summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/CodeIgniter.php89
-rw-r--r--system/core/Common.php14
-rw-r--r--system/core/Config.php16
-rw-r--r--system/core/Exceptions.php12
-rw-r--r--system/core/Hooks.php6
-rw-r--r--system/core/Input.php285
-rw-r--r--system/core/Loader.php20
-rw-r--r--system/core/Log.php7
-rw-r--r--system/core/Model.php8
-rw-r--r--system/core/Output.php19
-rw-r--r--system/core/Router.php43
-rw-r--r--system/core/Security.php43
-rw-r--r--system/core/URI.php122
-rw-r--r--system/core/Utf8.php14
-rw-r--r--system/core/compat/hash.php8
-rw-r--r--system/core/compat/mbstring.php8
-rw-r--r--system/core/compat/password.php12
-rw-r--r--system/core/compat/standard.php50
18 files changed, 187 insertions, 589 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index bd0c4c5d8..9bf60a4ac 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @var string
*
*/
- const CI_VERSION = '3.1.12-dev';
+ const CI_VERSION = '3.2.0-dev';
/*
* ------------------------------------------------------
@@ -79,57 +79,6 @@ defined('BASEPATH') OR exit('No direct script access allowed');
*/
require_once(BASEPATH.'core/Common.php');
-
-/*
- * ------------------------------------------------------
- * Security procedures
- * ------------------------------------------------------
- */
-
-if ( ! is_php('5.4'))
-{
- ini_set('magic_quotes_runtime', 0);
-
- if ((bool) ini_get('register_globals'))
- {
- $_protected = array(
- '_SERVER',
- '_GET',
- '_POST',
- '_FILES',
- '_REQUEST',
- '_SESSION',
- '_ENV',
- '_COOKIE',
- 'GLOBALS',
- 'HTTP_RAW_POST_DATA',
- 'system_path',
- 'application_folder',
- 'view_folder',
- '_protected',
- '_registered'
- );
-
- $_registered = ini_get('variables_order');
- foreach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal)
- {
- if (strpos($_registered, $key) === FALSE)
- {
- continue;
- }
-
- foreach (array_keys($$superglobal) as $var)
- {
- if (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE))
- {
- $GLOBALS[$var] = NULL;
- }
- }
- }
- }
-}
-
-
/*
* ------------------------------------------------------
* Define a custom error handler so we can log PHP errors
@@ -194,20 +143,6 @@ if ( ! is_php('5.4'))
/*
* ------------------------------------------------------
- * Instantiate the hooks class
- * ------------------------------------------------------
- */
- $EXT =& load_class('Hooks', 'core');
-
-/*
- * ------------------------------------------------------
- * Is there a "pre_system" hook?
- * ------------------------------------------------------
- */
- $EXT->call_hook('pre_system');
-
-/*
- * ------------------------------------------------------
* Instantiate the config class
* ------------------------------------------------------
*
@@ -229,6 +164,20 @@ if ( ! is_php('5.4'))
/*
* ------------------------------------------------------
+ * Instantiate the hooks class
+ * ------------------------------------------------------
+ */
+ $EXT =& load_class('Hooks', 'core', $CFG);
+
+/*
+ * ------------------------------------------------------
+ * Is there a "pre_system" hook?
+ * ------------------------------------------------------
+ */
+ $EXT->call_hook('pre_system');
+
+/*
+ * ------------------------------------------------------
* Important charset-related stuff
* ------------------------------------------------------
*
@@ -294,14 +243,14 @@ if ( ! is_php('5.4'))
* Instantiate the UTF-8 class
* ------------------------------------------------------
*/
- $UNI =& load_class('Utf8', 'core');
+ $UNI =& load_class('Utf8', 'core', $charset);
/*
* ------------------------------------------------------
* Instantiate the URI class
* ------------------------------------------------------
*/
- $URI =& load_class('URI', 'core');
+ $URI =& load_class('URI', 'core', $CFG);
/*
* ------------------------------------------------------
@@ -332,14 +281,14 @@ if ( ! is_php('5.4'))
* Load the security class for xss and csrf support
* -----------------------------------------------------
*/
- $SEC =& load_class('Security', 'core');
+ $SEC =& load_class('Security', 'core', $charset);
/*
* ------------------------------------------------------
* Load the Input class and sanitize globals
* ------------------------------------------------------
*/
- $IN =& load_class('Input', 'core');
+ $IN =& load_class('Input', 'core', $SEC);
/*
* ------------------------------------------------------
diff --git a/system/core/Common.php b/system/core/Common.php
index 624b5a9f7..fadc0a0b1 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -81,8 +81,7 @@ if ( ! function_exists('is_really_writable'))
* Tests for file writability
*
* is_writable() returns TRUE on Windows servers when you really can't write to
- * the file, based on the read-only attribute. is_writable() is also unreliable
- * on Unix servers if safe_mode is on.
+ * the file, based on the read-only attribute.
