summaryrefslogtreecommitdiffstats
path: root/system/libraries
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries')
-rw-r--r--system/libraries/Encryption.php2
-rw-r--r--system/libraries/Session/Session.php36
-rw-r--r--system/libraries/Session/drivers/Session_files_driver.php45
-rw-r--r--system/libraries/Table.php1
-rw-r--r--system/libraries/Xmlrpc.php5
5 files changed, 77 insertions, 12 deletions
diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
index 06284c2ed..545081b3b 100644
--- a/system/libraries/Encryption.php
+++ b/system/libraries/Encryption.php
@@ -907,7 +907,7 @@ class CI_Encryption {
* Byte-safe strlen()
*
* @param string $str
- * @return integer
+ * @return int
*/
protected static function strlen($str)
{
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 3b391a8ef..5aac12f36 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -57,6 +57,7 @@ class CI_Session {
protected $_driver = 'files';
protected $_config;
+ protected $_sid_regexp;
// ------------------------------------------------------------------------
@@ -99,6 +100,7 @@ class CI_Session {
// Configuration ...
$this->_configure($params);
+ $this->_config['_sid_regexp'] = $this->_sid_regexp;
$class = new $class($this->_config);
if ($class instanceof SessionHandlerInterface)
@@ -131,7 +133,7 @@ class CI_Session {
if (isset($_COOKIE[$this->_config['cookie_name']])
&& (
! is_string($_COOKIE[$this->_config['cookie_name']])
- OR ! preg_match('/^[0-9a-f]{40}$/', $_COOKIE[$this->_config['cookie_name']])
+ OR ! preg_match('#\A'.$this->_sid_regexp.'\z#', $_COOKIE[$this->_config['cookie_name']])
)
)
{
@@ -315,8 +317,36 @@ class CI_Session {
ini_set('session.use_strict_mode', 1);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
- ini_set('session.hash_function', 1);
- ini_set('session.hash_bits_per_character', 4);
+
+ if (PHP_VERSION_ID < 70100)
+ {
+ if ((int) ini_get('session.hash_function') === 0)
+ {
+ ini_set('session.hash_function', 1);
+ ini_set('session.hash_bits_per_character', $bits_per_character = 4);
+ }
+ else
+ {
+ $bits_per_character = (int) ini_get('session.hash_bits_per_character');
+ }
+ }
+ elseif ((int) ini_get('session.sid_length') < 40 && ($bits_per_character = (int) ini_get('session.sid_bits_per_character')) === 4)
+ {
+ ini_set('session.sid_length', 40);
+ }
+
+ switch ($bits_per_character)
+ {
+ case 4:
+ $this->_sid_regexp = '[0-9a-f]{40,}';
+ break;
+ case 5:
+ $this->_sid_regexp = '[0-9a-v]{40,}';
+ break;
+ case 6:
+ $this->_sid_regexp = '[0-9a-zA-Z,-]{40,}';
+ break;
+ }
}
// ------------------------------------------------------------------------
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
index bf4df8b20..37315d3cd 100644
--- a/system/libraries/Session/drivers/Session_files_driver.php
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -76,6 +76,20 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
*/
protected $_file_new;
+ /**
+ * Validate SID regular expression
+ *
+ * @var string
+ */
+ protected $_sid_regexp;
+
+ /**
+ * mbstring.func_override flag
+ *
+ * @var bool
+ */
+ protected static $func_override;
+
// ------------------------------------------------------------------------
/**
@@ -98,6 +112,10 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
log_message('debug', 'Session: "sess_save_path" is empty; using "session.save_path" value from php.ini.');
$this->_config['save_path'] = rtrim(ini_get('session.save_path'), '/\\');
}
+
+ $this->_sid_regexp = $this->_config['_sid_regexp'];
+
+ isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override'));
}
// ------------------------------------------------------------------------
@@ -187,7 +205,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
}
$session_data = '';
- for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += strlen($buffer))
+ for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += self::strlen($buffer))
{
if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE)
{
@@ -343,10 +361,13 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
$ts = time() - $maxlifetime;
+ $pattern = ($this->_config['match_ip'] === TRUE)
+ ? '[0-9a-f]{32}'
+ : '';
+
$pattern = sprintf(
- '/^%s[0-9a-f]{%d}$/',
- preg_quote($this->_config['cookie_name'], '/'),
- ($this->_config['match_ip'] === TRUE ? 72 : 40)
+ '#\A%s'.$pattern.$this->_sid_regexp.'\z#',
+ preg_quote($this->_config['cookie_name'])
);
while (($file = readdir($directory)) !== FALSE)
@@ -368,4 +389,18 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
return $this->_success;
}
-} \ No newline at end of file
+ // --------------------------------------------------------------------
+
+ /**
+ * Byte-safe strlen()
+ *
+ * @param string $str
+ * @return int
+ */
+ protected static function strlen($str)
+ {
+ return (self::$func_override)
+ ? mb_strlen($str, '8bit')
+ : strlen($str);
+ }
+}
diff --git a/system/libraries/Table.php b/system/libraries/Table.php
index 3bce294d8..f2fa434d9 100644
--- a/system/libraries/Table.php
+++ b/system/libraries/Table.php
@@ -277,6 +277,7 @@ class CI_Table {
public function set_caption($caption)
{
$this->caption = $caption;
+ return $this;
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index 181a104d0..7186646da 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -735,6 +735,8 @@ class XML_RPC_Client extends CI_Xmlrpc
.'Content-Length: '.strlen($msg->payload).$r.$r
.$msg->payload;
+ stream_set_timeout($fp, $this->timeout); // set timeout for subsequent operations
+
for ($written = $timestamp = 0, $length = strlen($op); $written < $length; $written += $result)
{
if (($result = fwrite($fp, substr($op, $written))) === FALSE)
@@ -753,9 +755,6 @@ class XML_RPC_Client extends CI_Xmlrpc
$result = FALSE;
break;
}
-
- usleep(250000);
- continue;
}
else
{