diff options
Diffstat (limited to 'system/core')
| -rwxr-xr-x | system/core/Config.php | 2 | ||||
| -rwxr-xr-x | system/core/Input.php | 13 | ||||
| -rwxr-xr-x | system/core/Security.php | 10 | ||||
| -rwxr-xr-x | system/core/URI.php | 18 |
4 files changed, 35 insertions, 8 deletions
diff --git a/system/core/Config.php b/system/core/Config.php index 1e149d005..91826bd41 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -76,7 +76,7 @@ class CI_Config { log_message('debug', 'Config Class Initialized'); // Set the base_url automatically if none was provided - if ($this->config['base_url'] == '') + if (empty($this->config['base_url'])) { if (isset($_SERVER['HTTP_HOST'])) { diff --git a/system/core/Input.php b/system/core/Input.php index 901b4147e..6e6885992 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -228,7 +228,7 @@ class CI_Input { /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * * @param mixed @@ -238,14 +238,15 @@ class CI_Input { * @param string the cookie path * @param string the cookie prefix * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ - public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { // always leave 'name' in last place, as the loop will break otherwise, due to $$item - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) { if (isset($name[$item])) { @@ -270,6 +271,10 @@ class CI_Input { { $secure = config_item('cookie_secure'); } + if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + { + $httponly = config_item('cookie_httponly'); + } if ( ! is_numeric($expire)) { @@ -280,7 +285,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); } // -------------------------------------------------------------------- diff --git a/system/core/Security.php b/system/core/Security.php index cd8a61028..ac39ce97b 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -196,7 +196,15 @@ class CI_Security { return FALSE; } - setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); + setcookie( + $this->_csrf_cookie_name, + $this->_csrf_hash, + $expire, + config_item('cookie_path'), + config_item('cookie_domain'), + $secure_cookie, + config_item('cookie_httponly') + ); log_message('debug', 'CRSF cookie Set'); return $this; diff --git a/system/core/URI.php b/system/core/URI.php index 4a2e87c2a..48bb7ae3c 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -22,7 +22,6 @@ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 - * @filesource */ // ------------------------------------------------------------------------ @@ -93,7 +92,7 @@ class CI_URI { if (strtoupper($this->config->item('uri_protocol')) === 'AUTO') { // Is the request coming from the command line? - if (php_sapi_name() === 'cli' OR defined('STDIN')) + if ($this->_is_cli_request()) { $this->_set_uri_string($this->_parse_cli_args()); return; @@ -227,6 +226,21 @@ class CI_URI { } // -------------------------------------------------------------------- + + /** + * Is cli Request? + * + * Duplicate of function from the Input class to test to see if a request was made from the command line + * + * @return boolean + */ + protected function _is_cli_request() + { + return (php_sapi_name() == 'cli') OR defined('STDIN'); + } + + + // -------------------------------------------------------------------- /** * Parse cli arguments |