diff options
Diffstat (limited to 'system/core')
| -rwxr-xr-x | system/core/Benchmark.php | 2 | ||||
| -rwxr-xr-x | system/core/CodeIgniter.php | 10 | ||||
| -rw-r--r-- | system/core/Common.php | 3 | ||||
| -rwxr-xr-x | system/core/Config.php | 4 | ||||
| -rw-r--r-- | system/core/Controller.php | 2 | ||||
| -rwxr-xr-x | system/core/Exceptions.php | 2 | ||||
| -rwxr-xr-x | system/core/Hooks.php | 4 | ||||
| -rwxr-xr-x | system/core/Input.php | 3 | ||||
| -rwxr-xr-x | system/core/Lang.php | 2 | ||||
| -rw-r--r-- | system/core/Loader.php | 16 | ||||
| -rwxr-xr-x | system/core/Model.php | 2 | ||||
| -rwxr-xr-x | system/core/Output.php | 4 | ||||
| -rwxr-xr-x | system/core/Router.php | 2 | ||||
| -rwxr-xr-x | system/core/Security.php | 68 | ||||
| -rwxr-xr-x | system/core/URI.php | 2 | ||||
| -rw-r--r-- | system/core/Utf8.php | 27 |
16 files changed, 90 insertions, 63 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index 0f3104079..da246c9e0 100755 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 4d76a5587..5152073d5 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -106,9 +106,13 @@ * Set a liberal script execution time limit * ------------------------------------------------------ */ - if (function_exists("set_time_limit") == TRUE AND @ini_get("safe_mode") == 0) + if (function_exists("set_time_limit") AND @ini_get("safe_mode") == 0) { - @set_time_limit(300); + // Do not override the Time Limit value if running from Command Line + if(php_sapi_name() != 'cli') + { + @set_time_limit(300); + } } /* diff --git a/system/core/Common.php b/system/core/Common.php index e43bb8db3..f42bb640c 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -419,6 +419,7 @@ if ( ! function_exists('set_status_header')) 415 => 'Unsupported Media Type', 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', + 422 => 'Unprocessable Entity', 500 => 'Internal Server Error', 501 => 'Not Implemented', diff --git a/system/core/Config.php b/system/core/Config.php index abd2767d5..3e2635494 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -328,7 +328,7 @@ class CI_Config { $uri = $str; } } - return $uri; + return $uri; } // -------------------------------------------------------------------- diff --git a/system/core/Controller.php b/system/core/Controller.php index ca2bf41b5..55b3ec235 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index ead8d814e..3737f2930 100755 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 46bfec02a..174adcb19 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -94,7 +94,7 @@ class CI_Hooks { if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) { - include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); + include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); } elseif (is_file(APPPATH.'config/hooks.php')) { diff --git a/system/core/Input.php b/system/core/Input.php index 946d9296f..7cfa4c63f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -740,7 +740,6 @@ class CI_Input { } } -// END Input class /* End of file Input.php */ /* Location: ./system/core/Input.php */ diff --git a/system/core/Lang.php b/system/core/Lang.php index e03afb07d..5eb2801f6 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Loader.php b/system/core/Loader.php index 4e14b54af..c4a6b501c 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -495,6 +495,20 @@ class CI_Loader { // -------------------------------------------------------------------- /** + * Get Variables + * + * Retrieve all loaded variables + * + * @return array + */ + public function get_vars() + { + return $this->_ci_cached_vars; + } + + // -------------------------------------------------------------------- + + /** * Load Helper * * This function loads the specified helper file. diff --git a/system/core/Model.php b/system/core/Model.php index c34bab64b..fc640139a 100755 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Output.php b/system/core/Output.php index 7b53f8e3e..e529f914d 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -108,7 +108,7 @@ class CI_Output { // Get mime types for later if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { - include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; + include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; } else { diff --git a/system/core/Router.php b/system/core/Router.php index 748678d67..8cad86888 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Security.php b/system/core/Security.php index ee4f0a08d..272a8bf3f 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -95,7 +95,8 @@ class CI_Security { '-moz-binding' => '[removed]', '<!--' => '<!