diff options
Diffstat (limited to 'system/core/CodeIgniter.php')
| -rw-r--r-- | system/core/CodeIgniter.php | 103 |
1 files changed, 35 insertions, 68 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index ddf322749..8eed52eb7 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2015, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -28,10 +28,10 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License - * @link http://codeigniter.com + * @link https://codeigniter.com * @since Version 1.0.0 * @filesource */ @@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @subpackage CodeIgniter * @category Front-controller * @author EllisLab Dev Team - * @link http://codeigniter.com/user_guide/ + * @link https://codeigniter.com/user_guide/ */ /** @@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @var string * */ - define('CI_VERSION', '3.0.1-dev'); + const CI_VERSION = '3.2.0-dev'; /* * ------------------------------------------------------ @@ -67,7 +67,10 @@ defined('BASEPATH') OR exit('No direct script access allowed'); require_once(APPPATH.'config/'.ENVIRONMENT.'/constants.php'); } - require_once(APPPATH.'config/constants.php'); + if (file_exists(APPPATH.'config/constants.php')) + { + require_once(APPPATH.'config/constants.php'); + } /* * ------------------------------------------------------ @@ -76,57 +79,6 @@ defined('BASEPATH') OR exit('No direct script access allowed'); */ require_once(BASEPATH.'core/Common.php'); - -/* - * ------------------------------------------------------ - * Security procedures - * ------------------------------------------------------ - */ - -if ( ! is_php('5.4')) -{ - ini_set('magic_quotes_runtime', 0); - - if ((bool) ini_get('register_globals')) - { - $_protected = array( - '_SERVER', - '_GET', - '_POST', - '_FILES', - '_REQUEST', - '_SESSION', - '_ENV', - '_COOKIE', - 'GLOBALS', - 'HTTP_RAW_POST_DATA', - 'system_path', - 'application_folder', - 'view_folder', - '_protected', - '_registered' - ); - - $_registered = ini_get('variables_order'); - foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal) - { - if (strpos($_registered, $key) === FALSE) - { - continue; - } - - foreach (array_keys($$superglobal) as $var) - { - if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE)) - { - $GLOBALS[$var] = NULL; - } - } - } - } -} - - /* * ------------------------------------------------------ * Define a custom error handler so we can log PHP errors @@ -291,14 +243,14 @@ if ( ! is_php('5.4')) * Instantiate the UTF-8 class * ------------------------------------------------------ */ - $UNI =& load_class('Utf8', 'core'); + $UNI =& load_class('Utf8', 'core', $charset); /* * ------------------------------------------------------ * Instantiate the URI class * ------------------------------------------------------ */ - $URI =& load_class('URI', 'core'); + $URI =& load_class('URI', 'core', $CFG); /* * ------------------------------------------------------ @@ -329,14 +281,14 @@ if ( ! is_php('5.4')) * Load the security class for xss and csrf support * ----------------------------------------------------- */ - $SEC =& load_class('Security', 'core'); + $SEC =& load_class('Security', 'core', $charset); /* * ------------------------------------------------------ * Load the Input class and sanitize globals * ------------------------------------------------------ */ - $IN =& load_class('Input', 'core'); + $IN =& load_class('Input', 'core', $SEC); /* * ------------------------------------------------------ @@ -359,7 +311,7 @@ if ( ! is_php('5.4')) * * Returns current CI instance object * - * @return object + * @return CI_Controller */ function &get_instance() { @@ -416,14 +368,29 @@ if ( ! is_php('5.4')) $params = array($method, array_slice($URI->rsegments, 2)); $method = '_remap'; } - // WARNING: It appears that there are issues with is_callable() even in PHP 5.2! - // Furthermore, there are bug reports and feature/change requests related to it - // that make it unreliable to use in this context. Please, DO NOT change this - // work-around until a better alternative is available. - elseif ( ! in_array(strtolower($method), array_map('strtolower', get_class_methods($class)), TRUE)) + elseif ( ! method_exists($class, $method)) { $e404 = TRUE; } + /** + * DO NOT CHANGE THIS, NOTHING ELSE WORKS! + * + * - method_exists() returns true for non-public methods, which passes the previous elseif + * - is_callable() returns false for PHP 4-style constructors, even if there's a __construct() + * - method_exists($class, '__construct') won't work because CI_Controller::__construct() is inherited + * - People will only complain if this doesn't work, even though it is documented that it shouldn't. + * + * ReflectionMethod::isConstructor() is the ONLY reliable check, + * knowing which method will be executed as a constructor. + */ + elseif ( ! is_callable(array($class, $method)) && strcasecmp($class, $method) === 0) + { + $reflection = new ReflectionMethod($class, $method); + if ( ! $reflection->isPublic() OR $reflection->isConstructor()) + { + $e404 = TRUE; + } + } } if ($e404) |