summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
Diffstat (limited to 'system/core')
-rwxr-xr-xsystem/core/Benchmark.php2
-rwxr-xr-xsystem/core/CodeIgniter.php2
-rw-r--r--system/core/Common.php2
-rwxr-xr-xsystem/core/Config.php4
-rw-r--r--system/core/Controller.php2
-rwxr-xr-xsystem/core/Exceptions.php2
-rwxr-xr-xsystem/core/Hooks.php2
-rwxr-xr-xsystem/core/Input.php63
-rwxr-xr-xsystem/core/Lang.php2
-rw-r--r--system/core/Loader.php15
-rwxr-xr-xsystem/core/Model.php2
-rwxr-xr-xsystem/core/Output.php2
-rwxr-xr-xsystem/core/Router.php2
-rwxr-xr-xsystem/core/Security.php55
-rwxr-xr-xsystem/core/URI.php24
-rw-r--r--system/core/Utf8.php2
16 files changed, 103 insertions, 80 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php
index f4dfd3dab..f6b634deb 100755
--- a/system/core/Benchmark.php
+++ b/system/core/Benchmark.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 7af3c485d..a79a69590 100755
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Common.php b/system/core/Common.php
index 491979350..f20acafd4 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Config.php b/system/core/Config.php
index 68417435d..91826bd41 100755
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
@@ -76,7 +76,7 @@ class CI_Config {
log_message('debug', 'Config Class Initialized');
// Set the base_url automatically if none was provided
- if ($this->config['base_url'] == '')
+ if (empty($this->config['base_url']))
{
if (isset($_SERVER['HTTP_HOST']))
{
diff --git a/system/core/Controller.php b/system/core/Controller.php
index 0dc131701..05e1bf5bf 100644
--- a/system/core/Controller.php
+++ b/system/core/Controller.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php
index bf9901252..d7282b1f3 100755
--- a/system/core/Exceptions.php
+++ b/system/core/Exceptions.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Hooks.php b/system/core/Hooks.php
index e1ac58e6e..493822f36 100755
--- a/system/core/Hooks.php
+++ b/system/core/Hooks.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Input.php b/system/core/Input.php
index ee15f4013..6e6885992 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
@@ -228,7 +228,7 @@ class CI_Input {
/**
* Set cookie
*
- * Accepts six parameter, or you can submit an associative
+ * Accepts seven parameters, or you can submit an associative
* array in the first parameter containing all the values.
*
* @param mixed
@@ -238,14 +238,15 @@ class CI_Input {
* @param string the cookie path
* @param string the cookie prefix
* @param bool true makes the cookie secure
+ * @param bool true makes the cookie accessible via http(s) only (no javascript)
* @return void
*/
- public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE)
+ public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE)
{
if (is_array($name))
{
// always leave 'name' in last place, as the loop will break otherwise, due to $$item
- foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item)
+ foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item)
{
if (isset($name[$item]))
{
@@ -270,6 +271,10 @@ class CI_Input {
{
$secure = config_item('cookie_secure');
}
+ if ($httponly == FALSE && config_item('cookie_httponly') != FALSE)
+ {
+ $httponly = config_item('cookie_httponly');
+ }
if ( ! is_numeric($expire))
{
@@ -280,7 +285,7 @@ class CI_Input {
$expire = ($expire > 0) ? time() + $expire : 0;
}
- setcookie($prefix.$name, $value, $expire, $path, $domain, $secure);
+ setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly);
}
// --------------------------------------------------------------------
@@ -366,36 +371,7 @@ class CI_Input {
*/
public function valid_ip($ip)
{
- // if php version >= 5.2, use filter_var to check validate ip.
- if (function_exists('filter_var'))
- {
- return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
- }
-
- $ip_segments = explode('.', $ip);
-
- // Always 4 segments needed
- if (count($ip_segments) !== 4)
- {
- return FALSE;
- }
- // IP can not start with 0
- if ($ip_segments[0][0] == '0')
- {
- return FALSE;
- }
- // Check each segment
- foreach ($ip_segments as $segment)
- {
- // IP segments must be digits and can not be
- // longer than 3 digits or greater then 255
- if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3)
- {
- return FALSE;
- }
- }
-
- return TRUE;
+ return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
}
// --------------------------------------------------------------------
@@ -699,6 +675,23 @@ class CI_Input {
return (php_sapi_name() === 'cli' OR defined('STDIN'));
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Get Request Method
+ *
+ * Return the Request Method
+ *
+ * @param bool uppercase or lowercase
+ * @return bool
+ */
+ public function method($upper = FALSE)
+ {
+ return ($upper)
+ ? strtoupper($this->server('REQUEST_METHOD'))
+ : strtolower($this->server('REQUEST_METHOD'));
+ }
+
}
/* End of file Input.php */
diff --git a/system/core/Lang.php b/system/core/Lang.php
index c40a6856e..9ef76f4d6 100755
--- a/system/core/Lang.php
+++ b/system/core/Lang.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 12daaa928..9b9cc2fef 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
@@ -615,13 +615,22 @@ class CI_Loader {
*
* Loads a driver library
*
- * @param string the name of the class
+ * @param mixed the name of the class or array of classes
* @param mixed the optional parameters
* @param string an optional object name
* @return void
*/
public function driver($library = '', $params = NULL, $object_name = NULL)
{
+ if (is_array($library))
+ {
+ foreach ($library as $driver)
+ {
+ $this->driver($driver);
+ }
+ return FALSE;
+ }
+
if ( ! class_exists('CI_Driver_Library'))
{
// we aren't instantiating an object here, that'll be done by the Library itself
@@ -833,7 +842,7 @@ class CI_Loader {
// If the PHP installation does not support short tags we'll
// do a little string replacement, changing the short tags
// to standard PHP echo statements.