--', '-->' => '-->', - '<![CDATA[' => '<![CDATA[' + '<![CDATA[' => '<![CDATA[', + '<comment>' => '<comment>' ); /** @@ -181,7 +182,7 @@ class CI_Security { // Nothing should last forever unset($_COOKIE[$this->_csrf_cookie_name]); - $this->_csrf_hash = ''; + $this->_csrf_hash = ''; $this->_csrf_set_hash(); $this->csrf_set_cookie(); @@ -498,15 +499,7 @@ class CI_Security { { if ($this->_xss_hash == '') { - if (phpversion() >= 4.2) - { - mt_srand(); - } - else - { - mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff); - } - + mt_srand(); $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); } @@ -520,6 +513,12 @@ class CI_Security { * * This function is a replacement for html_entity_decode() * + * The reason we are not using html_entity_decode() by itself is because + * while it is not technically correct to leave out the semicolon + * at the end of an entity most browsers will still interpret the entity + * correctly. html_entity_decode() does not convert entities without + * semicolons, so we are left with our own little solution here. Bummer. + * * @param string * @param string * @return string @@ -536,11 +535,6 @@ class CI_Security { $charset = config_item('charset'); } - // The reason we are not using html_entity_decode() by itself is because - // while it is not technically correct to leave out the semicolon - // at the end of an entity most browsers will still interpret the entity - // correctly. html_entity_decode() does not convert entities without - // semicolons, so we are left with our own little solution here. Bummer. $str = html_entity_decode($str, ENT_COMPAT, $charset); $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); @@ -637,25 +631,45 @@ class CI_Security { protected function _remove_evil_attributes($str, $is_image) { // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns - $evil_attributes = array('on\w*', 'style', 'xmlns'); + $evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction'); if ($is_image === TRUE) { /* - * Adobe Photoshop puts XML metadata into JFIF images, + * Adobe Photoshop puts XML metadata into JFIF images, * including namespacing, so we have to allow this for images. */ unset($evil_attributes[array_search('xmlns', $evil_attributes)]); } - + do { - $str = preg_replace( - "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i", - "<$1$6", - $str, -1, $count - ); - } while ($count); + $count = 0; + $attribs = array(); + + // find occurrences of illegal attribute strings without quotes + preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*([^\s]*)/is", $str, $matches, PREG_SET_ORDER); + + foreach ($matches as $attr) + { + $attribs[] = preg_quote($attr[0], '/'); + } + + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) + preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER); + + foreach ($matches as $attr) + { + $attribs[] = preg_quote($attr[0], '/'); + } + // replace illegal attribute strings that are inside an html tag + if (count($attribs) > 0) + { + $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count); + } + + } while ($count); + return $str; } @@ -877,4 +891,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ +/* Location: ./system/core/Security.php */
\ No newline at end of file diff --git a/system/core/URI.php b/system/core/URI.php index 578d17429..3c26d307b 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 7abe4e43b..40a7ac4c0 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 2.0 @@ -44,19 +44,18 @@ class CI_Utf8 { * Constructor * * Determines if UTF-8 support is to be enabled - * */ - function __construct() + public function __construct() { log_message('debug', "Utf8 Class Initialized"); global $CFG; if ( - preg_match('/./u', 'é') === 1 // PCRE must support UTF-8 - AND function_exists('iconv') // iconv must be installed - AND ini_get('mbstring.func_overload') != 1 // Multibyte string function overloading cannot be enabled - AND $CFG->item('charset') == 'UTF-8' // Application charset must be UTF-8 + @preg_match('/./u', 'é') === 1 // PCRE must support UTF-8 + && function_exists('iconv') // iconv must be installed + && ini_get('mbstring.func_overload') !== 1 // Multibyte string function overloading cannot be enabled + && $CFG->item('charset') == 'UTF-8' // Application charset must be UTF-8 ) { log_message('debug', "UTF-8 Support Enabled"); @@ -90,11 +89,10 @@ class CI_Utf8 { * * Ensures strings are UTF-8 * - * @access public * @param string * @return string */ - function clean_string($str) + public function clean_string($str) { if ($this->_is_ascii($str) === FALSE) { @@ -113,11 +111,10 @@ class CI_Utf8 { * line feeds, and carriage returns, as all others can cause * problems in XML * - * @access public * @param string * @return string */ - function safe_ascii_for_xml($str) + public function safe_ascii_for_xml($str) { return remove_invisible_characters($str, FALSE); } @@ -129,12 +126,11 @@ class CI_Utf8 { * * Attempts to convert a string to UTF-8 * - * @access public * @param string * @param string - input encoding * @return string */ - function convert_to_utf8($str, $encoding) + public function convert_to_utf8($str, $encoding) { if (function_exists('iconv')) { @@ -159,13 +155,12 @@ class CI_Utf8 { * * Tests if a string is standard 7-bit ASCII or not * - * @access public * @param string * @return bool */ - function _is_ascii($str) + protected function _is_ascii($str) { - return (preg_match('/[^\x00-\x7F]/S', $str) == 0); + return (preg_match('/[^\x00-\x7F]/S', $str) === 0); } // -------------------------------------------------------------------- |