*
* @link https://bugs.php.net/bug.php?id=54709
* @param string
@@ -90,8 +89,8 @@ if ( ! function_exists('is_really_writable'))
*/
function is_really_writable($file)
{
- // If we're on a Unix server with safe_mode off we call is_writable
- if (DIRECTORY_SEPARATOR === '/' && (is_php('5.4') OR ! ini_get('safe_mode')))
+ // If we're on a UNIX-like server, just is_writable()
+ if (DIRECTORY_SEPARATOR === '/')
{
return is_writable($file);
}
@@ -499,6 +498,7 @@ if ( ! function_exists('set_status_header'))
$stati = array(
100 => 'Continue',
101 => 'Switching Protocols',
+ 103 => 'Early Hints',
200 => 'OK',
201 => 'Created',
@@ -507,6 +507,7 @@ if ( ! function_exists('set_status_header'))
204 => 'No Content',
205 => 'Reset Content',
206 => 'Partial Content',
+ 207 => 'Multi-Status',
300 => 'Multiple Choices',
301 => 'Moved Permanently',
@@ -515,6 +516,7 @@ if ( ! function_exists('set_status_header'))
304 => 'Not Modified',
305 => 'Use Proxy',
307 => 'Temporary Redirect',
+ 308 => 'Permanent Redirect',
400 => 'Bad Request',
401 => 'Unauthorized',
@@ -534,11 +536,13 @@ if ( ! function_exists('set_status_header'))
415 => 'Unsupported Media Type',
416 => 'Requested Range Not Satisfiable',
417 => 'Expectation Failed',
+ 421 => 'Misdirected Request',
422 => 'Unprocessable Entity',
426 => 'Upgrade Required',
428 => 'Precondition Required',
429 => 'Too Many Requests',
431 => 'Request Header Fields Too Large',
+ 451 => 'Unavailable For Legal Reasons',
500 => 'Internal Server Error',
501 => 'Not Implemented',
@@ -625,7 +629,7 @@ if ( ! function_exists('_error_handler'))
// If the error is fatal, the execution of the script should be stopped because
// errors can't be recovered from. Halting the script conforms with PHP's
- // default error handling. See http://www.php.net/manual/en/errorfunc.constants.php
+ // default error handling. See https://secure.php.net/manual/en/errorfunc.constants.php
if ($is_error)
{
exit(1); // EXIT_ERROR
diff --git a/system/core/Config.php b/system/core/Config.php
index fc6c30f86..13cc087d0 100644
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -169,7 +169,7 @@ class CI_Config {
$this->is_loaded[] = $file_path;
$config = NULL;
$loaded = TRUE;
- log_message('debug', 'Config file loaded: '.$file_path);
+ log_message('info', 'Config file loaded: '.$file_path);
}
}
@@ -351,20 +351,6 @@ class CI_Config {
// --------------------------------------------------------------------
/**
- * System URL
- *
- * @deprecated 3.0.0 Encourages insecure practices
- * @return string
- */
- public function system_url()
- {
- $x = explode('/', preg_replace('|/*(.+?)/*$|', '\\1', BASEPATH));
- return $this->slash_item('base_url').end($x).'/';
- }
-
- // --------------------------------------------------------------------
-
- /**
* Set a config file item
*
* @param string $item Config item key
diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php
index 90ff1abf4..e8e7f6c29 100644
--- a/system/core/Exceptions.php
+++ b/system/core/Exceptions.php
@@ -161,6 +161,10 @@ class CI_Exceptions {
{
$templates_path = VIEWPATH.'errors'.DIRECTORY_SEPARATOR;
}
+ else
+ {
+ $templates_path = rtrim($templates_path, '/\\').DIRECTORY_SEPARATOR;
+ }
if (is_cli())
{
@@ -194,6 +198,10 @@ class CI_Exceptions {
{
$templates_path = VIEWPATH.'errors'.DIRECTORY_SEPARATOR;
}
+ else
+ {
+ $templates_path = rtrim($templates_path, '/\\').DIRECTORY_SEPARATOR;
+ }
$message = $exception->getMessage();
if (empty($message))
@@ -240,6 +248,10 @@ class CI_Exceptions {
{
$templates_path = VIEWPATH.'errors'.DIRECTORY_SEPARATOR;
}
+ else
+ {
+ $templates_path = rtrim($templates_path, '/\\').DIRECTORY_SEPARATOR;
+ }
$severity = isset($this->levels[$severity]) ? $this->levels[$severity] : $severity;
diff --git a/system/core/Hooks.php b/system/core/Hooks.php
index 6236dd498..353e22e21 100644
--- a/system/core/Hooks.php
+++ b/system/core/Hooks.php
@@ -83,16 +83,16 @@ class CI_Hooks {
/**
* Class constructor
*
+ * @param CI_Config $config
* @return void
*/
- public function __construct()
+ public function __construct(CI_Config $config)
{
- $CFG =& load_class('Config', 'core');
log_message('info', 'Hooks Class Initialized');
// If hooks are not enabled in the config file
// there is nothing else to do
- if ($CFG->item('enable_hooks') === FALSE)
+ if ($config->item('enable_hooks') === FALSE)
{
return;
}
diff --git a/system/core/Input.php b/system/core/Input.php
index 30b31d0d7..053970b01 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -58,45 +58,6 @@ class CI_Input {
protected $ip_address = FALSE;
/**
- * Allow GET array flag
- *
- * If set to FALSE, then $_GET will be set to an empty array.
- *
- * @var bool
- */
- protected $_allow_get_array = TRUE;
-
- /**
- * Standardize new lines flag
- *
- * If set to TRUE, then newlines are standardized.
