diff options
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Input.php | 19 | ||||
-rw-r--r-- | system/core/URI.php | 135 |
2 files changed, 108 insertions, 46 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index 5a227332c..eb2048e58 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -30,7 +30,7 @@ class CI_Input { var $ip_address = FALSE; var $user_agent = FALSE; - var $_allow_get_array = FALSE; + var $_allow_get_array = TRUE; var $_standardize_newlines = TRUE; var $_enable_xss = FALSE; // Set automatically based on config setting var $_enable_csrf = FALSE; // Set automatically based on config setting @@ -49,9 +49,9 @@ class CI_Input { { log_message('debug', "Input Class Initialized"); - $this->_allow_get_array = (config_item('enable_query_strings') === TRUE) ? TRUE : FALSE; - $this->_enable_xss = (config_item('global_xss_filtering') === TRUE) ? TRUE : FALSE; - $this->_enable_csrf = (config_item('csrf_protection') === TRUE) ? TRUE : FALSE; + $this->_allow_get_array = (config_item('allow_get_array') === TRUE); + $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); + $this->_enable_csrf = (config_item('csrf_protection') === TRUE); // Do we need to load the security class? if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE) @@ -216,14 +216,7 @@ class CI_Input { } else { - if ($expire > 0) - { - $expire = time() + $expire; - } - else - { - $expire = 0; - } + $expire = ($expire > 0) ? time() + $expire : 0; } setcookie($prefix.$name, $value, $expire, $path, $domain, 0); @@ -514,7 +507,7 @@ class CI_Input { { if (strpos($str, "\r") !== FALSE) { - $str = str_replace(array("\r\n", "\r"), "\n", $str); + $str = str_replace(array("\r\n", "\r"), PHP_EOL, $str); } } diff --git a/system/core/URI.php b/system/core/URI.php index 5a5a37cc6..479a225fb 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -61,13 +61,17 @@ class CI_URI { { if (strtoupper($this->config->item('uri_protocol')) == 'AUTO') { - // If the URL has a question mark then it's simplest to just - // build the URI string from the zero index of the $_GET array. - // This avoids having to deal with $_SERVER variables, which - // can be unreliable in some environments - if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') + // Let's try the REQUEST_URI first, this will work in most situations + if ($uri = $this->_get_request_uri()) { - $this->uri_string = key($_GET); + $this->uri_string = $this->_parse_request_uri($uri); + return; + } + + // Arguments exist, it must be a command line request + if ( ! empty($_SERVER['argv'])) + { + $this->uri_string = $this->_parse_cli_args(); return; } @@ -88,12 +92,10 @@ class CI_URI { return; } - // No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists? - $path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO')); - if (trim($path, '/') != '' && $path != "/".SELF) + // As a last ditch effort lets try using the $_GET array + if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') { - // remove path and script information so we have good URI data - $this->uri_string = $path; + $this->uri_string = key($_GET); return; } @@ -106,7 +108,12 @@ class CI_URI { if ($uri == 'REQUEST_URI') { - $this->uri_string = $this->_parse_request_uri(); + $this->uri_string = $this->_parse_request_uri($this->_get_request_uri()); + return; + } + elseif ($uri == 'CLI') + { + $this->uri_string = $this->_parse_cli_args(); return; } @@ -123,39 +130,73 @@ class CI_URI { // -------------------------------------------------------------------- /** - * Parse the REQUEST_URI + * Get REQUEST_URI * - * Due to the way REQUEST_URI works it usually contains path info - * that makes it unusable as URI data. We'll trim off the unnecessary - * data, hopefully arriving at a valid URI that we can use. + * Retrieves the REQUEST_URI, or equivelent for IIS. * * @access private * @return string */ - function _parse_request_uri() + function _get_request_uri() { - if ( ! isset($_SERVER['REQUEST_URI']) OR $_SERVER['REQUEST_URI'] == '') + $uri = FALSE; + + // Let's check for standard servers first + if (isset($_SERVER['REQUEST_URI'])) { - return ''; + $uri = $_SERVER['REQUEST_URI']; + if (strpos($uri, $_SERVER['SERVER_NAME']) !