summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rwxr-xr-xsystem/core/Config.php2
-rwxr-xr-xsystem/core/Input.php13
-rwxr-xr-xsystem/core/Security.php10
-rwxr-xr-xsystem/core/URI.php18
4 files changed, 35 insertions, 8 deletions
diff --git a/system/core/Config.php b/system/core/Config.php
index 1e149d005..91826bd41 100755
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -76,7 +76,7 @@ class CI_Config {
log_message('debug', 'Config Class Initialized');
// Set the base_url automatically if none was provided
- if ($this->config['base_url'] == '')
+ if (empty($this->config['base_url']))
{
if (isset($_SERVER['HTTP_HOST']))
{
diff --git a/system/core/Input.php b/system/core/Input.php
index 901b4147e..6e6885992 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -228,7 +228,7 @@ class CI_Input {
/**
* Set cookie
*
- * Accepts six parameter, or you can submit an associative
+ * Accepts seven parameters, or you can submit an associative
* array in the first parameter containing all the values.
*
* @param mixed
@@ -238,14 +238,15 @@ class CI_Input {
* @param string the cookie path
* @param string the cookie prefix
* @param bool true makes the cookie secure
+ * @param bool true makes the cookie accessible via http(s) only (no javascript)
* @return void
*/
- public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE)
+ public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE)
{
if (is_array($name))
{
// always leave 'name' in last place, as the loop will break otherwise, due to $$item
- foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item)
+ foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item)
{
if (isset($name[$item]))
{
@@ -270,6 +271,10 @@ class CI_Input {
{
$secure = config_item('cookie_secure');
}
+ if ($httponly == FALSE && config_item('cookie_httponly') != FALSE)
+ {
+ $httponly = config_item('cookie_httponly');
+ }
if ( ! is_numeric($expire))
{
@@ -280,7 +285,7 @@ class CI_Input {
$expire = ($expire > 0) ? time() + $expire : 0;
}
- setcookie($prefix.$name, $value, $expire, $path, $domain, $secure);
+ setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly);
}
// --------------------------------------------------------------------
diff --git a/system/core/Security.php b/system/core/Security.php
index cd8a61028..ac39ce97b 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -196,7 +196,15 @@ class CI_Security {
return FALSE;
}
- setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
+ setcookie(
+ $this->_csrf_cookie_name,
+ $this->_csrf_hash,
+ $expire,
+ config_item('cookie_path'),
+ config_item('cookie_domain'),
+ $secure_cookie,
+ config_item('cookie_httponly')
+ );
log_message('debug', 'CRSF cookie Set');
return $this;
diff --git a/system/core/URI.php b/system/core/URI.php
index 4a2e87c2a..48bb7ae3c 100755
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -22,7 +22,6 @@
* @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
* @link http://codeigniter.com
* @since Version 1.0
- * @filesource
*/
// ------------------------------------------------------------------------
@@ -93,7 +92,7 @@ class CI_URI {
if (strtoupper($this->config->item('uri_protocol')) === 'AUTO')
{
// Is the request coming from the command line?
- if (php_sapi_name() === 'cli' OR defined('STDIN'))
+ if ($this->_is_cli_request())
{
$this->_set_uri_string($this->_parse_cli_args());
return;
@@ -227,6 +226,21 @@ class CI_URI {
}
// --------------------------------------------------------------------
+
+ /**
+ * Is cli Request?
+ *
+ * Duplicate of function from the Input class to test to see if a request was made from the command line
+ *
+ * @return boolean
+ */
+ protected function _is_cli_request()
+ {
+ return (php_sapi_name() == 'cli') OR defined('STDIN');
+ }
+
+
+ // --------------------------------------------------------------------
/**
* Parse cli arguments