- *
- * @var bool
- */
- protected $_standardize_newlines;
-
- /**
- * Enable XSS flag
- *
- * Determines whether the XSS filter is always active when
- * GET, POST or COOKIE data is encountered.
- * Set automatically based on config setting.
- *
- * @var bool
- */
- protected $_enable_xss = FALSE;
-
- /**
- * Enable CSRF flag
- *
- * Enables a CSRF cookie token to be set.
- * Set automatically based on config setting.
- *
- * @var bool
- */
- protected $_enable_csrf = FALSE;
-
- /**
* List of all HTTP request headers
*
* @var array
@@ -122,8 +83,15 @@ class CI_Input {
*/
protected $_input_stream;
+ /**
+ * CI_Security instance
+ *
+ * Used for the optional $xss_filter parameter that most
+ * getter methods have here.
+ *
+ * @var CI_Security
+ */
protected $security;
- protected $uni;
// --------------------------------------------------------------------
@@ -135,30 +103,9 @@ class CI_Input {
*
* @return void
*/
- public function __construct()
+ public function __construct(CI_Security &$security)
{
- $this->_allow_get_array = (config_item('allow_get_array') !== FALSE);
- $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
- $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
- $this->_standardize_newlines = (bool) config_item('standardize_newlines');
-
- $this->security =& load_class('Security', 'core');
-
- // Do we need the UTF-8 class?
- if (UTF8_ENABLED === TRUE)
- {
- $this->uni =& load_class('Utf8', 'core');
- }
-
- // Sanitize global arrays
- $this->_sanitize_globals();
-
- // CSRF Protection check
- if ($this->_enable_csrf === TRUE && ! is_cli())
- {
- $this->security->csrf_verify();
- }
-
+ $this->security = $security;
log_message('info', 'Input Class Initialized');
}
@@ -174,10 +121,8 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL)
+ protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = FALSE)
{
- is_bool($xss_clean) OR $xss_clean = $this->_enable_xss;
-
// If $index is NULL, it means that the whole $array is requested
isset($index) OR $index = array_keys($array);
@@ -237,7 +182,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function get($index = NULL, $xss_clean = NULL)
+ public function get($index = NULL, $xss_clean = FALSE)
{
return $this->_fetch_from_array($_GET, $index, $xss_clean);
}
@@ -251,7 +196,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function post($index = NULL, $xss_clean = NULL)
+ public function post($index = NULL, $xss_clean = FALSE)
{
return $this->_fetch_from_array($_POST, $index, $xss_clean);
}
@@ -265,11 +210,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function post_get($index, $xss_clean = NULL)
+ public function post_get($index, $xss_clean = FALSE)
{
- return isset($_POST[$index])
- ? $this->post($index, $xss_clean)
- : $this->get($index, $xss_clean);
+ $output = $this->post($index, $xss_clean);
+ return isset($output) ? $output : $this->get($index, $xss_clean);
}
// --------------------------------------------------------------------
@@ -281,11 +225,10 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function get_post($index, $xss_clean = NULL)
+ public function get_post($index, $xss_clean = FALSE)
{
- return isset($_GET[$index])
- ? $this->get($index, $xss_clean)
- : $this->post($index, $xss_clean);
+ $output = $this->get($index, $xss_clean);
+ return isset($output) ? $output : $this->post($index, $xss_clean);
}
// --------------------------------------------------------------------
@@ -297,7 +240,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function cookie($index = NULL, $xss_clean = NULL)
+ public function cookie($index = NULL, $xss_clean = FALSE)
{
return $this->_fetch_from_array($_COOKIE, $index, $xss_clean);
}
@@ -311,7 +254,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function server($index, $xss_clean = NULL)
+ public function server($index, $xss_clean = FALSE)
{
return $this->_fetch_from_array($_SERVER, $index, $xss_clean);
}
@@ -327,7 +270,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function input_stream($index = NULL, $xss_clean = NULL)
+ public function input_stream($index = NULL, $xss_clean = FALSE)
{
// Prior to PHP 5.6, the input stream can only be read once,
// so we'll need to check if we have already done that first.
