diff options
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Benchmark.php | 2 | ||||
-rw-r--r-- | system/core/CodeIgniter.php | 2 | ||||
-rw-r--r-- | system/core/Common.php | 19 | ||||
-rw-r--r-- | system/core/Config.php | 2 | ||||
-rw-r--r-- | system/core/Controller.php | 2 | ||||
-rw-r--r-- | system/core/Exceptions.php | 2 | ||||
-rw-r--r-- | system/core/Hooks.php | 2 | ||||
-rw-r--r-- | system/core/Input.php | 4 | ||||
-rw-r--r-- | system/core/Lang.php | 2 | ||||
-rw-r--r-- | system/core/Loader.php | 2 | ||||
-rw-r--r-- | system/core/Log.php | 2 | ||||
-rw-r--r-- | system/core/Model.php | 2 | ||||
-rw-r--r-- | system/core/Output.php | 167 | ||||
-rw-r--r-- | system/core/Router.php | 2 | ||||
-rw-r--r-- | system/core/Security.php | 37 | ||||
-rw-r--r-- | system/core/URI.php | 16 | ||||
-rw-r--r-- | system/core/Utf8.php | 2 |
17 files changed, 192 insertions, 75 deletions
diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index e80ee54dd..f9be18a42 100644 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 89081b572..8affde64d 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Common.php b/system/core/Common.php index 7feb16bfd..a4b4f2b3e 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -681,17 +681,22 @@ if ( ! function_exists('function_usable')) { if ( ! isset($_suhosin_func_blacklist)) { - $_suhosin_func_blacklist = extension_loaded('suhosin') - ? array() - : explode(',', trim(@ini_get('suhosin.executor.func.blacklist'))); + if (extension_loaded('suhosin')) + { + $_suhosin_func_blacklist = explode(',', trim(@ini_get('suhosin.executor.func.blacklist'))); - if ( ! in_array('eval', $_suhosin_func_blacklist, TRUE) && @ini_get('suhosin.executor.disable_eval')) + if ( ! in_array('eval', $_suhosin_func_blacklist, TRUE) && @ini_get('suhosin.executor.disable_eval')) + { + $_suhosin_func_blacklist[] = 'eval'; + } + } + else { - $_suhosin_func_blacklist[] = 'eval'; + $_suhosin_func_blacklist = array(); } } - return in_array($function_name, $_suhosin_func_blacklist, TRUE); + return ! in_array($function_name, $_suhosin_func_blacklist, TRUE); } return FALSE; diff --git a/system/core/Config.php b/system/core/Config.php index 38bcd5c8f..0160d1a15 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Controller.php b/system/core/Controller.php index ee6fec8d5..3fcadcadf 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index ced65ece4..e6023e73b 100644 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 3c28ec9ba..2cb416c0c 100644 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Input.php b/system/core/Input.php index a3ad14e24..82e22dd49 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -788,7 +788,7 @@ class CI_Input { // take SOME_HEADER and turn it into Some-Header foreach ($headers as $key => $val) { - $key = str_replace('_', ' ', strtolower($key)); + $key = str_replace(array('_', '-'), ' ', strtolower($key)); $key = str_replace(' ', '-', ucwords($key)); $this->headers[$key] = $val; diff --git a/system/core/Lang.php b/system/core/Lang.php index 9e6f43716..3236709f2 100644 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Loader.php b/system/core/Loader.php index 651507470..3f20675a7 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Log.php b/system/core/Log.php index 718f50587..9dabfe6f2 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Model.php b/system/core/Model.php index 28fdfbb69..1eb6f909b 100644 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Output.php b/system/core/Output.php index 98deff55c..ce0500e71 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -143,7 +143,7 @@ class CI_Output { * Sets the output string. * * @param string $output Output data - * @return object $this + * @return CI_Output */ public function set_output($output) { @@ -159,7 +159,7 @@ class CI_Output { * Appends data onto the output string. * * @param string $output Data to append - * @return object $this + * @return CI_Output */ public function append_output($output) { @@ -187,7 +187,7 @@ class CI_Output { * * @param string $header Header * @param bool $replace Whether to replace the old header value, if already set - * @return object $this + * @return CI_Output */ public function set_header($header, $replace = TRUE) { @@ -211,7 +211,7 @@ class CI_Output { * * @param string $mime_type Extension of the file we're outputting * @param string $charset Character set (default: NULL) - * @return object $this + * @return CI_Output */ public function set_content_type($mime_type, $charset = NULL) { @@ -239,7 +239,7 @@ class CI_Output { } $header = 'Content-Type: '.$mime_type - .(empty($charset) ? NULL : '; charset='.strtolower($charset)); + .(empty($charset) ? NULL : '; charset='.