summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Common.php18
-rw-r--r--system/core/Config.php2
-rw-r--r--system/core/Input.php48
-rw-r--r--system/core/Security.php2
4 files changed, 48 insertions, 22 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index 341402c6b..2dd31d3e9 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -330,6 +330,24 @@ if ( ! function_exists('get_mimes'))
// ------------------------------------------------------------------------
+if ( ! function_exists('is_https'))
+{
+ /**
+ * Is HTTPS?
+ *
+ * Determines if the application is accessed via an encrypted
+ * (HTTPS) connection.
+ *
+ * @return bool
+ */
+ function is_https()
+ {
+ return ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off');
+ }
+}
+
+// ------------------------------------------------------------------------
+
if ( ! function_exists('show_error'))
{
/**
diff --git a/system/core/Config.php b/system/core/Config.php
index 8e4f998ef..e78128c76 100644
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -75,7 +75,7 @@ class CI_Config {
{
if (isset($_SERVER['HTTP_HOST']))
{
- $base_url = ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') ? 'https' : 'http';
+ $base_url = is_https() ? 'https' : 'http';
$base_url .= '://'.$_SERVER['HTTP_HOST']
.str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
}
diff --git a/system/core/Input.php b/system/core/Input.php
index 82482f2aa..ec935d531 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -390,31 +390,32 @@ class CI_Input {
}
// Convert the REMOTE_ADDR IP address to binary, if needed
- if ( ! isset($ip, $convert_func))
+ if ( ! isset($ip, $sprintf))
{
if ($separator === ':')
{
// Make sure we're have the "full" IPv6 format
- $ip = str_replace('::', str_repeat(':', 9 - substr_count($this->ip_address, ':')), $this->ip_address);
- $convert_func = is_php('5.3')
- ? function ($value)
- {
- return str_pad(base_convert($value, 16, 2), 16, '0', STR_PAD_LEFT);
- }
- : create_function('$value', 'return str_pad(base_convert($value, 16, 2), 16, "0", STR_PAD_LEFT);');
+ $ip = explode(':',
+ str_replace('::',
+ str_repeat(':', 9 - substr_count($this->ip_address, ':')),
+ $this->ip_address
+ )
+ );
+
+ for ($i = 0; $i < 8; $i++)
+ {
+ $ip[$i] = intval($ip[$i], 16);
+ }
+
+ $sprintf = '%016b%016b%016b%016b%016b%016b%016b%016b';
}
else
{
- $ip = $this->ip_address;
- $convert_func = is_php('5.3')
- ? function ($value)
- {
- return str_pad(decbin($value), 8, '0', STR_PAD_LEFT);
- }
- : create_function('$value', 'return str_pad(decbin($value), 8, "0", STR_PAD_LEFT);');
+ $ip = explode('.', $this->ip_address);
+ $sprintf = '%08b%08b%08b%08b';
}
- $ip = implode(array_map($convert_func, explode($separator, $ip)));
+ $ip = vsprintf($sprintf, $ip);
}
// Split the netmask length off the network address
@@ -423,12 +424,19 @@ class CI_Input {
// Again, an IPv6 address is most likely in a compressed form
if ($separator === ':')
{
- $netaddr = str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr);
+ $netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr));
+ for ($i = 0; $i < 8; $i++)
+ {
+ $netaddr[$i] = intval($netaddr[$i], 16);
+ }
+ }
+ else
+ {
+ $netaddr = explode('.', $netaddr);
}
- // Convert to a binary form and finally compare
- $netaddr = implode(array_map($convert_func, explode($separator, $netaddr)));
- if (strncmp($ip, $netaddr, $masklen) === 0)
+ // Convert to binary and finally compare
+ if (strncmp($ip, vsprintf($sprintf, $netaddr), $masklen) === 0)
{
$this->ip_address = $spoof;
break;
diff --git a/system/core/Security.php b/system/core/Security.php
index b22d2cf19..2fbc5b34c 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -198,7 +198,7 @@ class CI_Security {
$expire = time() + $this->_csrf_expire;
$secure_cookie = (bool) config_item('cookie_secure');
- if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off'))
+ if ($secure_cookie && ! is_https())
{
return FALSE;
}