@@ -359,7 +302,7 @@ class CI_Input {
* @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript)
* @return void
*/
- public function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL)
+ public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL)
{
if (is_array($name))
{
@@ -396,9 +339,9 @@ class CI_Input {
? (bool) config_item('cookie_httponly')
: (bool) $httponly;
- if ( ! is_numeric($expire))
+ if ( ! is_numeric($expire) OR $expire < 0)
{
- $expire = time() - 86500;
+ $expire = 1;
}
else
{
@@ -579,7 +522,7 @@ class CI_Input {
*
* @return string|null User Agent string or NULL if it doesn't exist
*/
- public function user_agent($xss_clean = NULL)
+ public function user_agent($xss_clean = FALSE)
{
return $this->_fetch_from_array($_SERVER, 'HTTP_USER_AGENT', $xss_clean);
}
@@ -587,167 +530,6 @@ class CI_Input {
// --------------------------------------------------------------------
/**
- * Sanitize Globals
- *
- * Internal method serving for the following purposes:
- *
- * - Unsets $_GET data, if query strings are not enabled
- * - Cleans POST, COOKIE and SERVER data
- * - Standardizes newline characters to PHP_EOL
- *
- * @return void
- */
- protected function _sanitize_globals()
- {
- // Is $_GET data allowed? If not we'll set the $_GET to an empty array
- if ($this->_allow_get_array === FALSE)
- {
- $_GET = array();
- }
- elseif (is_array($_GET))
- {
- foreach ($_GET as $key => $val)
- {
- $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
- }
- }
-
- // Clean $_POST Data
- if (is_array($_POST))
- {
- foreach ($_POST as $key => $val)
- {
- $_POST[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
- }
- }
-
- // Clean $_COOKIE Data
- if (is_array($_COOKIE))
- {
- // Also get rid of specially treated cookies that might be set by a server
- // or silly application, that are of no use to a CI application anyway
- // but that when present will trip our 'Disallowed Key Characters' alarm
- // http://www.ietf.org/rfc/rfc2109.txt
- // note that the key names below are single quoted strings, and are not PHP variables
- unset(
- $_COOKIE['$Version'],
- $_COOKIE['$Path'],
- $_COOKIE['$Domain']
- );
-
- foreach ($_COOKIE as $key => $val)
- {
- if (($cookie_key = $this->_clean_input_keys($key)) !== FALSE)
- {
- $_COOKIE[$cookie_key] = $this->_clean_input_data($val);
- }
- else
- {
- unset($_COOKIE[$key]);
- }
- }
- }
-
- // Sanitize PHP_SELF
- $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
-
- log_message('debug', 'Global POST, GET and COOKIE data sanitized');
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Clean Input Data
- *
- * Internal method that aids in escaping data and
- * standardizing newline characters to PHP_EOL.
- *
- * @param string|string[] $str Input string(s)
- * @return string
- */
- protected function _clean_input_data($str)
- {
- if (is_array($str))
- {
- $new_array = array();
- foreach (array_keys($str) as $key)
- {
- $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($str[$key]);
- }
- return $new_array;
- }
-
- /* We strip slashes if magic quotes is on to keep things consistent
-
- NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and
- it will probably not exist in future versions at all.
- */
- if ( ! is_php('5.4') && get_magic_quotes_gpc())
- {
- $str = stripslashes($str);
- }
-
- // Clean UTF-8 if supported
- if (UTF8_ENABLED === TRUE)
- {
- $str = $this->uni->clean_string($str);
- }
-
- // Remove control characters
- $str = remove_invisible_characters($str, FALSE);
-
- // Standardize newlines if needed
- if ($this->_standardize_newlines === TRUE)
- {
- return preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $str);
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Clean Keys
- *
- * Internal method that helps to prevent malicious users
- * from trying to exploit keys we make sure that keys are
- * only named with alpha-numeric text and a few other items.
- *
- * @param string $str Input string
- * @param bool $fatal Whether to terminate script exection
- * or to return FALSE if an invalid
- * key is encountered
- * @return string|bool
- */
- protected function _clean_input_keys($str, $fatal = TRUE)
- {
- if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str))
- {
- if ($fatal === TRUE)
- {
- return FALSE;
- }
- else
- {
- set_status_header(503);
- echo 'Disallowed Key Characters.';
- exit(7); // EXIT_USER_INPUT
- }
- }
-
- // Clean UTF-8 if supported
- if (UTF8_ENABLED === TRUE)
- {
- return $this->uni->clean_string($str);
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
* Request Headers
*
* @param bool $xss_clean Whether to apply XSS filtering
@@ -839,21 +621,6 @@ class CI_Input {
// --------------------------------------------------------------------
/**
- * Is CLI request?
- *
- * Test to see if a request was made from the command line.
- *
- * @deprecated 3.0.0 Use is_cli() instead
- * @return bool
- */
- public function is_cli_request()
- {
- return is_cli();
- }
-
- // --------------------------------------------------------------------
-
- /**
* Get Request Method
*
* Return the request method
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 14888e49a..0710b1611 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -348,9 +348,10 @@ class CI_Loader {
throw new RuntimeException('Unable to locate the model you have specified: '.$model);
}
}
- elseif ( ! is_subclass_of($model, 'CI_Model'))
+
+ if ( ! is_subclass_of($model, 'CI_Model'))
{
- throw new RuntimeException("Class ".$model." already exists and doesn't extend CI_Model");
+ throw new RuntimeException("Class ".$model." doesn't extend CI_Model");
}
$this->_ci_models[] = $name;
@@ -943,7 +944,7 @@ class CI_Loader {
empty($_ci_vars) OR $this->_ci_cached_vars = array_merge($this->_ci_cached_vars, $_ci_vars);
extract($this->_ci_cached_vars);
- /*
+ /**
* Buffer the output
*
* We buffer the output for two reasons:
@@ -956,18 +957,7 @@ class CI_Loader {
*/
ob_start();
- // If the PHP installation does not support short tags we'll
- // do a little string replacement, changing the short tags
- // to standard PHP echo statements.
