summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/CodeIgniter.php2
-rw-r--r--system/core/Config.php9
-rw-r--r--system/core/Input.php30
-rw-r--r--system/core/compat/password.php26
4 files changed, 42 insertions, 25 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index d9ac7efe3..5e60a8d40 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* @var string
*
*/
- define('CI_VERSION', '3.1.0-dev');
+ define('CI_VERSION', '3.2.0-dev');
/*
* ------------------------------------------------------
diff --git a/system/core/Config.php b/system/core/Config.php
index 5c6ba2a4d..e74751639 100644
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -319,7 +319,7 @@ class CI_Config {
}
}
- return $base_url.ltrim($this->_uri_string($uri), '/');
+ return $base_url.$this->_uri_string($uri);
}
// -------------------------------------------------------------
@@ -337,11 +337,8 @@ class CI_Config {
{
if ($this->item('enable_query_strings') === FALSE)
{
- if (is_array($uri))
- {
- $uri = implode('/', $uri);
- }
- return trim($uri, '/');
+ is_array($uri) && $uri = implode('/', $uri);
+ return ltrim($uri, '/');
}
elseif (is_array($uri))
{
diff --git a/system/core/Input.php b/system/core/Input.php
index 59b39620c..f6397e35b 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -519,9 +519,9 @@ class CI_Input {
if ($separator === ':')
{
$netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr));
- for ($i = 0; $i < 8; $i++)
+ for ($j = 0; $j < 8; $j++)
{
- $netaddr[$i] = intval($netaddr[$i], 16);
+ $netaddr[$i] = intval($netaddr[$j], 16);
}
}
else
@@ -760,30 +760,32 @@ class CI_Input {
// If header is already defined, return it immediately
if ( ! empty($this->headers))
{
- return $this->headers;
+ return $this->_fetch_from_array($this->headers, NULL, $xss_clean);
}
// In Apache, you can simply call apache_request_headers()
if (function_exists('apache_request_headers'))
{
- return $this->headers = apache_request_headers();
+ $this->headers = apache_request_headers();
}
-
- $this->headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE');
-
- foreach ($_SERVER as $key => $val)
+ else
{
- if (sscanf($key, 'HTTP_%s', $header) === 1)
+ isset($_SERVER['CONTENT_TYPE']) && $this->headers['Content-Type'] = $_SERVER['CONTENT_TYPE'];
+
+ foreach ($_SERVER as $key => $val)
{
- // take SOME_HEADER and turn it into Some-Header
- $header = str_replace('_', ' ', strtolower($header));
- $header = str_replace(' ', '-', ucwords($header));
+ if (sscanf($key, 'HTTP_%s', $header) === 1)
+ {
+ // take SOME_HEADER and turn it into Some-Header
+ $header = str_replace('_', ' ', strtolower($header));
+ $header = str_replace(' ', '-', ucwords($header));
- $this->headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
+ $this->headers[$header] = $_SERVER[$key];
+ }
}
}
- return $this->headers;
+ return $this->_fetch_from_array($this->headers, NULL, $xss_clean);
}
// --------------------------------------------------------------------
diff --git a/system/core/compat/password.php b/system/core/compat/password.php
index f0c22c780..76dd2cf0a 100644
--- a/system/core/compat/password.php
+++ b/system/core/compat/password.php
@@ -116,13 +116,21 @@ if ( ! function_exists('password_hash'))
}
elseif ( ! isset($options['salt']))
{
- if (defined('MCRYPT_DEV_URANDOM'))
+ if (function_exists('random_bytes'))
{
- $options['salt'] = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
+ try
+ {
+ $options['salt'] = random_bytes(16);
+ }
+ catch (Exception $e)
+ {
+ log_message('error', 'compat/password: Error while trying to use random_bytes(): '.$e->getMessage());
+ return FALSE;
+ }
}
- elseif (function_exists('openssl_random_pseudo_bytes'))
+ elseif (defined('MCRYPT_DEV_URANDOM'))
{
- $options['salt'] = openssl_random_pseudo_bytes(16);
+ $options['salt'] = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
}
elseif (DIRECTORY_SEPARATOR === '/' && (is_readable($dev = '/dev/arandom') OR is_readable($dev = '/dev/urandom')))
{
@@ -148,6 +156,16 @@ if ( ! function_exists('password_hash'))
fclose($fp);
}
+ elseif (function_exists('openssl_random_pseudo_bytes'))
+ {
+ $is_secure = NULL;
+ $options['salt'] = openssl_random_pseudo_bytes(16, $is_secure);
+ if ($is_secure !== TRUE)
+ {
+ log_message('error', 'compat/password: openssl_random_pseudo_bytes() set the $cryto_strong flag to FALSE');
+ return FALSE;
+ }
+ }
else
{
log_message('error', 'compat/password: No CSPRNG available.');