diff options
| -rw-r--r-- | application/config/config.php | 10 | ||||
| -rw-r--r-- | system/core/Input.php | 10 | ||||
| -rw-r--r-- | system/helpers/array_helper.php | 1 | ||||
| -rw-r--r-- | system/libraries/Security.php | 3 | ||||
| -rw-r--r-- | system/libraries/Session.php | 4 | ||||
| -rw-r--r-- | system/libraries/Table.php | 3 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 3 | ||||
| -rw-r--r-- | user_guide/changelog.html | 5 | ||||
| -rw-r--r-- | user_guide/libraries/javascript.html | 6 |
9 files changed, 33 insertions, 12 deletions
diff --git a/application/config/config.php b/application/config/config.php index dc029a94b..1ec65435e 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -262,11 +262,13 @@ $config['sess_time_to_update'] = 300; | 'cookie_prefix' = Set a prefix if you need to avoid collisions | 'cookie_domain' = Set to .your-domain.com for site-wide cookies | 'cookie_path' = Typically will be a forward slash +| 'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists. | */ -$config['cookie_prefix'] = ''; -$config['cookie_domain'] = ''; -$config['cookie_path'] = '/'; +$config['cookie_prefix'] = ""; +$config['cookie_domain'] = ""; +$config['cookie_path'] = "/"; +$config['cookie_secure'] = FALSE; /* |-------------------------------------------------------------------------- @@ -357,4 +359,4 @@ $config['proxy_ips'] = ''; /* End of file config.php */ -/* Location: ./application/config/config.php */
\ No newline at end of file +/* Location: ./application/config/config.php */ diff --git a/system/core/Input.php b/system/core/Input.php index 3957aa63d..25fe102b5 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -211,7 +211,7 @@ class CI_Input { * @param bool true makes the cookie secure * @return void */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL) { if (is_array($name)) { @@ -246,6 +246,12 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } + // If TRUE/FALSE is not provided, use the config + if ( ! is_bool($secure)) + { + $secure = (bool) (config_item('cookie_secure') === TRUE); + } + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); } @@ -676,4 +682,4 @@ class CI_Input { // END Input class /* End of file Input.php */ -/* Location: ./system/core/Input.php */
\ No newline at end of file +/* Location: ./system/core/Input.php */ diff --git a/system/helpers/array_helper.php b/system/helpers/array_helper.php index 6b2415df2..075a31fdf 100644 --- a/system/helpers/array_helper.php +++ b/system/helpers/array_helper.php @@ -69,6 +69,7 @@ if ( ! function_exists('random_element')) { return $array; } + return $array[array_rand($array)]; } } diff --git a/system/libraries/Security.php b/system/libraries/Security.php index 91896866f..58db4e79c 100644 --- a/system/libraries/Security.php +++ b/system/libraries/Security.php @@ -117,8 +117,9 @@ class CI_Security { public function csrf_set_cookie() { $expire = time() + $this->csrf_expire; + $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; - setcookie($this->csrf_cookie_name, $this->csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), 0); + setcookie($this->csrf_cookie_name, $this->csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); log_message('debug', "CRSF cookie Set"); } diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 53ff4f5d3..0b94340d5 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -658,6 +658,8 @@ class CI_Session { } $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time(); + + $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; // Set the cookie setcookie( @@ -666,7 +668,7 @@ class CI_Session { $expire, $this->cookie_path, $this->cookie_domain, - 0 + $secure_cookie ); } diff --git a/system/libraries/Table.php b/system/libraries/Table.php index 2a1a95b16..def696776 100644 --- a/system/libraries/Table.php +++ b/system/libraries/Table.php @@ -367,6 +367,9 @@ class CI_Table { $out .= $this->template['table_close']; + // Clear table class properties before generating the table + $this->clear(); + return $out; } diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index c8c42d885..e15ea1b5d 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -142,7 +142,8 @@ class CI_Upload { */ public function do_upload($field = 'userfile') { - // Is $_FILES[$field] set? If not, no reason to continue. + + // Is $_FILES[$field] set? If not, no reason to continue. if ( ! isset($_FILES[$field])) { $this->set_error('upload_no_file_selected'); diff --git a/user_guide/changelog.html b/user_guide/changelog.html index ab825c8d8..d759686e9 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -64,6 +64,11 @@ Change Log Hg Tag: n/a</p> <ul> + <li>General changes + <ul> + <li>Added <kbd>$config['cookie_secure']</kbd> to the config file to allow requiring a secure (HTTPS) in order to set cookies.</li> + </ul> + </li> <li>Libraries <ul> <li class="reactor">Added <kbd>decimal</kbd>, <kbd>less_than</kbd> and <kbd>greater_than</kbd> rules to the <a href="libraries/form_validation.html">Form validation Class</a>.</li> diff --git a/user_guide/libraries/javascript.html b/user_guide/libraries/javascript.html index 18b7181b0..4cd751f09 100644 --- a/user_guide/libraries/javascript.html +++ b/user_guide/libraries/javascript.html @@ -2,7 +2,7 @@ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> -<title>JavaScript Driver : CodeIgniter User Guide</title> +<title>CodeIgniter User Guide : JavaScript Class</title> <style type='text/css' media='all'>@import url('../userguide.css');</style> <link rel='stylesheet' type='text/css' media='all' href='../userguide.css' /> @@ -58,7 +58,7 @@ JavaScript Driver <p class="important"><strong>Note:</strong> This driver is experimental. Its feature set and implementation may change in future releases.</p><br> -<h1>Javascript Driver</h1> +<h1>Javascript Class</h1> <p>CodeIgniter provides a library to help you with certain common functions that you may want to use with Javascript. Please note that CodeIgniter does not require the jQuery library to run, and that any scripting library will work equally well. The jQuery library is simply presented as a convenience if you choose to use it.</p> <h2>Initializing the Class</h2> <p>To initialize the Javascript class manually in your controller constructor, use the <dfn>$this->load->library</dfn> function. Currently, the only available library is jQuery, which will automatically be loaded like this:</p> @@ -244,4 +244,4 @@ Next Topic: <a href="language.html">Language Class</a></p> </div> </body> -</html>
\ No newline at end of file +</html> |