- if ( ! is_php('5.4') && ! ini_get('short_open_tag') && config_item('rewrite_short_tags') === TRUE)
- {
- echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path))));
- }
- else
- {
- include($_ci_path); // include() vs include_once() allows for multiple views with the same name
- }
-
+ include($_ci_path); // include() vs include_once() allows for multiple views with the same name
log_message('info', 'File loaded: '.$_ci_path);
// Return the file data if requested
diff --git a/system/core/Log.php b/system/core/Log.php
index f37726e02..fde0bebf2 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -124,7 +124,9 @@ class CI_Log {
isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
- $this->_log_path = ($config['log_path'] !== '') ? $config['log_path'] : APPPATH.'logs/';
+ $this->_log_path = ($config['log_path'] !== '')
+ ? rtrim($config['log_path'], '/\\').DIRECTORY_SEPARATOR : APPPATH.'logs'.DIRECTORY_SEPARATOR;
+
$this->_file_ext = (isset($config['log_file_extension']) && $config['log_file_extension'] !== '')
? ltrim($config['log_file_extension'], '.') : 'php';
@@ -283,9 +285,6 @@ class CI_Log {
{
if (self::$func_overload)
{
- // mb_substr($str, $start, null, '8bit') returns an empty
- // string on PHP 5.3
- isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
return mb_substr($str, $start, $length, '8bit');
}
diff --git a/system/core/Model.php b/system/core/Model.php
index 0aadbcdc8..4c497d21e 100644
--- a/system/core/Model.php
+++ b/system/core/Model.php
@@ -49,14 +49,6 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class CI_Model {
/**
- * Class constructor
- *
- * @link https://github.com/bcit-ci/CodeIgniter/issues/5332
- * @return void
- */
- public function __construct() {}
-
- /**
* __get magic
*
* Allows models to access CI's loaded classes using the same
diff --git a/system/core/Output.php b/system/core/Output.php
index 64e7ee1f9..f386d3ad4 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -412,7 +412,7 @@ class CI_Output {
* @param string $output Output data override
* @return void
*/
- public function _display($output = '')
+ public function _display($output = NULL)
{
// Note: We use load_class() because we can't use $CI =& get_instance()
// since this function is sometimes called by the caching mechanism,
@@ -429,7 +429,7 @@ class CI_Output {
// --------------------------------------------------------------------
// Set the output data
- if ($output === '')
+ if ($output === NULL)
{
$output =& $this->final_output;
}
@@ -502,7 +502,7 @@ class CI_Output {
echo $output;
log_message('info', 'Final output sent to browser');
- log_message('debug', 'Total execution time: '.$elapsed);
+ log_message('info', 'Total execution time: '.$elapsed);
return;
}
@@ -539,7 +539,7 @@ class CI_Output {
}
log_message('info', 'Final output sent to browser');
- log_message('debug', 'Total execution time: '.$elapsed);
+ log_message('info', 'Total execution time: '.$elapsed);
}
// --------------------------------------------------------------------
@@ -554,7 +554,7 @@ class CI_Output {
{
$CI =& get_instance();
$path = $CI->config->item('cache_path');
- $cache_path = ($path === '') ? APPPATH.'cache/' : $path;
+ $cache_path = ($path === '') ? APPPATH.'cache'.DIRECTORY_SEPARATOR : rtrim($path, '/\\').DIRECTORY_SEPARATOR;
if ( ! is_dir($cache_path) OR ! is_really_writable($cache_path))
{
@@ -563,7 +563,7 @@ class CI_Output {
}
$uri = $CI->config->item('base_url')
- .$CI->config->item('index_page')
+ .$CI->config->slash_item('index_page')
.$CI->uri->uri_string();
if (($cache_query_string = $CI->config->item('cache_query_string')) && ! empty($_SERVER['QUERY_STRING']))
@@ -658,7 +658,7 @@ class CI_Output {
$cache_path = ($CFG->item('cache_path') === '') ? APPPATH.'cache/' : $CFG->item('cache_path');
// Build the file path. The file name is an MD5 hash of the full URI
- $uri = $CFG->item('base_url').$CFG->item('index_page').$URI->uri_string;
+ $uri = $CFG->item('base_url').$CFG->slash_item('index_page').$URI->uri_string;
if (($cache_query_string = $CFG->item('cache_query_string')) && ! empty($_SERVER['QUERY_STRING']))
{
@@ -761,7 +761,7 @@ class CI_Output {
}
}
- $cache_path .= md5($CI->config->item('base_url').$CI->config->item('index_page').ltrim($uri, '/'));
+ $cache_path .= md5($CI->config->item('base_url').$CI->config->slash_item('index_page').ltrim($uri, '/'));
if ( ! @unlink($cache_path))
{
@@ -829,9 +829,6 @@ class CI_Output {
{
if (self::$func_overload)
{
- // mb_substr($str, $start, null, '8bit') returns an empty
- // string on PHP 5.3
- isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
return mb_substr($str, $start, $length, '8bit');
}
diff --git a/system/core/Router.php b/system/core/Router.php
index 90b69d07a..dcdd1ed1f 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -439,19 +439,6 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Fetch the current class
- *
- * @deprecated 3.0.0 Read the 'class' property instead
- * @return string
- */
- public function fetch_class()
- {
- return $this->class;
- }
-
- // --------------------------------------------------------------------
-
- /**
* Set method name
*
* @param string $method Method name
@@ -465,19 +452,6 @@ class CI_Router {
// --------------------------------------------------------------------
/**
- * Fetch the current method
- *
- * @deprecated 3.0.0 Read the 'method' property instead
- * @return string
- */
- public function fetch_method()
- {
- return $this->method;
- }
-
- // --------------------------------------------------------------------
-
- /**
* Set directory name
*
* @param string $dir Directory name
@@ -495,21 +469,4 @@ class CI_Router {
$this->directory .= str_replace('.', '', trim($dir, '/')).'/';
}
}
-
- // --------------------------------------------------------------------
-
- /**
- * Fetch directory
- *
- * Feches the sub-directory (if any) that contains the requested
- * controller class.
- *
- * @deprecated 3.0.0 Read the 'directory' property instead
- * @return string
- */
- public function fetch_directory()
- {
- return $this->directory;
- }
-
}
diff --git a/system/core/Security.php b/system/core/Security.php
index 6a81faff1..5edb67f4e 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -169,10 +169,12 @@ class CI_Security {
*
* @return void
*/
- public function __construct()
+ public function __construct($charset)
{
+ $this->charset = $charset;
+
// Is CSRF protection enabled?
- if (config_item('csrf_protection'))
+ if (config_item('csrf_protection') && ! is_cli())
{
// CSRF config
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
@@ -191,10 +193,9 @@ class CI_Security {
// Set the CSRF hash
$this->_csrf_set_hash();
+ $this->csrf_verify();
}
- $this->charset = strtoupper(config_item('charset'));
-
log_message('info', 'Security Class Initialized');
}
@@ -639,7 +640,7 @@ class CI_Security {
if (is_readable('/dev/urandom') && ($fp = fopen('/dev/urandom', 'rb')) !== FALSE)
{
// Try not to waste entropy ...
- is_php('5.4') && stream_set_chunk_size($fp, $length);
+ stream_set_chunk_size($fp, $length);
$output = fread($fp, $length);
fclose($fp);
if ($output !== FALSE)
@@ -669,7 +670,7 @@ class CI_Security {
* correctly. html_entity_decode() does not convert entities without
* semicolons, so we are left with our own little solution here. Bummer.
*
- * @link http://php.net/html-entity-decode
+ * @link https://secure.php.net/html-entity-decode
*
* @param string $str Input
* @param string $charset Character set
@@ -684,26 +685,8 @@ class CI_Security {
static $_entities;
- isset($charset) OR $charset = $this->charset;
- $flag = is_php('5.4')
- ? ENT_COMPAT | ENT_HTML5
- : ENT_COMPAT;
-
- if ( ! isset($_entities))
- {
- $_entities = array_map('strtolower', get_html_translation_table(HTML_ENTITIES, $flag, $charset));
-
- // If we're not on PHP 5.4+, add the possibly dangerous HTML 5
- // entities to the array manually
- if ($flag === ENT_COMPAT)
- {
- $_entities[':'] = '&colon;';
- $_entities['('] = '&lpar;';
- $_entities[')'] = '&rpar;';
- $_entities["\n"] = '&NewLine;';
- $_entities["\t"] = '&Tab;';
- }
- }
+ isset($charset) OR $charset = $this->charset;
+ isset($_entities) OR $_entities = array_map('strtolower', get_html_translation_table(HTML_ENTITIES, ENT_COMPAT | ENT_HTML5, $charset));
do
{
@@ -728,14 +711,9 @@ class CI_Security {
// Decode numeric & UTF16 two byte entities
$str = html_entity_decode(
preg_replace('/(&#(?:x0*[0-9a-f]{2,5}(?![0-9a-f;])|(?:0*\d{2,4}(?![0-9;]))))/iS', '$1;', $str),
- $flag,
+ ENT_COMPAT | ENT_HTML5,
$charset
);
-
- if ($flag === ENT_COMPAT)
- {
- $str = str_replace(array_values($_entities), array_keys($_entities), $str);
- }
}
while ($str_compare !== $str);
return $str;
@@ -1087,5 +1065,4 @@ class CI_Security {
return $this->_csrf_hash;
}
-
}
diff --git a/system/core/URI.php b/system/core/URI.php
index a8b98ae93..3670ef29d 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -96,45 +96,40 @@ class CI_URI {
*
* @return void
*/
- public function __construct()
+ public function __construct(CI_Config $config)
{
- $this->config =& load_class('Config', 'core');
+ $this->config = $config;
+ // If it's a CLI request, ignore the configuration
+ if (is_cli())
+ {
+ $this->_set_uri_string($this->_parse_argv(), TRUE);
+ }
// If query strings are enabled, we don't need to parse any segments.
- // However, they don't make sense under CLI.
