diff options
Diffstat (limited to 'system/core')
| -rw-r--r-- | system/core/Config.php | 14 | ||||
| -rw-r--r-- | system/core/Loader.php | 2 | ||||
| -rw-r--r-- | system/core/Security.php | 14 |
3 files changed, 15 insertions, 15 deletions
diff --git a/system/core/Config.php b/system/core/Config.php index 4b4e5a7ba..2f6a9e085 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -43,7 +43,7 @@ class CI_Config { * * @var array */ - public $config = array(); + public $config = array(); /** * List of all loaded config files @@ -102,13 +102,13 @@ class CI_Config { { $file = ($file === '') ? 'config' : str_replace('.php', '', $file); $found = $loaded = FALSE; + + $check_locations = defined('ENVIRONMENT') + ? array(ENVIRONMENT.'/'.$file, $file) + : array($file); foreach ($this->_config_paths as $path) { - $check_locations = defined('ENVIRONMENT') - ? array(ENVIRONMENT.'/'.$file, $file) - : array($file); - foreach ($check_locations as $location) { $file_path = $path.'config/'.$location.'.php'; @@ -172,7 +172,7 @@ class CI_Config { { return FALSE; } - show_error('The configuration file '.$file.'.php'.' does not exist.'); + show_error('The configuration file '.$file.'.php does not exist.'); } return TRUE; @@ -271,7 +271,7 @@ class CI_Config { */ public function base_url($uri = '') { - return $this->slash_item('base_url').ltrim($this->_uri_string($uri),'/'); + return $this->slash_item('base_url').ltrim($this->_uri_string($uri), '/'); } // ------------------------------------------------------------- diff --git a/system/core/Loader.php b/system/core/Loader.php index 94739c74a..d51ee0b34 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -820,7 +820,7 @@ class CI_Loader { /* * Extract and cache variables * - * You can either set variables using the dedicated $this->load_vars() + * You can either set variables using the dedicated $this->load->vars() * function or via the second parameter of this function. We'll merge * the two types and cache them so that views that are embedded within * other views can have access to these variables. diff --git a/system/core/Security.php b/system/core/Security.php index 227217e75..b22d2cf19 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -395,20 +395,20 @@ class CI_Security { if (preg_match('/<a/i', $str)) { - $str = preg_replace_callback('#<a\s+([^>]*?)(>|$)#si', array($this, '_js_link_removal'), $str); + $str = preg_replace_callback('#<a\s+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str); } if (preg_match('/<img/i', $str)) { - $str = preg_replace_callback('#<img\s+([^>]*?)(\s?/?>|$)#si', array($this, '_js_img_removal'), $str); + $str = preg_replace_callback('#<img\s+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str); } - if (preg_match('/(script|xss)/i', $str)) + if (preg_match('/script|xss/i', $str)) { - $str = preg_replace('#<(/*)(script|xss)(.*?)\>#si', '[removed]', $str); + $str = preg_replace('#</*(?:script|xss).*?>#si', '[removed]', $str); } } - while($original !== $str); + while ($original !== $str); unset($original); @@ -683,7 +683,7 @@ class CI_Security { protected function _js_link_removal($match) { return str_replace($match[1], - preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', + preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), @@ -706,7 +706,7 @@ class CI_Security { protected function _js_img_removal($match) { return str_replace($match[1], - preg_replace('#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', + preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), |