9 files changed, 67 insertions, 45 deletions

diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 7f76977b5..3fe5c0648 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -241,12 +241,12 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 	// Load the local application controller
 	// Note: The Router class automatically validates the controller path using the router->_validate_request().
 	// If this include fails it means that the default controller in the Routes.php file is not resolving to something valid.
-	if ( ! file_exists(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php'))
+	if ( ! file_exists(APPPATH.'controllers/'.$RTR->directory.$RTR->class.'.php'))
 	{
 		show_error('Unable to load your default controller. Please make sure the controller specified in your Routes.php file is valid.');
 	}
 
-	include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php');
+	include(APPPATH.'controllers/'.$RTR->directory.$RTR->class.'.php');
 
 	// Set a mark point for benchmarking
 	$BM->mark('loading_time:_base_classes_end');
@@ -260,8 +260,8 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  *  loader class can be called via the URI, nor can
  *  controller functions that begin with an underscore.
  */
-	$class  = $RTR->fetch_class();
-	$method = $RTR->fetch_method();
+	$class	= $RTR->class;
+	$method	= $RTR->method;
 
 	if ( ! class_exists($class, FALSE) OR $method[0] === '_' OR method_exists('CI_Controller', $method))
 	{
diff --git a/system/core/Common.php b/system/core/Common.php
index efa7a9380..93cd0a0ae 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -92,7 +92,7 @@ if ( ! function_exists('is_really_writable'))
 		 */
 		if (is_dir($file))
 		{
-			$file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100));
+			$file = rtrim($file, '/').'/'.md5(mt_rand());
 			if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE)
 			{
 				return FALSE;
@@ -346,7 +346,20 @@ if ( ! function_exists('is_https'))
 	 */
 	function is_https()
 	{
-		return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on');
+		if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
+		{
+			return TRUE;
+		}
+		elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+		{
+			return TRUE;
+		}
+		elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
+		{
+			return TRUE;
+		}
+
+		return FALSE;
 	}
 }
 
@@ -424,12 +437,12 @@ if ( ! function_exists('log_message'))
 	 * We use this as a simple mechanism to access the logging
 	 * class and send messages to be logged.
 	 *
-	 * @param	string
-	 * @param	string
-	 * @param	bool
+	 * @param	string	the error level: 'error', 'debug' or 'info'
+	 * @param	string	the error message
+	 * @param	bool	whether the error is a native PHP error
 	 * @return	void
 	 */
-	function log_message($level = 'error', $message, $php_error = FALSE)
+	function log_message($level, $message, $php_error = FALSE)
 	{
 		static $_log, $_log_threshold;
 
diff --git a/system/core/Input.php b/system/core/Input.php
index 6690b7f2e..0ef81128e 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -790,31 +790,30 @@ class CI_Input {
 	 */
 	public function request_headers($xss_clean = FALSE)
 	{
+		// If header is already defined, return it immediately
+		if ( ! empty($this->headers))
+		{
+			return $this->headers;
+		}
+
 		// In Apache, you can simply call apache_request_headers()
 		if (function_exists('apache_request_headers'))
 		{
-			$headers = apache_request_headers();
+			return $this->headers = apache_request_headers();
 		}
-		else
-		{
-			$headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE');
 
-			foreach ($_SERVER as $key => $val)
-			{
-				if (sscanf($key, 'HTTP_%s', $header) === 1)
-				{
-					$headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
-				}
-			}
-		}
+		$this->headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE');
 
-		// take SOME_HEADER and turn it into Some-Header
-		foreach ($headers as $key => $val)
+		foreach ($_SERVER as $key => $val)
 		{
-			$key = str_replace(array('_', '-'), ' ', strtolower($key));
-			$key = str_replace(' ', '-', ucwords($key));
+			if (sscanf($key, 'HTTP_%s', $header) === 1)
+			{
+				// take SOME_HEADER and turn it into Some-Header
+				$header = str_replace('_', ' ', strtolower($header));
+				$header = str_replace(' ', '-', ucwords($header));
 
-			$this->headers[$key] = $val;
+				$this->headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
+			}
 		}
 
 		return $this->headers;
diff --git a/system/core/Loader.php b/system/core/Loader.php
index d4e63231c..70a6b6fa6 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -658,7 +658,7 @@ class CI_Loader {
 			return FALSE;
 		}
 
-		if ( ! class_exists('CI_Driver_Library'))
+		if ( ! class_exists('CI_Driver_Library', FALSE))
 		{
 			// We aren't instantiating an object here, just making the base class available
 			require BASEPATH.'libraries/Driver.php';
@@ -713,7 +713,7 @@ class CI_Loader {
 	 *
 	 * Return a list of all package paths.
 	 *
-	 * @param	bool	$include_base	Whether to include BASEPATH (default: TRUE)
+	 * @param	bool	$include_base	Whether to include BASEPATH (default: FALSE)
 	 * @return	array
 	 */
 	public function get_package_paths($include_base = FALSE)
@@ -955,7 +955,7 @@ class CI_Loader {
 		// Is this a class extension request?
 		if (file_exists($subclass))
 		{
-			$baseclass = BASEPATH.'libraries/'.$class.'.php';
+			$baseclass = BASEPATH.'libraries/'.$subdir.$class.'.php';
 
 			if ( ! file_exists($baseclass))
 			{
diff --git a/system/core/Log.php b/system/core/Log.php
index a84d3dc22..e4d72b544 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -138,12 +138,12 @@ class CI_Log {
 	 *
 	 * Generally this function will be called using the global log_message() function
 	 *
-	 * @param	string	the error level
+	 * @param	string	the error level: 'error', 'debug' or 'info'
 	 * @param	string	the error message
 	 * @param	bool	whether the error is a native PHP error
 	 * @return	bool
 	 */
-	public function write_log($level = 'error', $msg, $php_error = FALSE)
+	public function write_log($level, $msg, $php_error = FALSE)
 	{
 		if ($this->_enabled === FALSE)
 		{
diff --git a/system/core/Output.php b/system/core/Output.php
index 3320ae154..06d7a866b 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -841,9 +841,8 @@ class CI_Output {
 			$output = substr_replace($output, '', 0, $pos);
 