- if (is_cli() OR $this->config->item('enable_query_strings') !== TRUE)
+ elseif ($this->config->item('enable_query_strings') !== TRUE)
{
$this->_permitted_uri_chars = $this->config->item('permitted_uri_chars');
+ $protocol = $this->config->item('uri_protocol');
+ empty($protocol) && $protocol = 'REQUEST_URI';
- // If it's a CLI request, ignore the configuration
- if (is_cli())
+ switch ($protocol)
{
- $uri = $this->_parse_argv();
+ case 'AUTO': // For BC purposes only
+ case 'REQUEST_URI':
+ $uri = $this->_parse_request_uri();
+ break;
+ case 'QUERY_STRING':
+ $uri = $this->_parse_query_string();
+ break;
+ case 'PATH_INFO':
+ default:
+ $uri = isset($_SERVER[$protocol])
+ ? $_SERVER[$protocol]
+ : $this->_parse_request_uri();
+ break;
}
- else
- {
- $protocol = $this->config->item('uri_protocol');
- empty($protocol) && $protocol = 'REQUEST_URI';
- switch ($protocol)
- {
- case 'AUTO': // For BC purposes only
- case 'REQUEST_URI':
- $uri = $this->_parse_request_uri();
- break;
- case 'QUERY_STRING':
- $uri = $this->_parse_query_string();
- break;
- case 'PATH_INFO':
- default:
- $uri = isset($_SERVER[$protocol])
- ? $_SERVER[$protocol]
- : $this->_parse_request_uri();
- break;
- }
- }
-
- $this->_set_uri_string($uri);
+ $this->_set_uri_string($uri, FALSE);
}
log_message('info', 'URI Class Initialized');
@@ -145,43 +140,66 @@ class CI_URI {
/**
* Set URI String
*
- * @param string $str
+ * @param string $str Input URI string
+ * @param bool $is_cli Whether the input comes from CLI
* @return void
*/
- protected function _set_uri_string($str)
+ protected function _set_uri_string($str, $is_cli = FALSE)
{
- // Filter out control characters and trim slashes
- $this->uri_string = trim(remove_invisible_characters($str, FALSE), '/');
-
- if ($this->uri_string !== '')
+ // CLI requests have a bit simpler logic
+ if ($is_cli)
{
- // Remove the URL suffix, if present
- if (($suffix = (string) $this->config->item('url_suffix')) !== '')
+ if (($this->uri_string = trim($str, '/')) === '')
{
- $slen = strlen($suffix);
-
- if (substr($this->uri_string, -$slen) === $suffix)
- {
- $this->uri_string = substr($this->uri_string, 0, -$slen);
- }
+ return;
}
$this->segments[0] = NULL;
- // Populate the segments array
- foreach (explode('/', trim($this->uri_string, '/')) as $val)
+ foreach (explode('/', $this->uri_string) as $segment)
{
- $val = trim($val);
- // Filter segments for security
- $this->filter_uri($val);
-
- if ($val !== '')
+ if (($segment = trim($segment)) !== '')
{
- $this->segments[] = $val;
+ $this->segments[] = $segment;
}
}
unset($this->segments[0]);
+ return;
+ }
+
+ // Filter out control characters and trim slashes
+ $this->uri_string = trim(remove_invisible_characters($str, FALSE), '/');
+
+ if ($this->uri_string === '')
+ {
+ return;
}
+
+ // Remove the URL suffix, if present
+ if (($suffix = (string) $this->config->item('url_suffix')) !== '')
+ {
+ $slen = strlen($suffix);
+
+ if (substr($this->uri_string, -$slen) === $suffix)
+ {
+ $this->uri_string = substr($this->uri_string, 0, -$slen);
+ }
+ }
+
+ $this->segments[0] = NULL;
+ foreach (explode('/', trim($this->uri_string, '/')) as $segment)
+ {
+ $segment = trim($segment);
+ // Filter segments for security
+ $this->filter_uri($segment);
+
+ if ($segment !== '')
+ {
+ $this->segments[] = $segment;
+ }
+ }
+
+ unset($this->segments[0]);
}
// --------------------------------------------------------------------
diff --git a/system/core/Utf8.php b/system/core/Utf8.php
index 9ee63e929..39954c428 100644
--- a/system/core/Utf8.php
+++ b/system/core/Utf8.php
@@ -57,21 +57,21 @@ class CI_Utf8 {
*
* @return void
*/
- public function __construct()
+ public function __construct($charset)
{
if (
- defined('PREG_BAD_UTF8_ERROR') // PCRE must support UTF-8
- && (ICONV_ENABLED === TRUE OR MB_ENABLED === TRUE) // iconv or mbstring must be installed
- && strtoupper(config_item('charset')) === 'UTF-8' // Application charset must be UTF-8
- )
+ defined('PREG_BAD_UTF8_ERROR') // PCRE must support UTF-8
+ && (ICONV_ENABLED === TRUE OR MB_ENABLED === TRUE) // iconv or mbstring must be installed
+ && $charset === 'UTF-8' // Application charset must be UTF-8
+ )
{
define('UTF8_ENABLED', TRUE);
- log_message('debug', 'UTF-8 Support Enabled');
+ log_message('info', 'UTF-8 Support Enabled');
}
else
{
define('UTF8_ENABLED', FALSE);
- log_message('debug', 'UTF-8 Support Disabled');
+ log_message('info', 'UTF-8 Support Disabled');
}
log_message('info', 'Utf8 Class Initialized');
diff --git a/system/core/compat/hash.php b/system/core/compat/hash.php
index 8f5510c3f..8d905ad68 100644
--- a/system/core/compat/hash.php
+++ b/system/core/compat/hash.php
@@ -45,7 +45,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @category Compatibility
* @author Andrey Andreev
* @link https://codeigniter.com/user_guide/
- * @link http://php.net/hash
+ * @link https://secure.php.net/hash
*/
// ------------------------------------------------------------------------
@@ -62,7 +62,7 @@ if ( ! function_exists('hash_equals'))
/**
* hash_equals()
*
- * @link http://php.net/hash_equals
+ * @link https://secure.php.net/hash_equals
* @param string $known_string
* @param string $user_string
* @return bool
@@ -108,7 +108,7 @@ if ( ! function_exists('hash_pbkdf2'))
/**
* hash_pbkdf2()
*
- * @link http://php.net/hash_pbkdf2
+ * @link https://secure.php.net/hash_pbkdf2
* @param string $algo
* @param string $password
* @param string $salt
@@ -205,8 +205,6 @@ if ( ! function_exists('hash_pbkdf2'))
'ripemd160' => 64,
'ripemd256' => 64,
'ripemd320' => 64,
- 'salsa10' => 64,
- 'salsa20' => 64,
'sha1' => 64,
'sha224' => 64,
'sha256' => 64,
diff --git a/system/core/compat/mbstring.php b/system/core/compat/mbstring.php
index 552e72719..41c86376c 100644
--- a/system/core/compat/mbstring.php
+++ b/system/core/compat/mbstring.php
@@ -45,7 +45,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @category Compatibility
* @author Andrey Andreev
* @link https://codeigniter.com/user_guide/
- * @link http://php.net/mbstring
+ * @link https://secure.php.net/mbstring
*/
// ------------------------------------------------------------------------
@@ -65,7 +65,7 @@ if ( ! function_exists('mb_strlen'))
* WARNING: This function WILL fall-back to strlen()
* if iconv is not available!
