summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Input.php19
-rw-r--r--system/core/URI.php135
2 files changed, 108 insertions, 46 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index 5a227332c..eb2048e58 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -30,7 +30,7 @@ class CI_Input {
var $ip_address = FALSE;
var $user_agent = FALSE;
- var $_allow_get_array = FALSE;
+ var $_allow_get_array = TRUE;
var $_standardize_newlines = TRUE;
var $_enable_xss = FALSE; // Set automatically based on config setting
var $_enable_csrf = FALSE; // Set automatically based on config setting
@@ -49,9 +49,9 @@ class CI_Input {
{
log_message('debug', "Input Class Initialized");
- $this->_allow_get_array = (config_item('enable_query_strings') === TRUE) ? TRUE : FALSE;
- $this->_enable_xss = (config_item('global_xss_filtering') === TRUE) ? TRUE : FALSE;
- $this->_enable_csrf = (config_item('csrf_protection') === TRUE) ? TRUE : FALSE;
+ $this->_allow_get_array = (config_item('allow_get_array') === TRUE);
+ $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
+ $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
// Do we need to load the security class?
if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE)
@@ -216,14 +216,7 @@ class CI_Input {
}
else
{
- if ($expire > 0)
- {
- $expire = time() + $expire;
- }
- else
- {
- $expire = 0;
- }
+ $expire = ($expire > 0) ? time() + $expire : 0;
}
setcookie($prefix.$name, $value, $expire, $path, $domain, 0);
@@ -514,7 +507,7 @@ class CI_Input {
{
if (strpos($str, "\r") !== FALSE)
{
- $str = str_replace(array("\r\n", "\r"), "\n", $str);
+ $str = str_replace(array("\r\n", "\r"), PHP_EOL, $str);
}
}
diff --git a/system/core/URI.php b/system/core/URI.php
index 5a5a37cc6..479a225fb 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -61,13 +61,17 @@ class CI_URI {
{
if (strtoupper($this->config->item('uri_protocol')) == 'AUTO')
{
- // If the URL has a question mark then it's simplest to just
- // build the URI string from the zero index of the $_GET array.
- // This avoids having to deal with $_SERVER variables, which
- // can be unreliable in some environments
- if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '')
+ // Let's try the REQUEST_URI first, this will work in most situations
+ if ($uri = $this->_get_request_uri())
{
- $this->uri_string = key($_GET);
+ $this->uri_string = $this->_parse_request_uri($uri);
+ return;
+ }
+
+ // Arguments exist, it must be a command line request
+ if ( ! empty($_SERVER['argv']))
+ {
+ $this->uri_string = $this->_parse_cli_args();
return;
}
@@ -88,12 +92,10 @@ class CI_URI {
return;
}
- // No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
- $path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO'));
- if (trim($path, '/') != '' && $path != "/".SELF)
+ // As a last ditch effort lets try using the $_GET array
+ if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '')
{
- // remove path and script information so we have good URI data
- $this->uri_string = $path;
+ $this->uri_string = key($_GET);
return;
}
@@ -106,7 +108,12 @@ class CI_URI {
if ($uri == 'REQUEST_URI')
{
- $this->uri_string = $this->_parse_request_uri();
+ $this->uri_string = $this->_parse_request_uri($this->_get_request_uri());
+ return;
+ }
+ elseif ($uri == 'CLI')
+ {
+ $this->uri_string = $this->_parse_cli_args();
return;
}
@@ -123,39 +130,73 @@ class CI_URI {
// --------------------------------------------------------------------
/**
- * Parse the REQUEST_URI
+ * Get REQUEST_URI
*
- * Due to the way REQUEST_URI works it usually contains path info
- * that makes it unusable as URI data. We'll trim off the unnecessary
- * data, hopefully arriving at a valid URI that we can use.
+ * Retrieves the REQUEST_URI, or equivelent for IIS.
