diff options
Diffstat (limited to 'system/core/Security.php')
| -rw-r--r--[-rwxr-xr-x] | system/core/Security.php | 54 |
1 files changed, 35 insertions, 19 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 71d4b37d7..2bf0f6284 100755..100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -2,26 +2,37 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.2.4 or newer + * An open source application development framework for PHP * - * NOTICE OF LICENSE + * This content is released under the MIT License (MIT) * - * Licensed under the Open Software License version 3.0 + * Copyright (c) 2014 - 2015, British Columbia Institute of Technology * - * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is - * also available through the world wide web at this URL: - * http://opensource.org/licenses/OSL-3.0 - * If you did not receive a copy of the license and are unable to obtain it - * through the world wide web, please send an email to - * licensing@ellislab.com so we can send you a copy immediately. + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: * - * @package CodeIgniter - * @author EllisLab Dev Team + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @package CodeIgniter + * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) - * @link http://codeigniter.com - * @since Version 1.0 + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) + * @license http://opensource.org/licenses/MIT MIT License + * @link http://codeigniter.com + * @since Version 1.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); @@ -633,7 +644,12 @@ class CI_Security { { if ( ! isset($_entities)) { - $_entities = array_map('strtolower', get_html_translation_table(HTML_ENTITIES, $flag, $charset)); + $_entities = array_map( + 'strtolower', + is_php('5.3.4') + ? get_html_translation_table(HTML_ENTITIES, $flag, $charset) + : get_html_translation_table(HTML_ENTITIES, $flag) + ); // If we're not on PHP 5.4+, add the possibly dangerous HTML 5 // entities to the array manually @@ -662,7 +678,7 @@ class CI_Security { // Decode numeric & UTF16 two byte entities $str = html_entity_decode( - preg_replace('/(&#(?:x0*[0-9a-f]{2,5}(?![0-9a-f;]))|(?:0*\d{2,4}(?![0-9;])))/iS', '$1;', $str), + preg_replace('/(&#(?:x0*[0-9a-f]{2,5}(?![0-9a-f;])|(?:0*\d{2,4}(?![0-9;]))))/iS', '$1;', $str), $flag, $charset ); @@ -966,8 +982,8 @@ class CI_Security { // We don't necessarily want to regenerate it with // each page load since a page could contain embedded // sub-pages causing this feature to fail - if (isset($_COOKIE[$this->_csrf_cookie_name]) && - preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1) + if (isset($_COOKIE[$this->_csrf_cookie_name]) && is_string($_COOKIE[$this->_csrf_cookie_name]) + && preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1) { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } |