summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rwxr-xr-xsystem/core/CodeIgniter.php44
-rwxr-xr-xsystem/core/Input.php111
-rwxr-xr-xsystem/core/Model.php21
-rwxr-xr-xsystem/core/Security.php11
4 files changed, 72 insertions, 115 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 5152073d5..cb5d439bd 100755
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -59,7 +59,7 @@
* Load the framework constants
* ------------------------------------------------------
*/
- if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php'))
+ if (defined('ENVIRONMENT') && file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php'))
{
require(APPPATH.'config/'.ENVIRONMENT.'/constants.php');
}
@@ -91,12 +91,12 @@
* "libraries" folder. Since CI allows config items to be
* overriden via data set in the main index. php file,
* before proceeding we need to know if a subclass_prefix
- * override exists. If so, we will set this value now,
+ * override exists. If so, we will set this value now,
* before any classes are loaded
* Note: Since the config file data is cached it doesn't
* hurt to load it here.
*/
- if (isset($assign_to_config['subclass_prefix']) AND $assign_to_config['subclass_prefix'] != '')
+ if (isset($assign_to_config['subclass_prefix']) && $assign_to_config['subclass_prefix'] != '')
{
get_config(array('subclass_prefix' => $assign_to_config['subclass_prefix']));
}
@@ -106,13 +106,10 @@
* Set a liberal script execution time limit
* ------------------------------------------------------
*/
- if (function_exists("set_time_limit") AND @ini_get("safe_mode") == 0)
+ if (function_exists('set_time_limit') && @ini_get('safe_mode') == 0
+ && php_sapi_name() !== 'cli') // Do not override the Time Limit value if running from Command Line
{
- // Do not override the Time Limit value if running from Command Line
- if(php_sapi_name() != 'cli')
- {
- @set_time_limit(300);
- }
+ @set_time_limit(300);
}
/*
@@ -162,7 +159,6 @@
* after the Config class is instantiated.
*
*/
-
$UNI =& load_class('Utf8', 'core');
/*
@@ -195,15 +191,13 @@
/*
* ------------------------------------------------------
- * Is there a valid cache file? If so, we're done...
+ * Is there a valid cache file? If so, we're done...
* ------------------------------------------------------
*/
- if ($EXT->_call_hook('cache_override') === FALSE)
+ if ($EXT->_call_hook('cache_override') === FALSE
+ && $OUT->_display_cache($CFG, $URI) == TRUE)
{
- if ($OUT->_display_cache($CFG, $URI) == TRUE)
- {
- exit;
- }
+ exit;
}
/*
@@ -273,13 +267,13 @@
$method = $RTR->fetch_method();
if ( ! class_exists($class)
- OR strncmp($method, '_', 1) == 0
+ OR strpos($method, '_', 1) === 0
OR in_array(strtolower($method), array_map('strtolower', get_class_methods('CI_Controller')))
)
{
if ( ! empty($RTR->routes['404_override']))
{
- $x = explode('/', $RTR->routes['404_override']);
+ $x = explode('/', $RTR->routes['404_override'], 2);
$class = $x[0];
$method = (isset($x[1]) ? $x[1] : 'index');
if ( ! class_exists($class))
@@ -341,7 +335,7 @@
// Check and see if we are using a 404 override and use it.
if ( ! empty($RTR->routes['404_override']))
{
- $x = explode('/', $RTR->routes['404_override']);
+ $x = explode('/', $RTR->routes['404_override'], 2);
$class = $x[0];
$method = (isset($x[1]) ? $x[1] : 'index');
if ( ! class_exists($class))
@@ -367,7 +361,6 @@
call_user_func_array(array(&$CI, $method), array_slice($URI->rsegments, 2));
}
-
// Mark a benchmark end point
$BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_end');
@@ -400,11 +393,10 @@
* Close the DB connection if one exists
* ------------------------------------------------------
*/
- if (class_exists('CI_DB') AND isset($CI->db))
+ if (class_exists('CI_DB') && isset($CI->db))
{
$CI->db->close();
}
-
/* End of file CodeIgniter.php */
-/* Location: ./system/core/CodeIgniter.php */ \ No newline at end of file
+/* Location: ./system/core/CodeIgniter.php */
diff --git a/system/core/Input.php b/system/core/Input.php
index 7cfa4c63f..7a16e51ab 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -45,39 +45,39 @@ class CI_Input {
*
* @var string
*/
- var $ip_address = FALSE;
+ public $ip_address = FALSE;
/**
* user agent (web browser) being used by the current user
*
* @var string
*/
- var $user_agent = FALSE;
+ public $user_agent = FALSE;
/**
* If FALSE, then $_GET will be set to an empty array
*
* @var bool
*/
- var $_allow_get_array = TRUE;
+ protected $_allow_get_array = TRUE;
/**
* If TRUE, then newlines are standardized
*
* @var bool
*/
- var $_standardize_newlines = TRUE;
+ protected $_standardize_newlines = TRUE;
/**
* Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered
* Set automatically based on config setting
*
* @var bool
*/
- var $_enable_xss = FALSE;
+ protected $_enable_xss = FALSE;
/**
* Enables a CSRF cookie token to be set.
