diff options
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Common.php | 5 | ||||
-rw-r--r-- | system/core/Input.php | 2 | ||||
-rw-r--r-- | system/core/Log.php | 2 | ||||
-rw-r--r-- | system/core/Output.php | 2 | ||||
-rw-r--r-- | system/core/Security.php | 38 |
5 files changed, 34 insertions, 15 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index ed96de0ca..52cb7114e 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -782,11 +782,9 @@ if ( ! function_exists('_stringify_attributes')) */ function _stringify_attributes($attributes, $js = FALSE) { - $atts = NULL; - if (empty($attributes)) { - return $atts; + return NULL; } if (is_string($attributes)) @@ -796,6 +794,7 @@ if ( ! function_exists('_stringify_attributes')) $attributes = (array) $attributes; + $atts = ''; foreach ($attributes as $key => $val) { $atts .= ($js) ? $key.'='.$val.',' : ' '.$key.'="'.$val.'"'; diff --git a/system/core/Input.php b/system/core/Input.php index 30d528b89..87e6cfed9 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -508,7 +508,7 @@ class CI_Input { $which = FILTER_FLAG_IPV6; break; default: - $which = NULL; + $which = 0; break; } diff --git a/system/core/Log.php b/system/core/Log.php index 36634c159..9c33f3e98 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -122,7 +122,7 @@ class CI_Log { { $config =& get_config(); - isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')); + isset(self::$func_overload) OR self::$func_overload = ( ! is_php('8.0') && extension_loaded('mbstring') && @ini_get('mbstring.func_overload')); $this->_log_path = ($config['log_path'] !== '') ? rtrim($config['log_path'], '/\\').DIRECTORY_SEPARATOR : APPPATH.'logs'.DIRECTORY_SEPARATOR; diff --git a/system/core/Output.php b/system/core/Output.php index bbad9f168..7f153ef77 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -145,7 +145,7 @@ class CI_Output { && extension_loaded('zlib') ); - isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')); + isset(self::$func_overload) OR self::$func_overload = ( ! is_php('8.0') && extension_loaded('mbstring') && @ini_get('mbstring.func_overload')); // Get mime types for later $this->mimes =& get_mimes(); diff --git a/system/core/Security.php b/system/core/Security.php index 818b09338..aac308194 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -273,15 +273,35 @@ class CI_Security { return FALSE; } - setcookie( - $this->_csrf_cookie_name, - $this->_csrf_hash, - $expire, - config_item('cookie_path'), - config_item('cookie_domain'), - $secure_cookie, - config_item('cookie_httponly') - ); + if (is_php('7.3')) + { + setcookie( + $this->_csrf_cookie_name, + $this->_csrf_hash, + array( + 'expires' => $expire, + 'path' => config_item('cookie_path'), + 'domain' => config_item('cookie_domain'), + 'secure' => $secure_cookie, + 'httponly' => config_item('cookie_httponly'), + 'samesite' => 'Strict' + ) + ); + } + else + { + $domain = trim(config_item('cookie_domain')); + header('Set-Cookie: '.$this->_csrf_cookie_name.'='.$this->_csrf_hash + .'; Expires='.gmdate('D, d-M-Y H:i:s T', $expire) + .'; Max-Age='.$this->_csrf_expire + .'; Path='.rawurlencode(config_item('cookie_path')) + .($domain === '' ? '' : '; Domain='.$domain) + .($secure_cookie ? '; Secure' : '') + .(config_item('cookie_httponly') ? '; HttpOnly' : '') + .'; SameSite=Strict' + ); + } + log_message('info', 'CSRF cookie sent'); return $this; |