diff options
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Common.php | 19 | ||||
-rw-r--r-- | system/core/Input.php | 16 | ||||
-rw-r--r-- | system/core/Log.php | 10 | ||||
-rw-r--r-- | system/core/Output.php | 10 | ||||
-rw-r--r-- | system/core/Security.php | 4 | ||||
-rw-r--r-- | system/core/compat/hash.php | 17 | ||||
-rw-r--r-- | system/core/compat/password.php | 8 |
7 files changed, 44 insertions, 40 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index cef9f47e0..c4f6dd30b 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -318,12 +318,9 @@ if ( ! function_exists('get_mimes')) if (empty($_mimes)) { - $_mimes = array(); - - if (file_exists(APPPATH.'config/mimes.php')) - { - $_mimes = array_merge($_mimes, include(APPPATH.'config/mimes.php')); - } + $_mimes = file_exists(APPPATH.'config/mimes.php') + ? include(APPPATH.'config/mimes.php') + : array(); if (file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { @@ -564,12 +561,12 @@ if ( ! function_exists('set_status_header')) if (strpos(PHP_SAPI, 'cgi') === 0) { header('Status: '.$code.' '.$text, TRUE); + return; } - else - { - $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1'; - header($server_protocol.' '.$code.' '.$text, TRUE, $code); - } + + $server_protocol = (isset($_SERVER['SERVER_PROTOCOL']) && in_array($_SERVER['SERVER_PROTOCOL'], array('HTTP/1.0', 'HTTP/1.1', 'HTTP/2'), TRUE)) + ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1'; + header($server_protocol.' '.$code.' '.$text, TRUE, $code); } } diff --git a/system/core/Input.php b/system/core/Input.php index 70a3c61ee..dcaae60eb 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -304,7 +304,7 @@ class CI_Input { * @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript) * @return void */ - public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) + public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL) { if (is_array($name)) { @@ -333,15 +333,13 @@ class CI_Input { $path = config_item('cookie_path'); } - if ($secure === FALSE && config_item('cookie_secure') === TRUE) - { - $secure = config_item('cookie_secure'); - } + $secure = ($secure === NULL && config_item('cookie_secure') !== NULL) + ? (bool) config_item('cookie_secure') + : (bool) $secure; - if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) - { - $httponly = config_item('cookie_httponly'); - } + $httponly = ($httponly === NULL && config_item('cookie_httponly') !== NULL) + ? (bool) config_item('cookie_httponly') + : (bool) $httponly; if ( ! is_numeric($expire) OR $expire < 0) { diff --git a/system/core/Log.php b/system/core/Log.php index 67b315b6b..dd6ab8b90 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -105,11 +105,11 @@ class CI_Log { protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4); /** - * mbstring.func_override flag + * mbstring.func_overload flag * * @var bool */ - protected static $func_override; + protected static $func_overload; // -------------------------------------------------------------------- @@ -122,7 +122,7 @@ class CI_Log { { $config =& get_config(); - isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override')); + isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')); $this->_log_path = ($config['log_path'] !== '') ? rtrim($config['log_path'], '/\\').DIRECTORY_SEPARATOR : APPPATH.'logs'.DIRECTORY_SEPARATOR; @@ -266,7 +266,7 @@ class CI_Log { */ protected static function strlen($str) { - return (self::$func_override) + return (self::$func_overload) ? mb_strlen($str, '8bit') : strlen($str); } @@ -283,7 +283,7 @@ class CI_Log { */ protected static function substr($str, $start, $length = NULL) { - if (self::$func_override) + if (self::$func_overload) { return mb_substr($str, $start, $length, '8bit'); } diff --git a/system/core/Output.php b/system/core/Output.php index 2cdb9808c..c684c94c9 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -123,11 +123,11 @@ class CI_Output { public $parse_exec_vars = TRUE; /** - * mbstring.func_override flag + * mbstring.func_overload flag * * @var bool */ - protected static $func_override; + protected static $func_overload; /** * Class constructor @@ -145,7 +145,7 @@ class CI_Output { && extension_loaded('zlib') ); - isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override')); + isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')); // Get mime types for later $this->mimes =& get_mimes(); @@ -817,7 +817,7 @@ class CI_Output { */ protected static function strlen($str) { - return (self::$func_override) + return (self::$func_overload) ? mb_strlen($str, '8bit') : strlen($str); } @@ -834,7 +834,7 @@ class CI_Output { */ protected static function substr($str, $start, $length = NULL) { - if (self::$func_override) + if (self::$func_overload) { return mb_substr($str, $start, $length, '8bit'); } diff --git a/system/core/Security.php b/system/core/Security.php index 4ad550fff..4b6df01a3 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -355,9 +355,9 @@ class CI_Security { // Is the string an array? if (is_array($str)) { - while (list($key) = each($str)) + foreach ($str as $key => &$value) { - $str[$key] = $this->xss_clean($str[$key]); + $str[$key] = $this->xss_clean($value); } return $str; diff --git a/system/core/compat/hash.php b/system/core/compat/hash.php index c0eab4909..fc319028d 100644 --- a/system/core/compat/hash.php +++ b/system/core/compat/hash.php @@ -173,7 +173,9 @@ if ( ! function_exists('hash_pbkdf2')) return FALSE; } - $hash_length = strlen(hash($algo, NULL, TRUE)); + $hash_length = defined('MB_OVERLOAD_STRING') + ? mb_strlen(hash($algo, NULL, TRUE), '8bit') + : strlen(hash($algo, NULL, TRUE)); empty($length) && $length = $hash_length; // Pre-hash password inputs longer than the algorithm's block size @@ -219,14 +221,14 @@ if ( ! function_exists('hash_pbkdf2')) 'whirlpool' => 64 ); - if (isset($block_sizes[$algo]) && strlen($password) > $block_sizes[$algo]) + if (isset($block_sizes[$algo], $password[$block_sizes[$algo]])) { $password = hash($algo, $password, TRUE); } $hash = ''; // Note: Blocks are NOT 0-indexed - for ($bc = ceil($length / $hash_length), $bi = 1; $bi <= $bc; $bi++) + for ($bc = (int) ceil($length / $hash_length), $bi = 1; $bi <= $bc; $bi++) { $key = $derived_key = hash_hmac($algo, $salt.pack('N', $bi), $password, TRUE); for ($i = 1; $i < $iterations; $i++) @@ -238,6 +240,13 @@ if ( ! function_exists('hash_pbkdf2')) } // This is not RFC-compatible, but we're aiming for natural PHP compatibility - return substr($raw_output ? $hash : bin2hex($hash), 0, $length); + if ( ! $raw_output) + { + $hash = bin2hex($hash); + } + + return defined('MB_OVERLOAD_STRING') + ? mb_substr($hash, 0, $length, '8bit') + : substr($hash, 0, $length); } } diff --git a/system/core/compat/password.php b/system/core/compat/password.php index 84be66738..fa28f5492 100644 --- a/system/core/compat/password.php +++ b/system/core/compat/password.php @@ -94,8 +94,8 @@ if ( ! function_exists('password_hash')) */ function password_hash($password, $algo, array $options = array()) { - static $func_override; - isset($func_override) OR $func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override')); + static $func_overload; + isset($func_overload) OR $func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')); if ($algo !== 1) { @@ -109,7 +109,7 @@ if ( ! function_exists('password_hash')) return NULL; } - if (isset($options['salt']) && ($saltlen = ($func_override ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))) < 22) + if (isset($options['salt']) && ($saltlen = ($func_overload ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))) < 22) { trigger_error('password_hash(): Provided salt is too short: '.$saltlen.' expecting 22', E_USER_WARNING); return NULL; @@ -144,7 +144,7 @@ if ( ! function_exists('password_hash')) stream_set_chunk_size($fp, 16); $options['salt'] = ''; - for ($read = 0; $read < 16; $read = ($func_override) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt'])) + for ($read = 0; $read < 16; $read = ($func_overload) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt'])) { if (($read = fread($fp, 16 - $read)) === FALSE) { |