summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Common.php19
-rw-r--r--system/core/Input.php16
-rw-r--r--system/core/Log.php10
-rw-r--r--system/core/Output.php10
-rw-r--r--system/core/Security.php4
-rw-r--r--system/core/compat/hash.php17
-rw-r--r--system/core/compat/password.php8
7 files changed, 44 insertions, 40 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index cef9f47e0..c4f6dd30b 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -318,12 +318,9 @@ if ( ! function_exists('get_mimes'))
if (empty($_mimes))
{
- $_mimes = array();
-
- if (file_exists(APPPATH.'config/mimes.php'))
- {
- $_mimes = array_merge($_mimes, include(APPPATH.'config/mimes.php'));
- }
+ $_mimes = file_exists(APPPATH.'config/mimes.php')
+ ? include(APPPATH.'config/mimes.php')
+ : array();
if (file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'))
{
@@ -564,12 +561,12 @@ if ( ! function_exists('set_status_header'))
if (strpos(PHP_SAPI, 'cgi') === 0)
{
header('Status: '.$code.' '.$text, TRUE);
+ return;
}
- else
- {
- $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
- header($server_protocol.' '.$code.' '.$text, TRUE, $code);
- }
+
+ $server_protocol = (isset($_SERVER['SERVER_PROTOCOL']) && in_array($_SERVER['SERVER_PROTOCOL'], array('HTTP/1.0', 'HTTP/1.1', 'HTTP/2'), TRUE))
+ ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1';
+ header($server_protocol.' '.$code.' '.$text, TRUE, $code);
}
}
diff --git a/system/core/Input.php b/system/core/Input.php
index 70a3c61ee..dcaae60eb 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -304,7 +304,7 @@ class CI_Input {
* @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript)
* @return void
*/
- public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE)
+ public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL)
{
if (is_array($name))
{
@@ -333,15 +333,13 @@ class CI_Input {
$path = config_item('cookie_path');
}
- if ($secure === FALSE && config_item('cookie_secure') === TRUE)
- {
- $secure = config_item('cookie_secure');
- }
+ $secure = ($secure === NULL && config_item('cookie_secure') !== NULL)
+ ? (bool) config_item('cookie_secure')
+ : (bool) $secure;
- if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE)
- {
- $httponly = config_item('cookie_httponly');
- }
+ $httponly = ($httponly === NULL && config_item('cookie_httponly') !== NULL)
+ ? (bool) config_item('cookie_httponly')
+ : (bool) $httponly;
if ( ! is_numeric($expire) OR $expire < 0)
{
diff --git a/system/core/Log.php b/system/core/Log.php
index 67b315b6b..dd6ab8b90 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -105,11 +105,11 @@ class CI_Log {
protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4);
/**
- * mbstring.func_override flag
+ * mbstring.func_overload flag
*
* @var bool
*/
- protected static $func_override;
+ protected static $func_overload;
// --------------------------------------------------------------------
@@ -122,7 +122,7 @@ class CI_Log {
{
$config =& get_config();
- isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override'));
+ isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
$this->_log_path = ($config['log_path'] !== '')
? rtrim($config['log_path'], '/\\').DIRECTORY_SEPARATOR : APPPATH.'logs'.DIRECTORY_SEPARATOR;
@@ -266,7 +266,7 @@ class CI_Log {
*/
protected static function strlen($str)
{
- return (self::$func_override)
+ return (self::$func_overload)
? mb_strlen($str, '8bit')
: strlen($str);
}
@@ -283,7 +283,7 @@ class CI_Log {
*/
protected static function substr($str, $start, $length = NULL)
{
- if (self::$func_override)
+ if (self::$func_overload)
{
return mb_substr($str, $start, $length, '8bit');
}
diff --git a/system/core/Output.php b/system/core/Output.php
index 2cdb9808c..c684c94c9 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -123,11 +123,11 @@ class CI_Output {
public $parse_exec_vars = TRUE;
/**
- * mbstring.func_override flag
+ * mbstring.func_overload flag
*
* @var bool
*/
- protected static $func_override;
+ protected static $func_overload;
/**
* Class constructor
@@ -145,7 +145,7 @@ class CI_Output {
&& extension_loaded('zlib')
);
- isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override'));
+ isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
// Get mime types for later
$this->mimes =& get_mimes();
@@ -817,7 +817,7 @@ class CI_Output {
*/
protected static function strlen($str)
{
- return (self::$func_override)
+ return (self::$func_overload)
? mb_strlen($str, '8bit')
: strlen($str);
}
@@ -834,7 +834,7 @@ class CI_Output {
*/
protected static function substr($str, $start, $length = NULL)
{
- if (self::$func_override)
+ if (self::$func_overload)
{
return mb_substr($str, $start, $length, '8bit');
}
diff --git a/system/core/Security.php b/system/core/Security.php
index 4ad550fff..4b6df01a3 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -355,9 +355,9 @@ class CI_Security {
// Is the string an array?
