diff options
Diffstat (limited to 'system/core')
-rwxr-xr-x | system/core/Benchmark.php | 13 | ||||
-rwxr-xr-x | system/core/CodeIgniter.php | 32 | ||||
-rw-r--r-- | system/core/Common.php | 222 | ||||
-rwxr-xr-x | system/core/Config.php | 6 | ||||
-rw-r--r-- | system/core/Controller.php | 2 | ||||
-rwxr-xr-x | system/core/Exceptions.php | 8 | ||||
-rwxr-xr-x | system/core/Hooks.php | 34 | ||||
-rwxr-xr-x | system/core/Input.php | 130 | ||||
-rwxr-xr-x | system/core/Lang.php | 2 | ||||
-rw-r--r-- | system/core/Loader.php | 76 | ||||
-rwxr-xr-x | system/core/Model.php | 2 | ||||
-rwxr-xr-x | system/core/Output.php | 56 | ||||
-rwxr-xr-x | system/core/Router.php | 34 | ||||
-rwxr-xr-x | system/core/Security.php | 55 | ||||
-rwxr-xr-x | system/core/URI.php | 24 | ||||
-rw-r--r-- | system/core/Utf8.php | 2 |
16 files changed, 358 insertions, 340 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index f4dfd3dab..39027e809 100755 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -61,7 +61,7 @@ class CI_Benchmark { */ public function mark($name) { - $this->marker[$name] = microtime(); + $this->marker[$name] = microtime(TRUE); } // -------------------------------------------------------------------- @@ -93,13 +93,10 @@ class CI_Benchmark { if ( ! isset($this->marker[$point2])) { - $this->marker[$point2] = microtime(); + $this->marker[$point2] = microtime(TRUE); } - list($sm, $ss) = explode(' ', $this->marker[$point1]); - list($em, $es) = explode(' ', $this->marker[$point2]); - - return number_format(($em + $es) - ($sm + $ss), $decimals); + return number_format($this->marker[$point2] - $this->marker[$point1], $decimals); } // -------------------------------------------------------------------- @@ -122,4 +119,4 @@ class CI_Benchmark { } /* End of file Benchmark.php */ -/* Location: ./system/core/Benchmark.php */ +/* Location: ./system/core/Benchmark.php */
\ No newline at end of file diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 7af3c485d..92187fa16 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -133,7 +133,7 @@ * Is there a "pre_system" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('pre_system'); + $EXT->call_hook('pre_system'); /* * ------------------------------------------------------ @@ -194,7 +194,7 @@ * Is there a valid cache file? If so, we're done... * ------------------------------------------------------ */ - if ($EXT->_call_hook('cache_override') === FALSE + if ($EXT->call_hook('cache_override') === FALSE && $OUT->_display_cache($CFG, $URI) == TRUE) { exit; @@ -275,12 +275,12 @@ { $x = explode('/', $RTR->routes['404_override'], 2); $class = $x[0]; - $method = (isset($x[1]) ? $x[1] : 'index'); + $method = isset($x[1]) ? $x[1] : 'index'; if ( ! class_exists($class)) { if ( ! file_exists(APPPATH.'controllers/'.$class.'.php')) { - show_404("{$class}/{$method}"); + show_404($class.'/'.$method); } include_once(APPPATH.'controllers/'.$class.'.php'); @@ -288,7 +288,7 @@ } else { - show_404("{$class}/{$method}"); + show_404($class.'/'.$method); } } @@ -297,7 +297,7 @@ * Is there a "pre_controller" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('pre_controller'); + $EXT->call_hook('pre_controller'); /* * ------------------------------------------------------ @@ -314,7 +314,7 @@ * Is there a "post_controller_constructor" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('post_controller_constructor'); + $EXT->call_hook('post_controller_constructor'); /* * ------------------------------------------------------ @@ -337,12 +337,12 @@ { $x = explode('/', $RTR->routes['404_override'], 2); $class = $x[0]; - $method = (isset($x[1]) ? $x[1] : 'index'); + $method = isset($x[1]) ? $x[1] : 'index'; if ( ! class_exists($class)) { if ( ! file_exists(APPPATH.'controllers/'.$class.'.php')) { - show_404("{$class}/{$method}"); + show_404($class.'/'.$method); } include_once(APPPATH.'controllers/'.$class.'.php'); @@ -352,7 +352,7 @@ } else { - show_404("{$class}/{$method}"); + show_404($class.'/'.$method); } } @@ -369,14 +369,14 @@ * Is there a "post_controller" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('post_controller'); + $EXT->call_hook('post_controller'); /* * ------------------------------------------------------ * Send the final rendered output to the browser * ------------------------------------------------------ */ - if ($EXT->_call_hook('display_override') === FALSE) + if ($EXT->call_hook('display_override') === FALSE) { $OUT->_display(); } @@ -386,17 +386,17 @@ * Is there a "post_system" hook? * ------------------------------------------------------ */ - $EXT->_call_hook('post_system'); + $EXT->call_hook('post_system'); /* * ------------------------------------------------------ * Close the DB connection if one exists * ------------------------------------------------------ */ - if (class_exists('CI_DB') && isset($CI->db)) + if (class_exists('CI_DB') && isset($CI->db) && ! $CI->db->pconnect) { $CI->db->close(); } /* End of file CodeIgniter.php */ -/* Location: ./system/core/CodeIgniter.php */ +/* Location: ./system/core/CodeIgniter.php */
