** * Current user-agent mobile name * * @var string */ public $mobile = ''; - + /** * Current user-agent robot name * @@ -330,7 +330,7 @@ class CI_User_agent { { foreach ($this->mobiles as $key => $val) { - if (FALSE !== (strpos(strtolower($this->agent), $key))) + if (FALSE !== (stripos($this->agent, $key))) { $this->is_mobile = TRUE; $this->mobile = $val; @@ -604,7 +604,7 @@ class CI_User_agent { /** * Test for a particular character set * - * @param string $charset + * @param string $charset * @return bool */ public function accept_charset($charset = 'utf-8') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index a70531901..d457a3fbc 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -22,7 +22,7 @@ Release Date: Not Released - PHP 5.1.6 is no longer supported. CodeIgniter now requires PHP 5.2.4. - Added an optional backtrace to php-error template. - Added Android to the list of user agents. - - Added Windows 7 to the list of user platforms. + - Added Windows 7, Android, Blackberry and iOS to the list of user platforms. - Ability to log certain error types, not all under a threshold. - Added support for pem, p10, p12, p7a, p7c, p7m, p7r, p7s, crt, crl, der, kdb, rsa, cer, sst, csr Certs to mimes.php. - Added support for pgp and gpg to mimes.php. @@ -214,8 +214,9 @@ Bug fixes for 3.0 - Fixed a bug in SQLSRV's delete() method where like() and limit() conditions were ignored. - Fixed a bug (#1265) - Database connections were always closed, regardless of the 'pconnect' option value. - Fixed a bug (#128) - :doc:`Language Library <libraries/language>` did not correctly keep track of loaded language files. -- Fixed a bug (#1242) Added Windows path compatibility to function read_dir of ZIP library -- Fixed a bug (#1314) sess_destroy() did not destroy userdata. +- Fixed a bug (#1242) - Added Windows path compatibility to function read_dir of ZIP library +- Fixed a bug (#1314) - sess_destroy() did not destroy userdata. +- Fixed a bug (#1349) - get_extension() in the `File Uploading Library <libraries/file_uploading>` returned the original filename when it didn't have an actual extension. Version 2.1.1 ============= |