 			// Remove closing tag and save it for later
-			$end_pos = strlen($output);
 			$pos = strpos($output, '</');
-			$closing_tag = substr($output, $pos, $end_pos);
+			$closing_tag = substr($output, $pos, strlen($output));
 			$output = substr_replace($output, '', $pos);
 		}
 
@@ -852,7 +851,16 @@ class CI_Output {
 
 		// Remove spaces around curly brackets, colons,
 		// semi-colons, parenthesis, commas
-		$output = preg_replace('!\s*(:|;|,|}|{|\(|\))\s*!i', '$1', $output);
+		$chunks = preg_split('/([\'|"]).+(?![^\\\]\\1)\\1/iU', $output, -1, PREG_SPLIT_OFFSET_CAPTURE);
+		for ($i = count($chunks) - 1; $i >= 0; $i--)
+		{
+			$output = substr_replace(
+				$output,
+				preg_replace('/\s*(:|;|,|}|{|\(|\))\s*/i', '$1', $chunks[$i][0]),
+				$chunks[$i][1],
+				strlen($chunks[$i][0])
+			);
+		}
 
 		// Replace tabs with spaces
 		// Replace carriage returns & multiple new lines with single new line
diff --git a/system/core/Router.php b/system/core/Router.php
index bb0ce16bd..c86ab9c20 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -119,16 +119,16 @@ class CI_Router {
 			if (isset($_GET[$this->config->item('directory_trigger')]) && is_string($_GET[$this->config->item('directory_trigger')]))
 			{
 				$this->set_directory(trim($this->uri->_filter_uri($_GET[$this->config->item('directory_trigger')])));
-				$segments[] = $this->fetch_directory();
+				$segments[] = $this->directory;
 			}
 
 			$this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')])));
-			$segments[] = $this->fetch_class();
+			$segments[] = $this->class;
 
 			if ( ! empty($_GET[$this->config->item('function_trigger')]) && is_string($_GET[$this->config->item('function_trigger')]))
 			{
 				$this->set_method(trim($this->uri->_filter_uri($_GET[$this->config->item('function_trigger')])));
-				$segments[] = $this->fetch_method();
+				$segments[] = $this->method;
 			}
 		}
 
@@ -270,7 +270,7 @@ class CI_Router {
 				empty($segments[1]) OR $segments[1] = str_replace('-', '_', $segments[1]);
 
 				// Does the requested controller exist in the sub-folder?
-				if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$segments[0].'.php'))
+				if ( ! file_exists(APPPATH.'controllers/'.$this->directory.$segments[0].'.php'))
 				{
 					if ( ! empty($this->routes['404_override']))
 					{
@@ -279,7 +279,7 @@ class CI_Router {
 					}
 					else
 					{
-						show_404($this->fetch_directory().$segments[0]);
+						show_404($this->directory.$segments[0]);
 					}
 				}
 			}
@@ -287,7 +287,7 @@ class CI_Router {
 			{
 				// Is the method being specified in the route?
 				$segments = explode('/', $this->default_controller);
-				if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$segments[0].'.php'))
+				if ( ! file_exists(APPPATH.'controllers/'.$this->directory.$segments[0].'.php'))
 				{
 					$this->directory = '';
 				}
@@ -413,6 +413,7 @@ class CI_Router {
 	/**
 	 * Fetch the current class
 	 *
+	 * @deprecated	3.0.0	Read the 'class' property instead
 	 * @return	string
 	 */
 	public function fetch_class()
@@ -438,11 +439,12 @@ class CI_Router {
 	/**
 	 * Fetch the current method
 	 *
+	 * @deprecated	3.0.0	Read the 'method' property instead
 	 * @return	string
 	 */
 	public function fetch_method()
 	{
-		return ($this->method === $this->fetch_class()) ? 'index' : $this->method;
+		return $this->method;
 	}
 
 	// --------------------------------------------------------------------
@@ -466,6 +468,7 @@ class CI_Router {
 	 * Feches the sub-directory (if any) that contains the requested
 	 * controller class.
 	 *
+	 * @deprecated	3.0.0	Read the 'directory' property instead
 	 * @return	string
 	 */
 	public function fetch_directory()
diff --git a/system/core/Security.php b/system/core/Security.php
index 7aae54efc..196d61144 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -488,8 +488,7 @@ class CI_Security {
 	{
 		if ($this->_xss_hash === '')
 		{
-			mt_srand();
-			$this->_xss_hash = md5(time() + mt_rand(0, 1999999999));
+			$this->_xss_hash = md5(uniqid(mt_rand()));
 		}
 
 		return $this->_xss_hash;
diff --git a/system/core/URI.php b/system/core/URI.php
index b2286f032..bc086d223 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -720,7 +720,7 @@ class CI_URI {
 	{
 		global $RTR;
 
-		if (($dir = $RTR->fetch_directory()) === '/')
+		if (($dir = $RTR->directory) === '/')
 		{
 			$dir = '';
 		}