diff options
| -rw-r--r-- | composer.json | 2 | ||||
| -rw-r--r-- | system/libraries/Email.php | 16 | ||||
| -rwxr-xr-x | system/libraries/Session/drivers/Session_native.php | 20 | ||||
| -rw-r--r-- | tests/codeigniter/helpers/captcha_helper_test.php | 10 | ||||
| -rw-r--r-- | tests/codeigniter/helpers/cookie_helper_test.php | 59 | ||||
| -rw-r--r-- | tests/codeigniter/helpers/download_helper_test.php | 10 | ||||
| -rw-r--r-- | tests/codeigniter/helpers/language_helper_test.php | 14 | ||||
| -rw-r--r-- | tests/codeigniter/helpers/security_helper_test.php | 64 | ||||
| -rw-r--r-- | user_guide_src/source/changelog.rst | 1 |
9 files changed, 180 insertions, 16 deletions
diff --git a/composer.json b/composer.json index dc098acc3..7d60020c3 100644 --- a/composer.json +++ b/composer.json @@ -3,6 +3,6 @@ "mikey179/vfsStream": "*" }, "require-dev": { - "EHER/PHPUnit": "*" + "phpunit/phpunit": "*" } }
\ No newline at end of file diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 08057f2f7..5b17edf9b 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -292,16 +292,7 @@ class CI_Email { $this->set_header('To', implode(', ', $to)); } - switch ($this->_get_protocol()) - { - case 'smtp': - $this->_recipients = $to; - break; - case 'sendmail': - case 'mail': - $this->_recipients = implode(', ', $to); - break; - } + $this->_recipients = $to; return $this; } @@ -1408,6 +1399,11 @@ class CI_Email { */ protected function _send_with_mail() { + if (is_array($this->_recipients)) + { + $this->_recipients = implode(', ', $this->_recipients); + } + if ($this->_safe_mode === TRUE) { return mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str); diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php index 6529d4c36..da744f39b 100755 --- a/system/libraries/Session/drivers/Session_native.php +++ b/system/libraries/Session/drivers/Session_native.php @@ -55,7 +55,9 @@ class CI_Session_native extends CI_Session_driver { 'sess_time_to_update', 'cookie_prefix', 'cookie_path', - 'cookie_domain' + 'cookie_domain', + 'cookie_secure', + 'cookie_httponly' ); foreach ($prefs as $key) @@ -82,6 +84,9 @@ class CI_Session_native extends CI_Session_driver { $expire = 7200; $path = '/'; $domain = ''; + $secure = (bool) $config['cookie_secure']; + $http_only = (bool) $config['cookie_httponly']; + if ($config['sess_expiration'] !== FALSE) { // Default to 2 years if expiration is "0" @@ -99,7 +104,8 @@ class CI_Session_native extends CI_Session_driver { // Use specified domain $domain = $config['cookie_domain']; } - session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain); + + session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only); // Start session session_start(); @@ -137,8 +143,12 @@ class CI_Session_native extends CI_Session_driver { if ($config['sess_time_to_update'] && isset($_SESSION['last_activity']) && ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now) { - // Regenerate ID, but don't destroy session - $this->sess_regenerate(FALSE); + // Changing the session ID amidst a series of AJAX calls causes problems + if( ! $this->CI->input->is_ajax_request()) + { + // Regenerate ID, but don't destroy session + $this->sess_regenerate(FALSE); + } } // Set activity time @@ -189,7 +199,7 @@ class CI_Session_native extends CI_Session_driver { { // Clear session cookie $params = session_get_cookie_params(); - setcookie($name, '', time() - 42000, $params['path'], $params['domain']); + setcookie($name, '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']); unset($_COOKIE[$name]); } session_destroy(); diff --git a/tests/codeigniter/helpers/captcha_helper_test.php b/tests/codeigniter/helpers/captcha_helper_test.php new file mode 100644 index 000000000..4fbda2a88f --- /dev/null +++ b/tests/codeigniter/helpers/captcha_helper_test.php @@ -0,0 +1,10 @@ +<?php + +class Captcha_helper_test extends CI_TestCase { + + public function test_create_captcha() + { + $this->markTestIncomplete(); + } + +}
\ No newline at end of file diff --git a/tests/codeigniter/helpers/cookie_helper_test.php b/tests/codeigniter/helpers/cookie_helper_test.php new file mode 100644 index 000000000..3c7c9fd2e --- /dev/null +++ b/tests/codeigniter/helpers/cookie_helper_test.php @@ -0,0 +1,59 @@ +<?php + +class Cookie_helper_test extends CI_TestCase { + + public function set_up() + { + $this->helper('cookie'); + } + + // ------------------------------------------------------------------------ + + function test_set_cookie() + { + /*$input_cls = $this->ci_core_class('input'); + $this->ci_instance_var('input', new $input_cls); + + $this->assertTrue(set_cookie( + 'my_cookie', + 'foobar' + ));*/ + + $this->markTestIncomplete('Need to find a way to overcome a headers already set