summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Common.php5
-rw-r--r--system/core/Input.php2
-rw-r--r--system/core/Log.php2
-rw-r--r--system/core/Output.php2
-rw-r--r--system/core/Security.php38
5 files changed, 34 insertions, 15 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index ed96de0ca..52cb7114e 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -782,11 +782,9 @@ if ( ! function_exists('_stringify_attributes'))
*/
function _stringify_attributes($attributes, $js = FALSE)
{
- $atts = NULL;
-
if (empty($attributes))
{
- return $atts;
+ return NULL;
}
if (is_string($attributes))
@@ -796,6 +794,7 @@ if ( ! function_exists('_stringify_attributes'))
$attributes = (array) $attributes;
+ $atts = '';
foreach ($attributes as $key => $val)
{
$atts .= ($js) ? $key.'='.$val.',' : ' '.$key.'="'.$val.'"';
diff --git a/system/core/Input.php b/system/core/Input.php
index 30d528b89..87e6cfed9 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -508,7 +508,7 @@ class CI_Input {
$which = FILTER_FLAG_IPV6;
break;
default:
- $which = NULL;
+ $which = 0;
break;
}
diff --git a/system/core/Log.php b/system/core/Log.php
index 36634c159..9c33f3e98 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -122,7 +122,7 @@ class CI_Log {
{
$config =& get_config();
- isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
+ isset(self::$func_overload) OR self::$func_overload = ( ! is_php('8.0') && extension_loaded('mbstring') && @ini_get('mbstring.func_overload'));
$this->_log_path = ($config['log_path'] !== '')
? rtrim($config['log_path'], '/\\').DIRECTORY_SEPARATOR : APPPATH.'logs'.DIRECTORY_SEPARATOR;
diff --git a/system/core/Output.php b/system/core/Output.php
index bbad9f168..7f153ef77 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -145,7 +145,7 @@ class CI_Output {
&& extension_loaded('zlib')
);
- isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
+ isset(self::$func_overload) OR self::$func_overload = ( ! is_php('8.0') && extension_loaded('mbstring') && @ini_get('mbstring.func_overload'));
// Get mime types for later
$this->mimes =& get_mimes();
diff --git a/system/core/Security.php b/system/core/Security.php
index 818b09338..aac308194 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -273,15 +273,35 @@ class CI_Security {
return FALSE;
}
- setcookie(
- $this->_csrf_cookie_name,
- $this->_csrf_hash,
- $expire,
- config_item('cookie_path'),
- config_item('cookie_domain'),
- $secure_cookie,
- config_item('cookie_httponly')
- );
+ if (is_php('7.3'))
+ {
+ setcookie(
+ $this->_csrf_cookie_name,
+ $this->_csrf_hash,
+ array(
+ 'expires' => $expire,
+ 'path' => config_item('cookie_path'),
+ 'domain' => config_item('cookie_domain'),
+ 'secure' => $secure_cookie,
+ 'httponly' => config_item('cookie_httponly'),
+ 'samesite' => 'Strict'
+ )
+ );
+ }
+ else
+ {
+ $domain = trim(config_item('cookie_domain'));
+ header('Set-Cookie: '.$this->_csrf_cookie_name.'='.$this->_csrf_hash
+ .'; Expires='.gmdate('D, d-M-Y H:i:s T', $expire)
+ .'; Max-Age='.$this->_csrf_expire
+ .'; Path='.rawurlencode(config_item('cookie_path'))
+ .($domain === '' ? '' : '; Domain='.$domain)
+ .($secure_cookie ? '; Secure' : '')
+ .(config_item('cookie_httponly') ? '; HttpOnly' : '')
+ .'; SameSite=Strict'
+ );
+ }
+
log_message('info', 'CSRF cookie sent');
return $this;