\ No newline at end of file diff --git a/system/core/Common.php b/system/core/Common.php index 2f9c4ff43..aeb784bbe 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Common Functions * @@ -42,21 +40,20 @@ // ------------------------------------------------------------------------ /** -* Determines if the current version of PHP is greater then the supplied value -* -* Since there are a few places where we conditionally test for PHP > 5 -* we'll set a static variable. -* -* @access public -* @param string -* @return bool TRUE if the current version is $version or higher -*/ + * Determines if the current version of PHP is greater then the supplied value + * + * Since there are a few places where we conditionally test for PHP > 5 + * we'll set a static variable. + * + * @param string + * @return bool TRUE if the current version is $version or higher + */ if ( ! function_exists('is_php')) { function is_php($version = '5.0.0') { static $_is_php; - $version = (string)$version; + $version = (string) $version; if ( ! isset($_is_php[$version])) { @@ -76,7 +73,7 @@ if ( ! function_exists('is_php')) * the file, based on the read-only attribute. is_writable() is also unreliable * on Unix servers if safe_mode is on. * - * @access public + * @param string * @return void */ if ( ! function_exists('is_really_writable')) @@ -84,7 +81,7 @@ if ( ! function_exists('is_really_writable')) function is_really_writable($file) { // If we're on a Unix server with safe_mode off we call is_writable - if (DIRECTORY_SEPARATOR === '/' AND @ini_get('safe_mode') == FALSE) + if (DIRECTORY_SEPARATOR === '/' && (bool) @ini_get('safe_mode') === FALSE) { return is_writable($file); } @@ -118,18 +115,17 @@ if ( ! function_exists('is_really_writable')) // ------------------------------------------------------------------------ /** -* Class registry -* -* This function acts as a singleton. If the requested class does not -* exist it is instantiated and set to a static variable. If it has -* previously been instantiated the variable is returned. -* -* @access public -* @param string the class name being requested -* @param string the directory where the class should be found -* @param string the class name prefix -* @return object -*/ + * Class registry + * + * This function acts as a singleton. If the requested class does not + * exist it is instantiated and set to a static variable. If it has + * previously been instantiated the variable is returned. + * + * @param string the class name being requested + * @param string the directory where the class should be found + * @param string the class name prefix + * @return object + */ if ( ! function_exists('load_class')) { function &load_class($class, $directory = 'libraries', $prefix = 'CI_') @@ -177,6 +173,7 @@ if ( ! function_exists('load_class')) { // Note: We use exit() rather then show_error() in order to avoid a // self-referencing loop with the Excptions class + set_status_header(503); exit('Unable to locate the specified class: '.$class.'.php'); } @@ -191,12 +188,12 @@ if ( ! function_exists('load_class')) // -------------------------------------------------------------------- /** -* Keeps track of which libraries have been loaded. This function is -* called by the load_class() function above -* -* @access public -* @return array -*/ + * Keeps track of which libraries have been loaded. This function is + * called by the load_class() function above + * + * @param string + * @return array + */ if ( ! function_exists('is_loaded')) { function &is_loaded($class = '') @@ -215,14 +212,14 @@ if ( ! function_exists('is_loaded')) // ------------------------------------------------------------------------ /** -* Loads the main config.php file -* -* This function lets us grab the config file even if the Config class -* hasn't been instantiated yet -* -* @access private -* @return array -*/ + * Loads the main config.php file + * + * This function lets us grab the config file even if the Config class + * hasn't been instantiated yet + * + * @param array + * @return array + */ if ( ! function_exists('get_config')) { function &get_config($replace = array()) @@ -243,6 +240,7 @@ if ( ! function_exists('get_config')) // Fetch the config file if ( ! file_exists($file_path)) { + set_status_header(503); exit('The configuration file does not exist.'); } @@ -251,6 +249,7 @@ if ( ! function_exists('get_config')) // Does the $config array exist in the file? if ( ! isset($config) OR ! is_array($config)) { + set_status_header(503); exit('Your config file does not appear to be formatted correctly.'); } @@ -273,11 +272,11 @@ if ( ! function_exists('get_config')) // ------------------------------------------------------------------------ /** -* Returns the specified config item -* -* @access public -* @return mixed -*/ + * Returns the specified config item + * + * @param string + * @return mixed + */ if ( ! function_exists('config_item')) { function config_item($item) @@ -302,17 +301,19 @@ if ( ! function_exists('config_item')) // ------------------------------------------------------------------------ /** -* Error Handler -* -* This function lets us invoke the exception class and -* display errors using the standard error template located -* in application/errors/errors.php -* This function will send the error page directly to the -* browser and exit. -* -* @access public -* @return void -*/ + * Error Handler + * + * This function lets us invoke the exception class and + * display errors using the standard error template located + * in application/errors/errors.php + * This function will send the error page directly to the + * browser and exit. + * + * @param string + * @param int + * @param string + * @return void + */ if ( ! function_exists('show_error')) { function show_error($message, $status_code = 500, $heading = 'An Error Was Encountered') @@ -326,15 +327,16 @@ if ( ! function_exists('show_error')) // ------------------------------------------------------------------------ /** -* 404 Page Handler -* -* This function is similar to the show_error() function above -* However, instead of the standard error template it displays -* 404 errors. -* -* @access public -* @return void -*/ + * 404 Page Handler + * + * This function is similar to the show_error() function above + * However, instead of the standard error template it displays + * 404 errors. + * + * @param