exception'); + } + + // ------------------------------------------------------------------------ + + function test_get_cookie() + { + $_COOKIE['foo'] = 'bar'; + + $security = new Mock_Core_Security(); + $utf8 = new Mock_Core_Utf8(); + $input_cls = $this->ci_core_class('input'); + $this->ci_instance_var('input', new Mock_Core_Input($security, $utf8)); + + $this->assertEquals('bar', get_cookie('foo', FALSE)); + $this->assertEquals('bar', get_cookie('foo', TRUE)); + + $_COOKIE['bar'] = "Hello, i try to <script>alert('Hack');</script> your site"; + + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", get_cookie('bar', TRUE)); + $this->assertEquals("Hello, i try to <script>alert('Hack');</script> your site", get_cookie('bar', FALSE)); + } + + // ------------------------------------------------------------------------ + + function test_delete_cookie() + { + /*$input_cls = $this->ci_core_class('input'); + $this->ci_instance_var('input', new $input_cls); + + $this->assertTrue(delete_cookie( + 'my_cookie' + ));*/ + + $this->markTestIncomplete('Need to find a way to overcome a headers already set exception'); + } + +}
\ No newline at end of file diff --git a/tests/codeigniter/helpers/download_helper_test.php b/tests/codeigniter/helpers/download_helper_test.php new file mode 100644 index 000000000..b41a8532a --- /dev/null +++ b/tests/codeigniter/helpers/download_helper_test.php @@ -0,0 +1,10 @@ +<?php + +class Download_helper_test extends CI_TestCase { + + public function test_force_download() + { + $this->markTestIncomplete(); + } + +}
\ No newline at end of file diff --git a/tests/codeigniter/helpers/language_helper_test.php b/tests/codeigniter/helpers/language_helper_test.php new file mode 100644 index 000000000..06932b9fd --- /dev/null +++ b/tests/codeigniter/helpers/language_helper_test.php @@ -0,0 +1,14 @@ +<?php + +class Language_helper_test extends CI_TestCase { + + public function test_lang() + { + $this->helper('language'); + $this->ci_instance_var('lang', new Mock_Core_Lang()); + + $this->assertFalse(lang(1)); + $this->assertEquals('<label for="foo"></label>', lang(1, 'foo')); + } + +}
\ No newline at end of file diff --git a/tests/codeigniter/helpers/security_helper_test.php b/tests/codeigniter/helpers/security_helper_test.php new file mode 100644 index 000000000..effd3ec02 --- /dev/null +++ b/tests/codeigniter/helpers/security_helper_test.php @@ -0,0 +1,64 @@ +<?php + +class Security_helper_tests extends CI_TestCase { + + function setUp() + { + $this->helper('security'); + $obj = new stdClass; + $obj->security = new Mock_Core_Security(); + $this->ci_instance($obj); + } + + function test_xss_clean() + { + $this->assertEquals('foo', xss_clean('foo')); + + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", xss_clean("Hello, i try to <script>alert('Hack');</script> your site")); + } + + function test_sanitize_filename() + { + $this->assertEquals('hello.doc', sanitize_filename('hello.doc')); + + $filename = './<!--foo-->'; + $this->assertEquals('foo', sanitize_filename($filename)); + } + + function test_do_hash() + { + $md5 = md5('foo'); + $sha1 = sha1('foo'); + + $algos = hash_algos(); + $algo_results = array(); + foreach ($algos as $k => $v) + { + $algo_results[$v] = hash($v, 'foo'); + } + + $this->assertEquals($sha1, do_hash('foo')); + $this->assertEquals($sha1, do_hash('foo', 'sha1')); + $this->assertEquals($md5, do_hash('foo', 'md5')); + $this->assertEquals($md5, do_hash('foo', 'foobar')); + + // Test each algorithm available to PHP + foreach ($algo_results as $algo => $result) + { + $this->assertEquals($result, do_hash('foo', $algo)); + } + } + + function test_strip_image_tags() + { + $this->assertEquals('http://example.com/spacer.gif', strip_image_tags('http://example.com/spacer.gif')); + + $this->assertEquals('http://example.com/spacer.gif', strip_image_tags('<img src="http://example.com/spacer.gif" alt="Who needs CSS when you have a spacer.gif?" />')); + } + + function test_encode_php_tags() + { + $this->assertEquals('<? echo $foo; ?>', encode_php_tags('<? echo $foo; ?>')); + } + +}
\ No newline at end of file diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 165ff8ca0..de6ceabbe 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -365,6 +365,7 @@ Bug fixes for 3.0 - Fixed a bug (#1709) - :doc:`Email <libraries/email>` headers were broken when using long email subjects and \r\n as CRLF. - Fixed a bug where ``MB_ENABLED`` was only declared if ``UTF8_ENABLED`` was set to TRUE. - Fixed a bug where the :doc:`Session Library <libraries/sessions>` accepted cookies with *last_activity* values being in the future. +- Fixed a bug (#1897) - :doc:`Email Library <library/email>` triggered PHP E_WARNING errors when *mail* protocol used and ``to()`` is never called. Version 2.1.3 ============= |