*
* @access private
* @return string
*/
- function _parse_request_uri()
+ function _get_request_uri()
{
- if ( ! isset($_SERVER['REQUEST_URI']) OR $_SERVER['REQUEST_URI'] == '')
+ $uri = FALSE;
+
+ // Let's check for standard servers first
+ if (isset($_SERVER['REQUEST_URI']))
{
- return '';
+ $uri = $_SERVER['REQUEST_URI'];
+ if (strpos($uri, $_SERVER['SERVER_NAME']) !== FALSE)
+ {
+ $uri = preg_replace('/^\w+:\/\/[^\/]+/', '', $uri);
+ }
}
- $request_uri = preg_replace("|/(.*)|", "\\1", str_replace("\\", "/", $_SERVER['REQUEST_URI']));
+ // Now lets check for IIS
+ elseif (isset($_SERVER['HTTP_X_REWRITE_URL']))
+ {
+ $uri = $_SERVER['HTTP_X_REWRITE_URL'];
+ }
- if ($request_uri == '' OR $request_uri == SELF)
+ // Last ditch effort (for older CGI servers, like IIS 5)
+ elseif (isset($_SERVER['ORIG_PATH_INFO']))
{
- return '';
+ $uri = $_SERVER['ORIG_PATH_INFO'];
+ if ( ! empty($_SERVER['QUERY_STRING']))
+ {
+ $uri .= '?' . $_SERVER['QUERY_STRING'];
+ }
}
- $fc_path = FCPATH.SELF;
- if (strpos($request_uri, '?') !== FALSE)
+ return $uri;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Parse REQUEST_URI
+ *
+ * Due to the way REQUEST_URI works it usually contains path info
+ * that makes it unusable as URI data. We'll trim off the unnecessary
+ * data, hopefully arriving at a valid URI that we can use.
+ *
+ * @access private
+ * @param string
+ * @return string
+ */
+ private function _parse_request_uri($uri)
+ {
+ // Some server's require URL's like index.php?/whatever If that is the case,
+ // then we need to add that to our parsing.
+ $fc_path = ltrim(FCPATH . SELF, '/');
+ if (strpos($uri, SELF . '?') !== FALSE)
{
$fc_path .= '?';
}
- $parsed_uri = explode("/", $request_uri);
+ $parsed_uri = explode('/', ltrim($uri, '/'));
$i = 0;
- foreach(explode("/", $fc_path) as $segment)
+ foreach (explode("/", $fc_path) as $segment)
{
if (isset($parsed_uri[$i]) && $segment == $parsed_uri[$i])
{
@@ -163,14 +204,42 @@ class CI_URI {
}
}
- $parsed_uri = implode("/", array_slice($parsed_uri, $i));
+ $uri = implode("/", array_slice($parsed_uri, $i));
- if ($parsed_uri != '')
+ // Let's take off any query string and re-assign $_SERVER['QUERY_STRING'] and $_GET.
+ // This is only needed on some servers. However, we are forced to use it to accomodate
+ // them.
+ if (($qs_pos = strpos($uri, '?')) !== FALSE)
{
- $parsed_uri = '/'.$parsed_uri;
+ $_SERVER['QUERY_STRING'] = substr($uri, $qs_pos + 1);
+ parse_str($_SERVER['QUERY_STRING'], $_GET);
+ $uri = substr($uri, 0, $qs_pos);
}
- return $parsed_uri;
+ // If it is just a / or index.php then just empty it.
+ if ($uri == '/' OR $uri == SELF)
+ {
+ $uri = '';
+ }
+
+ return $uri;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Parse cli arguments
+ *
+ * Take each command line argument and assume it is a URI segment.
+ *
+ * @access private
+ * @return string
+ */
+ private function _parse_cli_args()
+ {
+ $args = array_slice($_SERVER['argv'], 1);
+
+ return $args ? '/' . implode('/', $args) : '';
}
// --------------------------------------------------------------------
@@ -228,7 +297,7 @@ class CI_URI {
*/
function _explode_segments()
{
- foreach(explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val)
+ foreach (explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val)
{
// Filter segments for security
$val = trim($this->_filter_uri($val));
@@ -484,7 +553,7 @@ class CI_URI {
{
$leading = '/';
$trailing = '/';
-
+
if ($where == 'trailing')
{
$leading = '';
@@ -493,7 +562,7 @@ class CI_URI {
{
$trailing = '';
}
-
+
return $leading.$this->$which($n).$trailing;
}