if (is_array($str))
{
- while (list($key) = each($str))
+ foreach ($str as $key => &$value)
{
- $str[$key] = $this->xss_clean($str[$key]);
+ $str[$key] = $this->xss_clean($value);
}
return $str;
diff --git a/system/core/compat/hash.php b/system/core/compat/hash.php
index c0eab4909..fc319028d 100644
--- a/system/core/compat/hash.php
+++ b/system/core/compat/hash.php
@@ -173,7 +173,9 @@ if ( ! function_exists('hash_pbkdf2'))
return FALSE;
}
- $hash_length = strlen(hash($algo, NULL, TRUE));
+ $hash_length = defined('MB_OVERLOAD_STRING')
+ ? mb_strlen(hash($algo, NULL, TRUE), '8bit')
+ : strlen(hash($algo, NULL, TRUE));
empty($length) && $length = $hash_length;
// Pre-hash password inputs longer than the algorithm's block size
@@ -219,14 +221,14 @@ if ( ! function_exists('hash_pbkdf2'))
'whirlpool' => 64
);
- if (isset($block_sizes[$algo]) && strlen($password) > $block_sizes[$algo])
+ if (isset($block_sizes[$algo], $password[$block_sizes[$algo]]))
{
$password = hash($algo, $password, TRUE);
}
$hash = '';
// Note: Blocks are NOT 0-indexed
- for ($bc = ceil($length / $hash_length), $bi = 1; $bi <= $bc; $bi++)
+ for ($bc = (int) ceil($length / $hash_length), $bi = 1; $bi <= $bc; $bi++)
{
$key = $derived_key = hash_hmac($algo, $salt.pack('N', $bi), $password, TRUE);
for ($i = 1; $i < $iterations; $i++)
@@ -238,6 +240,13 @@ if ( ! function_exists('hash_pbkdf2'))
}
// This is not RFC-compatible, but we're aiming for natural PHP compatibility
- return substr($raw_output ? $hash : bin2hex($hash), 0, $length);
+ if ( ! $raw_output)
+ {
+ $hash = bin2hex($hash);
+ }
+
+ return defined('MB_OVERLOAD_STRING')
+ ? mb_substr($hash, 0, $length, '8bit')
+ : substr($hash, 0, $length);
}
}
diff --git a/system/core/compat/password.php b/system/core/compat/password.php
index 84be66738..fa28f5492 100644
--- a/system/core/compat/password.php
+++ b/system/core/compat/password.php
@@ -94,8 +94,8 @@ if ( ! function_exists('password_hash'))
*/
function password_hash($password, $algo, array $options = array())
{
- static $func_override;
- isset($func_override) OR $func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override'));
+ static $func_overload;
+ isset($func_overload) OR $func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
if ($algo !== 1)
{
@@ -109,7 +109,7 @@ if ( ! function_exists('password_hash'))
return NULL;
}
- if (isset($options['salt']) && ($saltlen = ($func_override ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))) < 22)
+ if (isset($options['salt']) && ($saltlen = ($func_overload ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))) < 22)
{
trigger_error('password_hash(): Provided salt is too short: '.$saltlen.' expecting 22', E_USER_WARNING);
return NULL;
@@ -144,7 +144,7 @@ if ( ! function_exists('password_hash'))
stream_set_chunk_size($fp, 16);
$options['salt'] = '';
- for ($read = 0; $read < 16; $read = ($func_override) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))
+ for ($read = 0; $read < 16; $read = ($func_overload) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))
{
if (($read = fread($fp, 16 - $read)) === FALSE)
{