* Set automatically based on config setting
*
* @var bool
*/
- var $_enable_csrf = FALSE;
+ protected $_enable_csrf = FALSE;
/**
* List of all HTTP request headers
*
@@ -85,21 +85,19 @@ class CI_Input {
*/
protected $headers = array();
-
/**
* Constructor
*
* Sets whether to globally enable the XSS processing
* and whether to allow the $_GET array
- *
*/
public function __construct()
{
- log_message('debug', "Input Class Initialized");
+ log_message('debug', 'Input Class Initialized');
$this->_allow_get_array = (config_item('allow_get_array') === TRUE);
- $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
- $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
+ $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
+ $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
global $SEC;
$this->security =& $SEC;
@@ -122,7 +120,6 @@ class CI_Input {
*
* This is a helper function to retrieve values from global arrays
*
- * @access protected
* @param array
* @param string
* @param bool
@@ -148,7 +145,6 @@ class CI_Input {
/**
* Fetch an item from the GET array
*
- * @access public
* @param string
* @param bool
* @return string
@@ -176,7 +172,6 @@ class CI_Input {
/**
* Fetch an item from the POST array
*
- * @access public
* @param string
* @param bool
* @return string
@@ -205,21 +200,15 @@ class CI_Input {
/**
* Fetch an item from either the GET array or the POST
*
- * @access public
* @param string The index key
* @param bool XSS cleaning
* @return string
*/
public function get_post($index = '', $xss_clean = FALSE)
{
- if ( ! isset($_POST[$index]) )
- {
- return $this->get($index, $xss_clean);
- }
- else
- {
- return $this->post($index, $xss_clean);
- }
+ return ( ! isset($_POST[$index]))
+ ? $this->get($index, $xss_clean)
+ : $this->post($index, $xss_clean);
}
// --------------------------------------------------------------------
@@ -227,7 +216,6 @@ class CI_Input {
/**
* Fetch an item from the COOKIE array
*
- * @access public
* @param string
* @param bool
* @return string
@@ -245,7 +233,6 @@ class CI_Input {
* Accepts six parameter, or you can submit an associative
* array in the first parameter containing all the values.
*
- * @access public
* @param mixed
* @param string the value of the cookie
* @param string the number of seconds until expiration
@@ -303,7 +290,6 @@ class CI_Input {
/**
* Fetch an item from the SERVER array
*
- * @access public
* @param string
* @param bool
* @return string
@@ -318,7 +304,6 @@ class CI_Input {
/**
* Fetch the IP Address
*
- * @access public
* @return string
*/
public function ip_address()
@@ -335,7 +320,7 @@ class CI_Input {
$this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
- elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR'))
+ elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR'))
{
$this->ip_address = $_SERVER['REMOTE_ADDR'];
}
@@ -354,8 +339,7 @@ class CI_Input {
if ($this->ip_address === FALSE)
{
- $this->ip_address = '0.0.0.0';
- return $this->ip_address;
+ return $this->ip_address = '0.0.0.0';
}
if (strpos($this->ip_address, ',') !== FALSE)
@@ -366,7 +350,7 @@ class CI_Input {
if ( ! $this->valid_ip($this->ip_address))
{
- $this->ip_address = '0.0.0.0';
+ return $this->ip_address = '0.0.0.0';
}
return $this->ip_address;
@@ -379,7 +363,6 @@ class CI_Input {
*
* Updated version suggested by Geert De Deckere
*
- * @access public
* @param string
* @return bool
*/
@@ -394,7 +377,7 @@ class CI_Input {
$ip_segments = explode('.', $ip);
// Always 4 segments needed
- if (count($ip_segments) != 4)
+ if (count($ip_segments) !== 4)
{
return FALSE;
}
@@ -408,7 +391,7 @@ class CI_Input {
{
// IP segments must be digits and can not be
// longer than 3 digits or greater then 255
- if ($segment == '' OR preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3)
+ if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3)
{
return FALSE;
}
@@ -422,7 +405,6 @@ class CI_Input {
/**
* User Agent
*
- * @access public
* @return string
*/
public function user_agent()
@@ -432,9 +414,7 @@ class CI_Input {
return $this->user_agent;
}
- $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT'];
-
- return $this->user_agent;
+ return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT'];
}
// --------------------------------------------------------------------
@@ -444,22 +424,20 @@ class CI_Input {
*
* This function does the following:
*
- * Unsets $_GET data (if query strings are not enabled)
- *
- * Unsets all globals if register_globals is enabled
+ * - Unsets $_GET data (if query strings are not enabled)
+ * - Unsets all globals if register_globals is enabled
+ * - Standardizes newline characters to \n
*
- * Standardizes newline characters to \n
- *
- * @access private
* @return void
*/
- private function _sanitize_globals()
+ protected function _sanitize_globals()
{
// It would be "wrong" to unset any of these GLOBALS.
$protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST',
- '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
- 'system_folder', 'application_folder', 'BM', 'EXT',
- 'CFG', 'URI', 'RTR', 'OUT', 'IN');
+ '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
+ 'system_folder', 'application_folder', 'BM', 'EXT',
+ 'CFG', 'URI', 'RTR', 'OUT', 'IN'
+ );
// Unset globals for securiy.
// This is effectively the same as register_globals = off
@@ -532,14 +510,13 @@ class CI_Input {
// Sanitize PHP_SELF
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
-
// CSRF Protection check
if ($this->_enable_csrf == TRUE)
{
$this->security->csrf_verify();
}
- log_message('debug', "Global POST and COOKIE data sanitized");
+ log_message('debug', 'Global POST and COOKIE data sanitized');
}
// --------------------------------------------------------------------
@@ -550,11 +527,10 @@ class CI_Input {
* This is a helper function. It escapes data and
* standardizes newline characters to \n
*
- * @access private
* @param string
* @return string
*/
- private function _clean_input_data($str)
+ protected function _clean_input_data($str)
{
if (is_array($str))
{
@@ -592,12 +568,9 @@ class CI_Input {
}
// Standardize newlines if needed
- if ($this->_standardize_newlines == TRUE)
+ if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE)
{
- if (strpos($str, "\r") !== FALSE)
- {
- $str = str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str);
- }
+ return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str);
}
return $str;
@@ -612,13 +585,12 @@ class CI_Input {
* from trying to exploit keys we make sure that keys are
* only named with alpha-numeric text and a few other items.
*
- * @access private
* @param string
* @return string
*/
- private function _clean_input_keys($str)
+ protected function _clean_input_keys($str)
{
- if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
+ if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str))
{
exit('Disallowed Key Characters.');
}
@@ -626,7 +598,7 @@ class CI_Input {
// Clean UTF-8 if supported
if (UTF8_ENABLED === TRUE)
{
- $str = $this->uni->clean_string($str);
+ return $this->uni->clean_string($str);
}
return $str;
@@ -640,10 +612,8 @@ class CI_Input {
* In Apache, you can simply call apache_request_headers(), however for
* people running other webservers the function is undefined.
*
- * @access public
* @param bool XSS cleaning
- *
- * @return array
+ * @return array
*/
public function request_headers($xss_clean = FALSE)
{
@@ -658,7 +628,7 @@ class CI_Input {
foreach ($_SERVER as $key => $val)
{
- if (strncmp($key, 'HTTP_', 5) === 0)
+ if (strpos($key, 'HTTP_') === 0)
{
$headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
}
@@ -684,7 +654,6 @@ class CI_Input {
*
* Returns the value of a single member of the headers class member
*
- * @access public
* @param string array key for $this->headers
* @param boolean XSS Clean or not
* @return mixed FALSE on failure, string on success
@@ -716,7 +685,6 @@ class CI_Input {
*
* Test to see if a request contains the HTTP_X_REQUESTED_WITH header
*
- * @access public
* @return boolean
*/
public function is_ajax_request()
@@ -731,12 +699,11 @@ class CI_Input {
*
* Test to see if a request was made from the command line
*
- * @access public
* @return boolean
*/
public function is_cli_request()
{
- return (php_sapi_name() == 'cli') or defined('STDIN');
+ return (php_sapi_name() === 'cli') or defined('STDIN');
}
}
diff --git a/system/core/Model.php b/system/core/Model.php
index fc640139a..a595a6ae2 100755
--- a/system/core/Model.php
+++ b/system/core/Model.php
@@ -1,13 +1,13 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
- *
+ *
* Licensed under the Open Software License version 3.0
- *
+ *
* This source file is subject to the Open Software License (OSL 3.0) that is
* bundled with this package in the files license.txt / license.rst. It is
* also available through the world wide web at this URL:
@@ -38,14 +38,9 @@
*/
class CI_Model {
- /**
- * Constructor
- *
- * @access public
- */
- function __construct()
+ public function __construct()
{
- log_message('debug', "Model Class Initialized");
+ log_message('debug', 'Model Class Initialized');
}
/**
@@ -55,15 +50,13 @@ class CI_Model {
* syntax as controllers.
*
* @param string
- * @access private
*/
- function __get($key)
+ public function __get($key)
{
$CI =& get_instance();
return $CI->$key;
}
}
-// END Model Class
/* End of file Model.php */
-/* Location: ./system/core/Model.php */ \ No newline at end of file
+/* Location: ./system/core/Model.php */
diff --git a/system/core/Security.php b/system/core/Security.php
index 272a8bf3f..f7998da60 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -180,9 +180,14 @@ class CI_Security {
// polute the _POST array
unset($_POST[$this->_csrf_token_name]);
- // Nothing should last forever
- unset($_COOKIE[$this->_csrf_cookie_name]);
- $this->_csrf_hash = '';
+ // Regenerate on every submission?
+ if (config_item('csrf_regenerate'))
+ {
+ // Nothing should last forever
+ unset($_COOKIE[$this->_csrf_cookie_name]);
+ $this->_csrf_hash = '';
+ }
+
$this->_csrf_set_hash();
$this->csrf_set_cookie();