== FALSE) + { + $uri = preg_replace('/^\w+:\/\/[^\/]+/', '', $uri); + } } - $request_uri = preg_replace("|/(.*)|", "\\1", str_replace("\\", "/", $_SERVER['REQUEST_URI'])); + // Now lets check for IIS + elseif (isset($_SERVER['HTTP_X_REWRITE_URL'])) + { + $uri = $_SERVER['HTTP_X_REWRITE_URL']; + } - if ($request_uri == '' OR $request_uri == SELF) + // Last ditch effort (for older CGI servers, like IIS 5) + elseif (isset($_SERVER['ORIG_PATH_INFO'])) { - return ''; + $uri = $_SERVER['ORIG_PATH_INFO']; + if ( ! empty($_SERVER['QUERY_STRING'])) + { + $uri .= '?' . $_SERVER['QUERY_STRING']; + } } - $fc_path = FCPATH.SELF; - if (strpos($request_uri, '?') !== FALSE) + return $uri; + } + + // -------------------------------------------------------------------- + + /** + * Parse REQUEST_URI + * + * Due to the way REQUEST_URI works it usually contains path info + * that makes it unusable as URI data. We'll trim off the unnecessary + * data, hopefully arriving at a valid URI that we can use. + * + * @access private + * @param string + * @return string + */ + private function _parse_request_uri($uri) + { + // Some server's require URL's like index.php?/whatever If that is the case, + // then we need to add that to our parsing. + $fc_path = ltrim(FCPATH . SELF, '/'); + if (strpos($uri, SELF . '?') !== FALSE) { $fc_path .= '?'; } - $parsed_uri = explode("/", $request_uri); + $parsed_uri = explode('/', ltrim($uri, '/')); $i = 0; - foreach(explode("/", $fc_path) as $segment) + foreach (explode("/", $fc_path) as $segment) { if (isset($parsed_uri[$i]) && $segment == $parsed_uri[$i]) { @@ -163,14 +204,42 @@ class CI_URI { } } - $parsed_uri = implode("/", array_slice($parsed_uri, $i)); + $uri = implode("/", array_slice($parsed_uri, $i)); - if ($parsed_uri != '') + // Let's take off any query string and re-assign $_SERVER['QUERY_STRING'] and $_GET. + // This is only needed on some servers. However, we are forced to use it to accomodate + // them. + if (($qs_pos = strpos($uri, '?')) !== FALSE) { - $parsed_uri = '/'.$parsed_uri; + $_SERVER['QUERY_STRING'] = substr($uri, $qs_pos + 1); + parse_str($_SERVER['QUERY_STRING'], $_GET); + $uri = substr($uri, 0, $qs_pos); } - return $parsed_uri; + // If it is just a / or index.php then just empty it. + if ($uri == '/' OR $uri == SELF) + { + $uri = ''; + } + + return $uri; + } + + // -------------------------------------------------------------------- + + /** + * Parse cli arguments + * + * Take each command line argument and assume it is a URI segment. + * + * @access private + * @return string + */ + private function _parse_cli_args() + { + $args = array_slice($_SERVER['argv'], 1); + + return $args ? '/' . implode('/', $args) : ''; } // -------------------------------------------------------------------- @@ -228,7 +297,7 @@ class CI_URI { */ function _explode_segments() { - foreach(explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val) + foreach (explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val) { // Filter segments for security $val = trim($this->_filter_uri($val)); @@ -484,7 +553,7 @@ class CI_URI { { $leading = '/'; $trailing = '/'; - + if ($where == 'trailing') { $leading = ''; @@ -493,7 +562,7 @@ class CI_URI { { $trailing = ''; } - + return $leading.$this->$which($n).$trailing; } |