string + * @param bool + * @return void + */ if ( ! function_exists('show_404')) { function show_404($page = '', $log_error = TRUE) @@ -348,14 +350,16 @@ if ( ! function_exists('show_404')) // ------------------------------------------------------------------------ /** -* Error Logging Interface -* -* We use this as a simple mechanism to access the logging -* class and send messages to be logged. -* -* @access public -* @return void -*/ + * Error Logging Interface + * + * We use this as a simple mechanism to access the logging + * class and send messages to be logged. + * + * @param string + * @param string + * @param bool + * @return void + */ if ( ! function_exists('log_message')) { function log_message($level = 'error', $message, $php_error = FALSE) @@ -377,8 +381,7 @@ if ( ! function_exists('log_message')) /** * Set HTTP Status Header * - * @access public - * @param int the status code + * @param int the status code * @param string * @return void */ @@ -434,7 +437,7 @@ if ( ! function_exists('set_status_header')) show_error('Status codes must be numeric', 500); } - if (isset($stati[$code]) AND $text == '') + if (isset($stati[$code]) && $text == '') { $text = $stati[$code]; } @@ -444,19 +447,19 @@ if ( ! function_exists('set_status_header')) show_error('No status text available. Please check your status code number or supply your own message text.', 500); } - $server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; + $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; if (strpos(php_sapi_name(), 'cgi') === 0) { - header("Status: {$code} {$text}", TRUE); + header('Status: '.$code.' '.$text, TRUE); } - elseif ($server_protocol == 'HTTP/1.1' OR $server_protocol == 'HTTP/1.0') + elseif ($server_protocol === 'HTTP/1.0') { - header($server_protocol." {$code} {$text}", TRUE, $code); + header('HTTP/1.0 '.$code.' '.$text, TRUE, $code); } else { - header("HTTP/1.1 {$code} {$text}", TRUE, $code); + header('HTTP/1.1 '.$code.' '.$text, TRUE, $code); } } } @@ -464,19 +467,22 @@ if ( ! function_exists('set_status_header')) // -------------------------------------------------------------------- /** -* Exception Handler -* -* This is the custom exception handler that is declaired at the top -* of Codeigniter.php. The main reason we use this is to permit -* PHP errors to be logged in our own log files since the user may -* not have access to server logs. Since this function -* effectively intercepts PHP errors, however, we also need -* to display errors based on the current error_reporting level. -* We do that with the use of a PHP error template. -* -* @access private -* @return void -*/ + * Exception Handler + * + * This is the custom exception handler that is declaired at the top + * of Codeigniter.php. The main reason we use this is to permit + * PHP errors to be logged in our own log files since the user may + * not have access to server logs. Since this function + * effectively intercepts PHP errors, however, we also need + * to display errors based on the current error_reporting level. + * We do that with the use of a PHP error template. + * + * @param int + * @param string + * @param string + * @param int + * @return void + */ if ( ! function_exists('_exception_handler')) { function _exception_handler($severity, $message, $filepath, $line) @@ -518,8 +524,8 @@ if ( ! function_exists('_exception_handler')) * This prevents sandwiching null characters * between ascii characters, like Java\0script. * - * @access public * @param string + * @param bool * @return string */ if ( ! function_exists('remove_invisible_characters')) @@ -551,26 +557,20 @@ if ( ! function_exists('remove_invisible_characters')) // ------------------------------------------------------------------------ /** -* Returns HTML escaped variable -* -* @access public -* @param mixed -* @return mixed -*/ + * Returns HTML escaped variable + * + * @param mixed + * @return mixed + */ if ( ! function_exists('html_escape')) { function html_escape($var) { - if (is_array($var)) - { - return array_map('html_escape', $var); - } - else - { - return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); - } + return is_array($var) + ? array_map('html_escape', $var) + : htmlspecialchars($var, ENT_QUOTES, config_item('charset')); } } /* End of file Common.php */ -/* Location: ./system/core/Common.php */ +/* Location: ./system/core/Common.php */
\ No newline at end of file diff --git a/system/core/Config.php b/system/core/Config.php index 66369115a..91826bd41 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -76,11 +76,11 @@ class CI_Config { log_message('debug', 'Config Class Initialized'); // Set the base_url automatically if none was provided - if ($this->config['base_url'] == '') + if (empty($this->config['base_url'])) { if (isset($_SERVER['HTTP_HOST'])) { - $base_url = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http'; + $base_url = ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http'; $base_url .= '://'. $_SERVER['HTTP_HOST'] . str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); } diff --git a/system/core/Controller.php b/system/core/Controller.php index 0dc131701..05e1bf5bf 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index bf9901252..f36b31598 100755 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Exceptions Class * @@ -163,7 +161,7 @@ class CI_Exceptions { * @param string the error line number * @return string */ - function show_php_error($severity, $message, $filepath, $line) + public function show_php_error($severity, $message, $filepath, $line) { $severity = ( ! isset($this->levels[$severity])) ? $severity : $this->levels[$severity]; $filepath = str_replace('\\', '/', $filepath); @@ -189,4 +187,4 @@ class CI_Exceptions { } /* End of file Exceptions.php */ -/* Location: ./system/core/Exceptions.php */ +/* Location: ./system/core/Exceptions.php */