*
- * @link http://php.net/mb_strlen
+ * @link https://secure.php.net/mb_strlen
* @param string $str
* @param string $encoding
* @return int
@@ -92,7 +92,7 @@ if ( ! function_exists('mb_strpos'))
* WARNING: This function WILL fall-back to strpos()
* if iconv is not available!
*
- * @link http://php.net/mb_strpos
+ * @link https://secure.php.net/mb_strpos
* @param string $haystack
* @param string $needle
* @param int $offset
@@ -121,7 +121,7 @@ if ( ! function_exists('mb_substr'))
* WARNING: This function WILL fall-back to substr()
* if iconv is not available.
*
- * @link http://php.net/mb_substr
+ * @link https://secure.php.net/mb_substr
* @param string $str
* @param int $start
* @param int $length
diff --git a/system/core/compat/password.php b/system/core/compat/password.php
index 5a3bc2076..f6517b46d 100644
--- a/system/core/compat/password.php
+++ b/system/core/compat/password.php
@@ -45,7 +45,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @category Compatibility
* @author Andrey Andreev
* @link https://codeigniter.com/user_guide/
- * @link http://php.net/password
+ * @link https://secure.php.net/password
*/
// ------------------------------------------------------------------------
@@ -67,7 +67,7 @@ if ( ! function_exists('password_get_info'))
/**
* password_get_info()
*
- * @link http://php.net/password_get_info
+ * @link https://secure.php.net/password_get_info
* @param string $hash
* @return array
*/
@@ -86,7 +86,7 @@ if ( ! function_exists('password_hash'))
/**
* password_hash()
*
- * @link http://php.net/password_hash
+ * @link https://secure.php.net/password_hash
* @param string $password
* @param int $algo
* @param array $options
@@ -141,7 +141,7 @@ if ( ! function_exists('password_hash'))
}
// Try not to waste entropy ...
- is_php('5.4') && stream_set_chunk_size($fp, 16);
+ stream_set_chunk_size($fp, 16);
$options['salt'] = '';
for ($read = 0; $read < 16; $read = ($func_overload) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))
@@ -194,7 +194,7 @@ if ( ! function_exists('password_needs_rehash'))
/**
* password_needs_rehash()
*
- * @link http://php.net/password_needs_rehash
+ * @link https://secure.php.net/password_needs_rehash
* @param string $hash
* @param int $algo
* @param array $options
@@ -228,7 +228,7 @@ if ( ! function_exists('password_verify'))
/**
* password_verify()
*
- * @link http://php.net/password_verify
+ * @link https://secure.php.net/password_verify
* @param string $password
* @param string $hash
* @return bool
diff --git a/system/core/compat/standard.php b/system/core/compat/standard.php
index 2c528fd7c..31c39ca25 100644
--- a/system/core/compat/standard.php
+++ b/system/core/compat/standard.php
@@ -61,7 +61,7 @@ if ( ! function_exists('array_column'))
/**
* array_column()
*
- * @link http://php.net/array_column
+ * @link https://secure.php.net/array_column
* @param array $array
* @param mixed $column_key
* @param mixed $index_key
@@ -132,51 +132,3 @@ if ( ! function_exists('array_column'))
return $result;
}
}
-
-// ------------------------------------------------------------------------
-
-if (is_php('5.4'))
-{
- return;
-}
-
-// ------------------------------------------------------------------------
-
-if ( ! function_exists('hex2bin'))
-{
- /**
- * hex2bin()
- *
- * @link http://php.net/hex2bin
- * @param string $data
- * @return string
- */
- function hex2bin($data)
- {
- if (in_array($type = gettype($data), array('array', 'double', 'object', 'resource'), TRUE))
- {
- if ($type === 'object' && method_exists($data, '__toString'))
- {
- $data = (string) $data;
- }
- else
- {
- trigger_error('hex2bin() expects parameter 1 to be string, '.$type.' given', E_USER_WARNING);
- return NULL;
- }
- }
-
- if (strlen($data) % 2 !== 0)
- {
- trigger_error('Hexadecimal input string must have an even length', E_USER_WARNING);
- return FALSE;
- }
- elseif ( ! preg_match('/^[0-9a-f]*$/i', $data))
- {
- trigger_error('Input string must be hexadecimal string', E_USER_WARNING);
- return FALSE;
- }
-
- return pack('H*', $data);
- }
-}