diff options
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/CodeIgniter.php | 2 | ||||
-rw-r--r-- | system/core/Config.php | 9 | ||||
-rw-r--r-- | system/core/Input.php | 30 | ||||
-rw-r--r-- | system/core/compat/password.php | 26 |
4 files changed, 42 insertions, 25 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index d9ac7efe3..5e60a8d40 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @var string * */ - define('CI_VERSION', '3.1.0-dev'); + define('CI_VERSION', '3.2.0-dev'); /* * ------------------------------------------------------ diff --git a/system/core/Config.php b/system/core/Config.php index 5c6ba2a4d..e74751639 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -319,7 +319,7 @@ class CI_Config { } } - return $base_url.ltrim($this->_uri_string($uri), '/'); + return $base_url.$this->_uri_string($uri); } // ------------------------------------------------------------- @@ -337,11 +337,8 @@ class CI_Config { { if ($this->item('enable_query_strings') === FALSE) { - if (is_array($uri)) - { - $uri = implode('/', $uri); - } - return trim($uri, '/'); + is_array($uri) && $uri = implode('/', $uri); + return ltrim($uri, '/'); } elseif (is_array($uri)) { diff --git a/system/core/Input.php b/system/core/Input.php index 59b39620c..f6397e35b 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -519,9 +519,9 @@ class CI_Input { if ($separator === ':') { $netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr)); - for ($i = 0; $i < 8; $i++) + for ($j = 0; $j < 8; $j++) { - $netaddr[$i] = intval($netaddr[$i], 16); + $netaddr[$i] = intval($netaddr[$j], 16); } } else @@ -760,30 +760,32 @@ class CI_Input { // If header is already defined, return it immediately if ( ! empty($this->headers)) { - return $this->headers; + return $this->_fetch_from_array($this->headers, NULL, $xss_clean); } // In Apache, you can simply call apache_request_headers() if (function_exists('apache_request_headers')) { - return $this->headers = apache_request_headers(); + $this->headers = apache_request_headers(); } - - $this->headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); - - foreach ($_SERVER as $key => $val) + else { - if (sscanf($key, 'HTTP_%s', $header) === 1) + isset($_SERVER['CONTENT_TYPE']) && $this->headers['Content-Type'] = $_SERVER['CONTENT_TYPE']; + + foreach ($_SERVER as $key => $val) { - // take SOME_HEADER and turn it into Some-Header - $header = str_replace('_', ' ', strtolower($header)); - $header = str_replace(' ', '-', ucwords($header)); + if (sscanf($key, 'HTTP_%s', $header) === 1) + { + // take SOME_HEADER and turn it into Some-Header + $header = str_replace('_', ' ', strtolower($header)); + $header = str_replace(' ', '-', ucwords($header)); - $this->headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); + $this->headers[$header] = $_SERVER[$key]; + } } } - return $this->headers; + return $this->_fetch_from_array($this->headers, NULL, $xss_clean); } // -------------------------------------------------------------------- diff --git a/system/core/compat/password.php b/system/core/compat/password.php index f0c22c780..76dd2cf0a 100644 --- a/system/core/compat/password.php +++ b/system/core/compat/password.php @@ -116,13 +116,21 @@ if ( ! function_exists('password_hash')) } elseif ( ! isset($options['salt'])) { - if (defined('MCRYPT_DEV_URANDOM')) + if (function_exists('random_bytes')) { - $options['salt'] = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM); + try + { + $options['salt'] = random_bytes(16); + } + catch (Exception $e) + { + log_message('error', 'compat/password: Error while trying to use random_bytes(): '.$e->getMessage()); + return FALSE; + } } - elseif (function_exists('openssl_random_pseudo_bytes')) + elseif (defined('MCRYPT_DEV_URANDOM')) { - $options['salt'] = openssl_random_pseudo_bytes(16); + $options['salt'] = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM); } elseif (DIRECTORY_SEPARATOR === '/' && (is_readable($dev = '/dev/arandom') OR is_readable($dev = '/dev/urandom'))) { @@ -148,6 +156,16 @@ if ( ! function_exists('password_hash')) fclose($fp); } + elseif (function_exists('openssl_random_pseudo_bytes')) + { + $is_secure = NULL; + $options['salt'] = openssl_random_pseudo_bytes(16, $is_secure); + if ($is_secure !== TRUE) + { + log_message('error', 'compat/password: openssl_random_pseudo_bytes() set the $cryto_strong flag to FALSE'); + return FALSE; + } + } else { log_message('error', 'compat/password: No CSPRNG available.'); |