\ No newline at end of file diff --git a/system/core/Hooks.php b/system/core/Hooks.php index e1ac58e6e..68e30ef0f 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Hooks Class * @@ -51,7 +49,7 @@ class CI_Hooks { * * @var array */ - public $hooks = array(); + public $hooks = array(); /** * Determines wether hook is in progress, used to prevent infinte loops * @@ -59,23 +57,17 @@ class CI_Hooks { */ public $in_progress = FALSE; - public function __construct() - { - $this->_initialize(); - log_message('debug', 'Hooks Class Initialized'); - } - - // -------------------------------------------------------------------- - /** * Initialize the Hooks Preferences * * @return void */ - private function _initialize() + public function __construct() { $CFG =& load_class('Config', 'core'); + log_message('debug', 'Hooks Class Initialized'); + // If hooks are not enabled in the config file // there is nothing else to do if ($CFG->item('enable_hooks') == FALSE) @@ -84,7 +76,7 @@ class CI_Hooks { } // Grab the "hooks" definition file. - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) + if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) { include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); } @@ -113,14 +105,14 @@ class CI_Hooks { * @param string the hook name * @return mixed */ - public function _call_hook($which = '') + public function call_hook($which = '') { if ( ! $this->enabled OR ! isset($this->hooks[$which])) { return FALSE; } - if (isset($this->hooks[$which][0]) AND is_array($this->hooks[$which][0])) + if (isset($this->hooks[$which][0]) && is_array($this->hooks[$which][0])) { foreach ($this->hooks[$which] as $val) { @@ -167,7 +159,7 @@ class CI_Hooks { // Set file path // ----------------------------------- - if ( ! isset($data['filepath']) OR ! isset($data['filename'])) + if ( ! isset($data['filepath'], $data['filename'])) { return FALSE; } @@ -187,12 +179,12 @@ class CI_Hooks { $function = FALSE; $params = ''; - if (isset($data['class']) AND $data['class'] != '') + if ( ! empty($data['class'])) { $class = $data['class']; } - if (isset($data['function'])) + if ( ! empty($data['function'])) { $function = $data['function']; } @@ -202,7 +194,7 @@ class CI_Hooks { $params = $data['params']; } - if ($class === FALSE AND $function === FALSE) + if ($class === FALSE && $function === FALSE) { return FALSE; } @@ -244,4 +236,4 @@ class CI_Hooks { } /* End of file Hooks.php */ -/* Location: ./system/core/Hooks.php */ +/* Location: ./system/core/Hooks.php */
\ No newline at end of file diff --git a/system/core/Input.php b/system/core/Input.php index 7a16e51ab..6e6885992 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Input Class * @@ -152,7 +150,7 @@ class CI_Input { public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_GET)) + if ($index === NULL && ! empty($_GET)) { $get = array(); @@ -179,7 +177,7 @@ class CI_Input { public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_POST)) + if ($index === NULL && ! empty($_POST)) { $post = array(); @@ -206,9 +204,9 @@ class CI_Input { */ public function get_post($index = '', $xss_clean = FALSE) { - return ( ! isset($_POST[$index])) - ? $this->get($index, $xss_clean) - : $this->post($index, $xss_clean); + return isset($_POST[$index]) + ? $this->post($index, $xss_clean) + : $this->get($index, $xss_clean); } // -------------------------------------------------------------------- @@ -230,7 +228,7 @@ class CI_Input { /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * * @param mixed @@ -240,14 +238,15 @@ class CI_Input { * @param string the cookie path * @param string the cookie prefix * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ - public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { // always leave 'name' in last place, as the loop will break otherwise, due to $$item - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) { if (isset($name[$item])) { @@ -256,22 +255,26 @@ class CI_Input { } } - if ($prefix == '' AND config_item('cookie_prefix') != '') + if ($prefix == '' && config_item('cookie_prefix') != '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' AND config_item('cookie_domain') != '') + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } - if ($path == '/' AND config_item('cookie_path') != '/') + if ($path == '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE AND config_item('cookie_secure') != FALSE) + if ($secure == FALSE && config_item('cookie_secure') != FALSE) { $secure = config_item('cookie_secure'); } + if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + { + $httponly = config_item('cookie_httponly'); + } if ( ! is_numeric($expire)) { @@ -282,7 +285,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); } // -------------------------------------------------------------------- @@ -320,11 +323,11 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif ($this->server('REMOTE_ADDR') && $this->server('HTTP_CLIENT_IP')) { $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } @@ -368,36 +371,7 @@ class CI_Input { */ public function valid_ip($ip) { - // if php version >= 5.2, use filter_var to check validate ip. - if (function_exists('filter_var')) - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } - - $ip_segments = explode('.', $ip); - - // Always 4 segments needed - if (count($ip_segments) !