$charset); $this->headers[] = array($header, TRUE); return $this; @@ -308,7 +308,7 @@ class CI_Output { * * @param int $code Status code (default: 200) * @param string $text Optional message - * @return object $this + * @return CI_Output */ public function set_status_header($code = 200, $text = '') { @@ -322,7 +322,7 @@ class CI_Output { * Enable/disable Profiler * * @param bool $val TRUE to enable or FALSE to disable - * @return object $this + * @return CI_Output */ public function enable_profiler($val = TRUE) { @@ -339,7 +339,7 @@ class CI_Output { * Profiler section display. * * @param array $sections Profiler sections - * @return object $this + * @return CI_Output */ public function set_profiler_sections($sections) { @@ -363,7 +363,7 @@ class CI_Output { * Set Cache * * @param int $time Cache expiration time in seconds - * @return object $this + * @return CI_Output */ public function cache($time) { @@ -710,9 +710,7 @@ class CI_Output { { case 'text/html': - $size_before = strlen($output); - - if ($size_before === 0) + if (($size_before = strlen($output)) === 0) { return ''; } @@ -728,13 +726,13 @@ class CI_Output { preg_match_all('{<style.+</style>}msU', $output, $style_clean); foreach ($style_clean[0] as $s) { - $output = str_replace($s, $this->minify($s, 'text/css'), $output); + $output = str_replace($s, $this->_minify_script_style($s, TRUE), $output); } // Minify the javascript in <script> tags. foreach ($javascript_clean[0] as $s) { - $javascript_mini[] = $this->minify($s, 'text/javascript'); + $javascript_mini[] = $this->_minify_script_style($s, TRUE); } // Replace multiple spaces with a single space. @@ -780,19 +778,10 @@ class CI_Output { break; case 'text/css': - - //Remove CSS comments - $output = preg_replace('!/\*[^*]*\*+([^/][^*]*\*+)*/!', '', $output); - - // Remove spaces around curly brackets, colons, - // semi-colons, parenthesis, commas - $output = preg_replace('!\s*(:|;|,|}|{|\(|\))\s*!', '$1', $output); - - break; - case 'text/javascript': - // Currently leaves JavaScript untouched. + $output = $this->_minify_script_style($output); + break; default: break; @@ -801,6 +790,132 @@ class CI_Output { return $output; } + // -------------------------------------------------------------------- + + /** + * Minify Style and Script + * + * Reduce excessive size of CSS/JavaScript content. To remove spaces this + * script walks the string as an array and determines if the pointer is inside + * a string created by single quotes or double quotes. spaces inside those + * strings are not stripped. Opening and closing tags are severed from + * the string initially and saved without stripping whitespace to preserve + * the tags and any associated properties if tags are present + * + * Minification logic/workflow is similar to methods used by Douglas Crockford + * in JSMIN. http://www.crockford.com/javascript/jsmin.html + * + * KNOWN ISSUE: ending a line with a closing parenthesis ')' and no semicolon + * where there should be one will break the Javascript. New lines after a + * closing parenthesis are not recognized by the script. For best results + * be sure to terminate lines with a semicolon when appropriate. + * + * @param string $output Output to minify + * @param bool $has_tags Specify if the output has style or script tags + * @return string Minified output + */ + protected function _minify_script_style($output, $has_tags = FALSE) + { + // We only need this if there are tags in the file + if ($has_tags === TRUE) + { + // Remove opening tag and save for later + $pos = strpos($output, '>') + 1; + $open_tag = substr($output, 0, $pos); + $output = substr_replace($output, '', 0, $pos); + + // Remove closing tag and save it for later + $end_pos = strlen($output); + $pos = strpos($output, '</'); + $closing_tag = substr($output, $pos, $end_pos); + $output = substr_replace($output, '', $pos); + } + + // Remove CSS comments + $output = preg_replace('!/\*[^*]*\*+([^/][^*]*\*+)*/!i', '', $output); + + // Remove spaces around curly brackets, colons, + // semi-colons, parenthesis, commas + $output = preg_replace('!\s*(:|;|,|}|{|\(|\))\s*!i', '$1', $output); + + // Replace tabs with spaces + // Replace carriage returns & multiple new lines with single new line + // and trim any leading or trailing whitespace + $output = trim(preg_replace(array('/\t+/', '/\r/', '/\n+/'), array(' ', "\n", "\n"), $output)); + + // Remove spaces when safe to do so. + $in_string = $in_dstring = $prev = FALSE; + $array_output = str_split($output); + foreach ($array_output as $key => $value) + { + if ($in_string === FALSE && $in_dstring === FALSE) + { + if ($value === ' ') + { + // Get the next element in the array for comparisons + $next = $array_output[$key + 1]; + + // Strip spaces preceded/followed by a non-ASCII character + // or not