diff options
Diffstat (limited to 'system/core')
| -rw-r--r-- | system/core/Common.php | 4 | ||||
| -rw-r--r-- | system/core/Input.php | 32 | ||||
| -rw-r--r-- | system/core/Output.php | 2 | ||||
| -rw-r--r-- | system/core/Security.php | 3 |
4 files changed, 32 insertions, 9 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 10c22375e..b4f0c388e 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -92,7 +92,7 @@ if ( ! function_exists('is_really_writable')) */ if (is_dir($file)) { - $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100)); + $file = rtrim($file, '/').'/'.md5(mt_rand()); if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE) { return FALSE; @@ -359,7 +359,7 @@ if ( ! function_exists('show_error')) * * This function lets us invoke the exception class and * display errors using the standard error template located - * in application/errors/errors.php + * in application/views/errors/error_general.php * This function will send the error page directly to the * browser and exit. * diff --git a/system/core/Input.php b/system/core/Input.php index 8d491e055..6690b7f2e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -153,17 +153,39 @@ class CI_Input { */ protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { - if ( ! isset($array[$index])) + if (isset($array[$index])) { - return NULL; + $value = $array[$index]; } + elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation + { + $value = $array; + for ($i = 0; $i < $count; $i++) + { + $key = trim($matches[0][$i], '[]'); + if ($key === '') // Empty notation will return the value as array + { + break; + } - if ($xss_clean === TRUE) + if (isset($value[$key])) + { + $value = $value[$key]; + } + else + { + return NULL; + } + } + } + else { - return $this->security->xss_clean($array[$index]); + return NULL; } - return $array[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($value) + : $value; } // -------------------------------------------------------------------- diff --git a/system/core/Output.php b/system/core/Output.php index 25ecd496c..3320ae154 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -793,6 +793,8 @@ class CI_Output { case 'text/css': case 'text/javascript': + case 'application/javascript': + case 'application/x-javascript': $output = $this->_minify_script_style($output); diff --git a/system/core/Security.php b/system/core/Security.php index 7aae54efc..196d61144 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -488,8 +488,7 @@ class CI_Security { { if ($this->_xss_hash === '') { - mt_srand(); - $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); + $this->_xss_hash = md5(uniqid(mt_rand())); } return $this->_xss_hash; |