== 4) - { - return FALSE; - } - // IP can not start with 0 - if ($ip_segments[0][0] == '0') - { - return FALSE; - } - // Check each segment - foreach ($ip_segments as $segment) - { - // IP segments must be digits and can not be - // longer than 3 digits or greater then 255 - if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3) - { - return FALSE; - } - } - - return TRUE; + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } // -------------------------------------------------------------------- @@ -414,7 +388,7 @@ class CI_Input { return $this->user_agent; } - return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; + return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : FALSE; } // -------------------------------------------------------------------- @@ -469,19 +443,16 @@ class CI_Input { { $_GET = array(); } - else + elseif (is_array($_GET) && count($_GET) > 0) { - if (is_array($_GET) AND count($_GET) > 0) + foreach ($_GET as $key => $val) { - foreach ($_GET as $key => $val) - { - $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); - } + $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } } // Clean $_POST Data - if (is_array($_POST) AND count($_POST) > 0) + if (is_array($_POST) && count($_POST) > 0) { foreach ($_POST as $key => $val) { @@ -490,7 +461,7 @@ class CI_Input { } // Clean $_COOKIE Data - if (is_array($_COOKIE) AND count($_COOKIE) > 0) + if (is_array($_COOKIE) && count($_COOKIE) > 0) { // Also get rid of specially treated cookies that might be set by a server // or silly application, that are of no use to a CI application anyway @@ -568,7 +539,7 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE) { return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } @@ -592,6 +563,7 @@ class CI_Input { { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { + set_status_header(503); exit('Disallowed Key Characters.'); } @@ -624,7 +596,7 @@ class CI_Input { } else { - $headers['Content-Type'] = (isset($_SERVER['CONTENT_TYPE'])) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { @@ -654,9 +626,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers - * @param boolean XSS Clean or not - * @return mixed FALSE on failure, string on success + * @param string array key for $this->headers + * @param bool XSS Clean or not + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { @@ -670,12 +642,9 @@ class CI_Input { return FALSE; } - if ($xss_clean === TRUE) - { - return $this->security->xss_clean($this->headers[$index]); - } - - return $this->headers[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($this->headers[$index]) + : $this->headers[$index]; } // -------------------------------------------------------------------- @@ -685,11 +654,11 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @return boolean + * @return bool */ public function is_ajax_request() { - return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest'); + return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'); } // -------------------------------------------------------------------- @@ -699,11 +668,28 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @return boolean + * @return bool */ public function is_cli_request() { - return (php_sapi_name() === 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli' OR defined('STDIN')); + } + + // -------------------------------------------------------------------- + + /** + * Get Request Method + * + * Return the Request Method + * + * @param bool uppercase or lowercase + * @return bool + */ + public function method($upper = FALSE) + { + return ($upper) + ? strtoupper($this->server('REQUEST_METHOD')) + : strtolower($this->server('REQUEST_METHOD')); } } diff --git a/system/core/Lang.php b/system/core/Lang.php index c40a6856e..9ef76f4d6 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Loader.php b/system/core/Loader.php index 12daaa928..027ed20e5 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Loader Class * @@ -281,7 +279,7 @@ class CI_Loader { continue; } - if ($db_conn !== FALSE AND ! class_exists('CI_DB')) + if ($db_conn !== FALSE && ! class_exists('CI_DB')) { if ($db_conn === TRUE) { @@ -324,7 +322,7 @@ class CI_Loader { $CI =& get_instance(); // Do we even need to load the database class? - if (class_exists('CI_DB') AND $return == FALSE AND $active_record == NULL AND isset($CI->db) AND is_object($CI->db)) + if (class_exists('CI_DB') && $return == FALSE && $active_record == NULL && isset($CI->db) && is_object($CI->db)) { return FALSE; } @@ -399,13 +397,13 @@ class CI_Loader { /** * Load View * - * This function is used to load a "view" file. It has three parameters: + * This function is used to load a "view" file. It has three parameters: * * 1. The name of the "view" file to be included. * 2. An associative array of data to be extracted for use in the view. - * 3. TRUE/FALSE - whether to return the data or load it. In - * some cases it's advantageous to be able to return data so that - * a developer can process it in some way. + * 3. TRUE/FALSE - whether to return the data or load it. In + * some cases it's advantageous to be able to return data so that + * a developer can process it in some way. * * @param string * @param array @@ -447,14 +445,14 @@ class CI_Loader { */ public function vars($vars = array(), $val = '') { - if ($val != '' AND is_string($vars)) + if ($val != '' && is_string($vars)) { $vars = array($vars => $val); } $vars = $this->_ci_object_to_array($vars); - if (is_array($vars) AND count($vars) > 0) + if (is_array($vars) && count($vars) > 0) { foreach ($vars as $key => $val) { @@ -615,13 +613,22 @@ class CI_Loader { * * Loads a driver library * - * @param string the name of the class + * @param mixed the name of the class or array of classes * @param mixed the optional parameters * @param string an optional object name * @return void */ public function driver($library = '', $params = NULL, $object_name = NULL) { + if (is_array($library)) + { + foreach ($library as $driver) + { + $this->driver($driver); + } + return FALSE; + } + if ( ! class_exists('CI_Driver_Library')) { // we aren't instantiating an object here, that'll be done by the Library itself @@ -651,7 +658,7 @@ class CI_Loader { * Prepends a parent path to the library, model, helper, and config path arrays * * @param string - * @param boolean + * @param bool * @return void */ public function add_package_path($path, $view_cascade=TRUE) @@ -692,9 +699,9 @@ class CI_Loader { * Remove a path from the library, model, and helper path arrays if it exists * If no path is provided, the most recently added path is removed. * - * @param type + * @param string * @param bool - * @return type + * @return void */ public function remove_package_path($path = '', $remove_config_path = TRUE) { @@ -755,7 +762,7 @@ class CI_Loader { // Set the default data variables foreach (array('_ci_view', '_ci_vars', '_ci_path', '_ci_return') as $_ci_val) { - $$_ci_val = ( ! isset($_ci_data[$_ci_val])) ? FALSE : $_ci_data[$_ci_val]; + $$_ci_val = isset($_ci_data[$_ci_val]) ? $_ci_data[$_ci_val] : FALSE; } $file_exists = FALSE; @@ -833,7 +840,7 @@ class CI_Loader { // If the PHP installation does not support short tags we'll // do a little string replacement, changing the short tags // to standard PHP echo statements. - if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE) + if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE) { echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path)))); } @@ -1010,11 +1017,11 @@ class CI_Loader { * @param string * @param bool * @param string an optional object name - * @return null + * @return void */ protected function _ci_init_class($class, $prefix = '', $config = FALSE, $object_name = NULL) { - // Is there an associated config file for this class? Note: these should always be lowercase + // Is there an associated config file for this class? Note: these should always be lowercase if ($config === NULL) { // Fetch the config paths containing any package paths @@ -1029,24 +1036,24 @@ class CI_Loader { // We test for both uppercase and lowercase, for servers that // are case-sensitive with regard to file names. Check for environment // first, global next - if (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php')) + if (defined('ENVIRONMENT') && file_exists($path.'config/'.ENVIRONMENT.'/'.strtolower($class).'.php')) { - include($path .'config/'.ENVIRONMENT.'/'.strtolower($class).'.php'); + include($path.'config/'.ENVIRONMENT.'/'.strtolower($class).'.php'); break; } - elseif (defined('ENVIRONMENT') AND file_exists($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php')) + elseif (defined('ENVIRONMENT') && file_exists($path.'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php')) { - include($path .'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php'); + include($path.'config/'.ENVIRONMENT.'/'.ucfirst(strtolower($class)).'.php'); break; } - elseif (file_exists($path .'config/'.strtolower($class).'.php')) + elseif (file_exists($path.'config/'.strtolower($class).'.php')) { - include($path .'config/'.strtolower($class).'.php'); + include($path.'config/'.strtolower($class).'.php'); break; } - elseif (file_exists($path .'config/'.ucfirst(strtolower($class)).'.php')) + elseif (file_exists($path.'config/'.ucfirst(strtolower($class)).'.php')) { - include($path .'config/'.ucfirst(strtolower($class)).'.php'); + include($path.'config/'.ucfirst(strtolower($class)).'.php'); break; } } @@ -1086,7 +1093,7 @@ class CI_Loader { if (is_null($object_name)) { - $classvar = ( ! isset($this->_ci_varmap[$class])) ? $class : $this->_ci_varmap[$class]; + $classvar = isset($this->_ci_varmap[$class]) ? $this->_ci_varmap[$class] : $class; } else { @@ -1104,7 +1111,7 @@ class CI_Loader { } else { - $CI->$classvar = new $name; + $CI->$classvar = new $name(); } } @@ -1121,7 +1128,7 @@ class CI_Loader { */ protected function _ci_autoloader() { - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) + if (defined('ENVIRONMENT') && file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) { include(APPPATH.'config/'.ENVIRONMENT.'/autoload.php'); } @@ -1157,14 +1164,14 @@ class CI_Loader { // Autoload helpers and languages foreach (array('helper', 'language') as $type) { - if (isset($autoload[$type]) AND count($autoload[$type]) > 0) + if (isset($autoload[$type]) && count($autoload[$type]) > 0) { $this->$type($autoload[$type]); } } // Load libraries - if (isset($autoload['libraries']) AND count($autoload['libraries']) > 0) + if (isset($autoload['libraries']) && count($autoload['libraries']) > 0) { // Load the database driver. if (in_array('database', $autoload['libraries'])) @@ -1199,7 +1206,7 @@ class CI_Loader { */ protected function _ci_object_to_array($object) { - return (is_object($object)) ? get_object_vars($object) : $object; + return is_object($object) ? get_object_vars($object) : $object; } // -------------------------------------------------------------------- @@ -1243,7 +1250,8 @@ class CI_Loader { return $filename; } } + } /* End of file Loader.php */ -/* Location: ./system/core/Loader.php */ +/* Location: ./system/core/Loader.php */