preceded/followed by an alphanumeric + // or not preceded/followed \ $ and _ + if ((preg_match('/^[\x20-\x7f]*$/D', $next) OR preg_match('/^[\x20-\x7f]*$/D', $prev)) + && ( ! ctype_alnum($next) OR ! ctype_alnum($prev)) + && ! in_array($next, array('\\', '_', '$'), TRUE) + && ! in_array($prev, array('\\', '_', '$'), TRUE) + ) + { + unset($array_output[$key]); + } + } + else + { + // Save this value as previous for the next iteration + // if it is not a blank space + $prev = $value; + } + } + + if ($value === "'") + { + $in_string = ! $in_string; + } + elseif ($value === '"') + { + $in_dstring = ! $in_dstring; + } + } + + // Put the string back together after spaces have been stripped + $output = implode($array_output); + + // Remove new line characters unless previous or next character is + // printable or Non-ASCII + preg_match_all('/[\n]/', $output, $lf, PREG_OFFSET_CAPTURE); + $removed_lf = 0; + foreach ($lf as $feed_position) + { + foreach ($feed_position as $position) + { + $position = $position[1] - $removed_lf; + $next = $output[$position + 1]; + $prev = $output[$position - 1]; + if ( ! ctype_print($next) && ! ctype_print($prev) + && ! preg_match('/^[\x20-\x7f]*$/D', $next) + && ! preg_match('/^[\x20-\x7f]*$/D', $prev) + ) + { + $output = substr_replace($output, '', $position, 1); + $removed_lf++; + } + } + } + + // Put the opening and closing tags back if applicable + return isset($open_tag) + ? $open_tag.$output.$closing_tag + : $output; + } + } /* End of file Output.php */ diff --git a/system/core/Router.php b/system/core/Router.php index 76772a0fb..f284e29cc 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Security.php b/system/core/Security.php index c415544b6..a6cd14a5f 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -151,7 +151,7 @@ class CI_Security { /** * CSRF Verify * - * @return object + * @return CI_Security */ public function csrf_verify() { @@ -202,7 +202,7 @@ class CI_Security { * CSRF Set Cookie * * @codeCoverageIgnore - * @return object + * @return CI_Security */ public function csrf_set_cookie() { @@ -329,7 +329,7 @@ class CI_Security { * these are the ones that will pose security problems. */ $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); - $str = preg_replace_callback('/<\w+.*?(?=>|<|$)/si', array($this, '_decode_entity'), $str); + $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str); // Remove Invisible Characters Again! $str = remove_invisible_characters($str); @@ -526,9 +526,17 @@ class CI_Security { $charset = config_item('charset'); } - $str = html_entity_decode($str, ENT_COMPAT, $charset); - $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); - return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); + do + { + $matches = $matches1 = 0; + + $str = html_entity_decode($str, ENT_COMPAT, $charset); + $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches); + $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1); + } + while ($matches OR $matches1); + + return $str; } // -------------------------------------------------------------------- @@ -642,17 +650,16 @@ class CI_Security { $count = 0; $attribs = array(); - // find occurrences of illegal attribute strings without quotes - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { - $attribs[] = preg_quote($attr[0], '/'); } - // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); + // find occurrences of illegal attribute strings without quotes + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -662,10 +669,10 @@ class CI_Security { // replace illegal attribute strings that are inside an html tag if (count($attribs) > 0) { - $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><])([><]*)/i', '<$1 $3$5$6$7', $str, -1, $count); + $str = preg_replace('/(<?)(\/?[^><]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><]?)([><]*)/i', '$1$2 $4$6$7$8', $str, -1, $count); } - - } while ($count); + } + while ($count); return $str; } diff --git a/system/core/URI.php b/system/core/URI.php index 900472b61..fb8540118 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 @@ -506,23 +506,13 @@ class CI_URI { return $default; } - in_array($which, array('segment', 'rsegment'), TRUE) OR $which = 'segment'; - if (isset($this->keyval[$which], $this->keyval[$which][$n])) { return $this->keyval[$which][$n]; } - if ($which === 'segment') - { - $total_segments = 'total_segments'; - $segment_array = 'segment_array'; - } - else - { - $total_segments = 'total_rsegments'; - $segment_array = 'rsegment_array'; - } + $total_segments = "total_{$which}s"; + $segment_array = "{$which}_array"; if ($this->$total_segments() < $n) { diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 5bc2dd5c9..a78616d40 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 2.0 |