- if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE)
+ if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE)
{
echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path))));
}
diff --git a/system/core/Model.php b/system/core/Model.php
index a595a6ae2..49b8d34e4 100755
--- a/system/core/Model.php
+++ b/system/core/Model.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Output.php b/system/core/Output.php
index abd8a0ea9..faebbbe72 100755
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Router.php b/system/core/Router.php
index d21319565..b251abb4b 100755
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
diff --git a/system/core/Security.php b/system/core/Security.php
index 1007f61f4..ac39ce97b 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Security Class
*
@@ -106,23 +104,27 @@ class CI_Security {
public function __construct()
{
- // CSRF config
- foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
+ // Is CSRF protection enabled?
+ if (config_item('csrf_protection') === TRUE)
{
- if (FALSE !== ($val = config_item($key)))
+ // CSRF config
+ foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
{
- $this->{'_'.$key} = $val;
+ if (FALSE !== ($val = config_item($key)))
+ {
+ $this->{'_'.$key} = $val;
+ }
}
- }
- // Append application specific cookie prefix
- if (config_item('cookie_prefix'))
- {
- $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
- }
+ // Append application specific cookie prefix
+ if (config_item('cookie_prefix'))
+ {
+ $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
+ }
- // Set the CSRF hash
- $this->_csrf_set_hash();
+ // Set the CSRF hash
+ $this->_csrf_set_hash();
+ }
log_message('debug', 'Security Class Initialized');
}
@@ -136,8 +138,8 @@ class CI_Security {
*/
public function csrf_verify()
{
- // If no POST data exists we will set the CSRF cookie
- if (count($_POST) === 0)
+ // If it's not a POST request we will set the CSRF cookie
+ if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST')
{
return $this->csrf_set_cookie();
}
@@ -189,12 +191,20 @@ class CI_Security {
$expire = time() + $this->_csrf_expire;
$secure_cookie = (bool) config_item('cookie_secure');
- if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS']))
+ if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off'))
{
return FALSE;
}
- setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
+ setcookie(
+ $this->_csrf_cookie_name,
+ $this->_csrf_hash,
+ $expire,
+ config_item('cookie_path'),
+ config_item('cookie_domain'),
+ $secure_cookie,
+ config_item('cookie_httponly')
+ );
log_message('debug', 'CRSF cookie Set');
return $this;
@@ -358,7 +368,7 @@ class CI_Security {
foreach ($words as $word)
{
- $word = implode("\s*", str_split($word)) . "\s*";
+ $word = implode('\s*', str_split($word)).'\s*';
// We only want to do this when it is followed by a non-word character
// That way valid stuff like "dealer to" does not become "dealerto"
@@ -425,7 +435,6 @@ class CI_Security {
'\\1\\2&#40;\\3&#41;',
$str);
-
// Final clean up
// This adds a bit of extra precaution in case
// something got through the above filters
@@ -601,7 +610,7 @@ class CI_Security {
}
// find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
@@ -633,7 +642,7 @@ class CI_Security {
{
return '&lt;'.$matches[1].$matches[2].$matches[3] // encode opening brace
// encode captured opening or closing brace to prevent recursive vectors:
- . str_replace(array('>', '<'), array('&gt;', '&lt;'), $matches[4]);
+ .str_replace(array('>', '<'), array('&gt;', '&lt;'), $matches[4]);
}
// --------------------------------------------------------------------
diff --git a/system/core/URI.php b/system/core/URI.php
index b28ee198b..48bb7ae3c 100755
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*
@@ -22,7 +22,6 @@
* @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
* @link http://codeigniter.com
* @since Version 1.0
- * @filesource
*/
// ------------------------------------------------------------------------
@@ -93,7 +92,7 @@ class CI_URI {
if (strtoupper($this->config->item('uri_protocol')) === 'AUTO')
{
// Is the request coming from the command line?
- if (php_sapi_name() === 'cli' OR defined('STDIN'))
+ if ($this->_is_cli_request())
{
$this->_set_uri_string($this->_parse_cli_args());
return;
@@ -227,6 +226,21 @@ class CI_URI {
}
// --------------------------------------------------------------------
+
+ /**
+ * Is cli Request?
+ *
+ * Duplicate of function from the Input class to test to see if a request was made from the command line
+ *
+ * @return boolean
+ */
+ protected function _is_cli_request()
+ {
+ return (php_sapi_name() == 'cli') OR defined('STDIN');
+ }
+
+
+ // --------------------------------------------------------------------
/**
* Parse cli arguments
@@ -444,9 +458,7 @@ class CI_URI {
return array();
}
- return function_exists('array_fill_keys')
- ? array_fill_keys($default, FALSE)
- : array_combine($default, array_fill(0, count($default), FALSE));
+ return array_fill_keys($default, FALSE);
}
$segments = array_slice($this->$segment_array(), ($n - 1));
diff --git a/system/core/Utf8.php b/system/core/Utf8.php
index 0e180d36f..ba3567453 100644
--- a/system/core/Utf8.php
+++ b/system/core/Utf8.php
@@ -2,7 +2,7 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
*
* NOTICE OF LICENSE
*