\ No newline at end of file diff --git a/system/core/Model.php b/system/core/Model.php index a595a6ae2..49b8d34e4 100755 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Output.php b/system/core/Output.php index abd8a0ea9..3cb40626a 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Output Class * @@ -45,37 +43,37 @@ class CI_Output { * * @var string */ - protected $final_output; + public $final_output; /** * Cache expiration time * * @var int */ - protected $cache_expiration = 0; + public $cache_expiration = 0; /** * List of server headers * * @var array */ - protected $headers = array(); + public $headers = array(); /** * List of mime types * * @var array */ - protected $mime_types = array(); + public $mime_types = array(); /** * Determines wether profiler is enabled * * @var book */ - protected $enable_profiler = FALSE; + public $enable_profiler = FALSE; /** * Determines if output compression is enabled * * @var bool */ - protected $_zlib_oc = FALSE; + protected $_zlib_oc = FALSE; /** * List of profiler sections * @@ -87,14 +85,14 @@ class CI_Output { * * @var bool */ - protected $parse_exec_vars = TRUE; + public $parse_exec_vars = TRUE; public function __construct() { $this->_zlib_oc = @ini_get('zlib.output_compression'); // Get mime types for later - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) + if (defined('ENVIRONMENT') && file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; } @@ -226,10 +224,30 @@ class CI_Output { // -------------------------------------------------------------------- /** + * Get Current Content Type Header + * + * @return string 'text/html', if not already set + */ + public function get_content_type() + { + for ($i = 0, $c = count($this->headers); $i < $c; $i++) + { + if (preg_match('/^Content-Type:\s(.+)$/', $this->headers[$i][0], $matches)) + { + return $matches[1]; + } + } + + return 'text/html'; + } + + // -------------------------------------------------------------------- + + /** * Set HTTP Status Header * moved to Common procedural functions in 1.7.2 * - * @param int the status code + * @param int the status code * @param string * @return void */ @@ -249,7 +267,7 @@ class CI_Output { */ public function enable_profiler($val = TRUE) { - $this->enable_profiler = (is_bool($val)) ? $val : TRUE; + $this->enable_profiler = is_bool($val) ? $val : TRUE; return $this; } @@ -267,7 +285,7 @@ class CI_Output { { foreach ($sections as $section => $enable) { - $this->_profiler_sections[$section] = ($enable !== FALSE) ? TRUE : FALSE; + $this->_profiler_sections[$section] = ($enable !== FALSE); } return $this; @@ -278,12 +296,12 @@ class CI_Output { /** * Set Cache * - * @param integer + * @param int * @return void */ public function cache($time) { - $this->cache_expiration = ( ! is_numeric($time)) ? 0 : $time; + $this->cache_expiration = is_numeric($time) ? $time : 0; return $this; } @@ -297,7 +315,7 @@ class CI_Output { * $this->final_output * * This function sends the finalized output data to the browser along - * with any server headers and profile data. It also stops the + * with any server headers and profile data. It also stops the * benchmark timer so the page rendering speed and memory usage can be shown. * * @param string @@ -343,7 +361,7 @@ class CI_Output { if ($this->parse_exec_vars === TRUE) { - $memory = ( ! function_exists('memory_get_usage')) ? '0' : round(memory_get_usage()/1024/1024, 2).'MB'; + $memory = function_exists('memory_get_usage') ? round(memory_get_usage()/1024/1024, 2).'MB' : '0'; $output = str_replace(array('{elapsed_time}', '{memory_usage}'), array($elapsed, $memory), $output); } @@ -520,4 +538,4 @@ class CI_Output { } /* End of file Output.php */ -/* Location: ./system/core/Output.php */ +/* Location: ./system/core/Output.php */
\ No newline at end of file diff --git a/system/core/Router.php b/system/core/Router.php index d21319565..5477fed5d 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Router Class * @@ -111,7 +109,7 @@ class CI_Router { // since URI segments are more search-engine friendly, but they can optionally be used. // If this feature is enabled, we will gather the directory/class/method a little differently $segments = array(); - if ($this->config->item('enable_query_strings') === TRUE AND isset($_GET[$this->config->item('controller_trigger')])) + if ($this->config->item('enable_query_strings') === TRUE && isset($_GET[$this->config->item('controller_trigger')])) { if (isset($_GET[$this->config->item('directory_trigger')])) { @@ -133,7 +131,7 @@ class CI_Router { } // Load the routes.php file. - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/routes.php')) + if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/routes.php')) { include(APPPATH.'config/'.ENVIRONMENT.'/routes.php'); } @@ -147,7 +145,7 @@ class CI_Router { // Set the default controller so we can display it in the event // the URI doesn't correlated to a valid controller. - $this->default_controller = ( ! isset($this->routes['default_controller']) OR $this->routes['default_controller'] == '') ? FALSE : strtolower($this->routes['default_controller']); + $this->default_controller = empty($this->routes['default_controller']) ? FALSE : strtolower($this->routes['default_controller']); // Were there any query string segments? If so, we'll validate them and bail out since we're done. if (count($segments) > 0) @@ -248,8 +246,8 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Validates the supplied segments. Attempts to determine the path to - * the controller. + * Validates the supplied segments. + * Attempts to determine the path to the controller. * * @param array * @return array @@ -340,7 +338,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Parse Routes + * Parse Routes * * This function matches any routes that may exist in * the config/routes.php file against the URI to @@ -369,7 +367,7 @@ class CI_Router { if (preg_match('#^'.$key.'$#', $uri)) { // Do we have a back-reference? - if (strpos($val, '$') !== FALSE AND strpos($key, '(') !== FALSE) + if (strpos($val, '$') !== FALSE && strpos($key, '(') !== FALSE) { $val = preg_replace('#^'.$key.'$#', $val, $uri); } @@ -411,7 +409,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Set the method name + * Set the method name * * @param string * @return void @@ -424,7 +422,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Fetch the current method + * Fetch the current method * * @return string */ @@ -441,7 +439,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Set the directory name + * Set the directory name * * @param string * @return void @@ -454,7 +452,7 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Fetch the sub-directory (if any) that contains the requested controller class + * Fetch the sub-directory (if any) that contains the requested controller class * * @return string */ @@ -466,10 +464,10 @@ class CI_Router { // -------------------------------------------------------------------- /** - * Set the controller overrides + * Set the controller overrides * * @param array - * @return null + * @return void */ public function _set_overrides($routing) { @@ -483,7 +481,7 @@ class CI_Router { $this->set_directory($routing['directory']); } - if (isset($routing['controller']) AND $routing['controller'] != '') + if (isset($routing['controller']) && $routing['controller'] != '') { $this->set_class($routing['controller']); } @@ -498,4 +496,4 @@ class CI_Router { } /* End of file Router.php */ -/* Location: ./system/core/Router.php */ +/* Location: ./system/core/Router.php */
\ No newline at end of file diff --git a/system/core/Security.php b/system/core/Security.php index 1007f61f4..ac39ce97b 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Security Class * @@ -106,23 +104,27 @@ class CI_Security { public function __construct() { - // CSRF config - foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) + // Is CSRF protection enabled? + if (config_item('csrf_protection') === TRUE) { - if (FALSE !== ($val = config_item($key))) + // CSRF config + foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) { - $this->{'_'.$key} = $val; + if (FALSE !== ($val = config_item($key))) + { + $this->{'_'.$key} = $val; + } } - } - // Append application specific cookie prefix - if (config_item('cookie_prefix')) - { - $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; - } + // Append application specific cookie prefix + if (config_item('cookie_prefix')) + { + $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; + } - // Set the CSRF hash - $this->_csrf_set_hash(); + // Set the CSRF hash + $this->_csrf_set_hash(); + } log_message('debug', 'Security Class Initialized'); } @@ -136,8 +138,8 @@ class CI_Security { */ public function csrf_verify() { - // If no POST data exists we will set the CSRF cookie - if (count($_POST) === 0) + // If it's not a POST request we will set the CSRF cookie + if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') { return $this->csrf_set_cookie(); } @@ -189,12 +191,20 @@ class CI_Security { $expire = time() + $this->_csrf_expire; $secure_cookie = (bool) config_item('cookie_secure'); - if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS'])) + if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off')) { return FALSE; } - setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); + setcookie( + $this->_csrf_cookie_name, + $this->_csrf_hash, + $expire, + config_item('cookie_path'), + config_item('cookie_domain'), + $secure_cookie, + config_item('cookie_httponly') + ); log_message('debug', 'CRSF cookie Set'); return $this; @@ -358,7 +368,7 @@ class CI_Security { foreach ($words as $word) { - $word = implode("\s*", str_split($word)) . "\s*"; + $word = implode('\s*', str_split($word)).'\s*'; // We only want to do this when it is followed by a non-word character // That way valid stuff like "dealer to" does not become "dealerto" @@ -425,7 +435,6 @@ class CI_Security { '\\1\\2(\\3)', $str); - // Final clean up // This adds a bit of extra precaution in case // something got through the above filters @@ -601,7 +610,7 @@ class CI_Security { } // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -633,7 +642,7 @@ class CI_Security { { return '<'.$matches[1].$matches[2].$matches[3] // encode opening brace // encode captured opening or closing brace to prevent recursive vectors: - . str_replace(array('>', '<'), array('>', '<'), $matches[4]); + .str_replace(array('>', '<'), array('>', '<'), $matches[4]); } // -------------------------------------------------------------------- diff --git a/system/core/URI.php b/system/core/URI.php index b28ee198b..48bb7ae3c 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * @@ -22,7 +22,6 @@ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 - * @filesource */ // ------------------------------------------------------------------------ @@ -93,7 +92,7 @@ class CI_URI { if (strtoupper($this->config->item('uri_protocol')) === 'AUTO') { // Is the request coming from the command line? - if (php_sapi_name() === 'cli' OR defined('STDIN')) + if ($this->_is_cli_request()) { $this->_set_uri_string($this->_parse_cli_args()); return; @@ -227,6 +226,21 @@ class CI_URI { } // -------------------------------------------------------------------- + + /** + * Is cli Request? + * + * Duplicate of function from the Input class to test to see if a request was made from the command line + * + * @return boolean + */ + protected function _is_cli_request() + { + return (php_sapi_name() == 'cli') OR defined('STDIN'); + } + + + // -------------------------------------------------------------------- /** * Parse cli arguments @@ -444,9 +458,7 @@ class CI_URI { return array(); } - return function_exists('array_fill_keys') - ? array_fill_keys($default, FALSE) - : array_combine($default, array_fill(0, count($default), FALSE)); + return array_fill_keys($default, FALSE); } $segments = array_slice($this->$segment_array(), ($n - 1)); diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 0e180d36f..ba3567453 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * |