summaryrefslogtreecommitdiffstats
path: root/system/libraries
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries')
-rw-r--r--system/libraries/Cache/drivers/Cache_memcached.php4
-rw-r--r--system/libraries/Cart.php4
-rw-r--r--system/libraries/Email.php22
-rw-r--r--system/libraries/Encrypt.php2
-rw-r--r--system/libraries/Form_validation.php2
-rw-r--r--system/libraries/Parser.php6
-rw-r--r--system/libraries/Profiler.php4
-rw-r--r--system/libraries/Session/drivers/Session_cookie.php3
-rw-r--r--system/libraries/Upload.php46
9 files changed, 55 insertions, 38 deletions
diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php
index 246a7a264..4c35c5550 100644
--- a/system/libraries/Cache/drivers/Cache_memcached.php
+++ b/system/libraries/Cache/drivers/Cache_memcached.php
@@ -196,7 +196,7 @@ class CI_Cache_memcached extends CI_Driver {
return FALSE;
}
- foreach ($this->_memcache_conf as $name => $cache_server)
+ foreach ($this->_memcache_conf as $cache_server)
{
if ( ! array_key_exists('hostname', $cache_server))
{
@@ -260,4 +260,4 @@ class CI_Cache_memcached extends CI_Driver {
}
/* End of file Cache_memcached.php */
-/* Location: ./system/libraries/Cache/drivers/Cache_memcached.php */ \ No newline at end of file
+/* Location: ./system/libraries/Cache/drivers/Cache_memcached.php */
diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php
index b7b0697fb..edc300bd7 100644
--- a/system/libraries/Cart.php
+++ b/system/libraries/Cart.php
@@ -51,7 +51,7 @@ class CI_Cart {
*
* @var string
*/
- public $product_name_rules = '\.\:\-_ a-z0-9';
+ public $product_name_rules = '\w \-\.\:';
/**
* only allow safe product names
@@ -214,7 +214,7 @@ class CI_Cart {
// Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods.
// Note: These can be user-specified by setting the $this->product_name_rules variable.
- if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i', $items['name']))
+ if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $items['name']))
{
log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces');
return FALSE;
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index a745d331d..46ffaa1d4 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -739,7 +739,7 @@ class CI_Email {
*/
public function set_header($header, $value)
{
- $this->_headers[$header] = $value;
+ $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value);
}
// --------------------------------------------------------------------
@@ -1236,7 +1236,7 @@ class CI_Email {
/**
* Build Final Body and attachments
*
- * @return void
+ * @return bool
*/
protected function _build_message()
{
@@ -1275,7 +1275,7 @@ class CI_Email {
if ($this->send_multipart === FALSE)
{
$hdr .= 'Content-Type: text/html; charset='.$this->charset.$this->newline
- .'Content-Transfer-Encoding: quoted-printable';
+ .'Content-Transfer-Encoding: quoted-printable'.$this->newline.$this->newline;
}
else
{
@@ -1401,7 +1401,7 @@ class CI_Email {
$body .= implode($this->newline, $attachment).$this->newline.'--'.$this->_atc_boundary.'--';
$this->_finalbody = ($this->_get_protocol() === 'mail') ? $body : $hdr.$body;
- return;
+ return TRUE;
}
// --------------------------------------------------------------------
@@ -1606,7 +1606,11 @@ class CI_Email {
return $result;
}
- $this->_build_message();
+ if ($this->_build_message() === FALSE)
+ {
+ return FALSE;
+ }
+
$result = $this->_spool_email();
if ($result && $auto_clear)
@@ -1665,7 +1669,11 @@ class CI_Email {
$this->_bcc_array = $bcc;
}
- $this->_build_message();
+ if ($this->_build_message() === FALSE)
+ {
+ return FALSE;
+ }
+
$this->_spool_email();
}
}
@@ -2132,7 +2140,7 @@ class CI_Email {
if (in_array('headers', $include, TRUE))
{
- $raw_data = $this->_header_str."\n";
+ $raw_data = htmlspecialchars($this->_header_str)."\n";
}
if (in_array('subject', $include, TRUE))
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php
index c6a1cb175..8ac5420de 100644
--- a/system/libraries/Encrypt.php
+++ b/system/libraries/Encrypt.php
@@ -244,7 +244,7 @@ class CI_Encrypt {
$rand = '';
do
{
- $rand .= mt_rand(0, mt_getrandmax());
+ $rand .= mt_rand();
}
while (strlen($rand) < 32);
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 1ed50844c..40ba01202 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1405,7 +1405,7 @@ class CI_Form_validation {
*/
public function valid_base64($str)
{
- return ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str);
+ return (base64_encode(base64_decode($str)) === $str);
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Parser.php b/system/libraries/Parser.php
index 1c26bd2b2..7e843e710 100644
--- a/system/libraries/Parser.php
+++ b/system/libraries/Parser.php
@@ -38,14 +38,14 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class CI_Parser {
/**
- * Left delimeter character for psuedo vars
+ * Left delimiter character for pseudo vars
*
* @var string
*/
public $l_delim = '{';
/**
- * Right delimeter character for psuedo vars
+ * Right delimiter character for pseudo vars
*
* @var string
*/
@@ -228,4 +228,4 @@ class CI_Parser {
}
/* End of file Parser.php */
-/* Location: ./system/libraries/Parser.php */ \ No newline at end of file
+/* Location: ./system/libraries/Parser.php */
diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index 470688fdc..0c60efb8b 100644
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -405,7 +405,7 @@ class CI_Profiler {
.'<fieldset id="ci_profiler_controller_info" style="border:1px solid #995300;padding:6px 10px 10px 10px;margin:20px 0 20px 0;background-color:#eee;">'
."\n"
.'<legend style="color:#995300;">&nbsp;&nbsp;'.$this->CI->lang->line('profiler_controller_info')."&nbsp;&nbsp;</legend>\n"
- .'<div style="color:#995300;font-weight:normal;padding:4px 0 4px 0;">'.$this->CI->router->fetch_class().'/'.$this->CI->router->fetch_method()
+ .'<div style="color:#995300;font-weight:normal;padding:4px 0 4px 0;">'.$this->CI->router->class.'/'.$this->CI->router->method
.'</div></fieldset>';
}
@@ -447,7 +447,7 @@ class CI_Profiler {
.'&nbsp;&nbsp;(<span style="cursor: pointer;" onclick="var s=document.getElementById(\'ci_profiler_httpheaders_table\').style;s.display=s.display==\'none\'?\'\':\'none\';this.innerHTML=this.innerHTML==\''.$this->CI->lang->line('profiler_section_show').'\'?\''.$this->CI->lang->line('profiler_section_hide').'\':\''.$this->CI->lang->line('profiler_section_show').'\';">'.$this->CI->lang->line('profiler_section_show')."</span>)</legend>\n\n\n"
.'<table style="width:100%;display:none;" id="ci_profiler_httpheaders_table">'."\n";
- foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR') as $header)
+ foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR', 'HTTP_DNT') as $header)
{
$val = isset($_SERVER[$header]) ? $_SERVER[$header] : '';
$output .= '<tr><td style="vertical-align:top;width:50%;padding:5px;color:#900;background-color:#ddd;">'
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 0e8644102..7174d63c8 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -641,7 +641,7 @@ class CI_Session_cookie extends CI_Session_driver {
$new_sessid = '';
do
{
- $new_sessid .= mt_rand(0, mt_getrandmax());
+ $new_sessid .= mt_rand();
}
while (strlen($new_sessid) < 32);
@@ -832,7 +832,6 @@ class CI_Session_cookie extends CI_Session_driver {
$probability = ini_get('session.gc_probability');
$divisor = ini_get('session.gc_divisor');
- srand(time());
if ((mt_rand(0, $divisor) / $divisor) < $probability)
{
$expire = $this->now - $this->sess_expiration;
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 1c14f99ed..85428044d 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -136,6 +136,13 @@ class CI_Upload {
public $file_ext = '';
/**
+ * Force filename extension to lowercase
+ *
+ * @var string
+ */
+ public $file_ext_tolower = FALSE;
+
+ /**
* Upload path
*
* @var string
@@ -294,6 +301,7 @@ class CI_Upload {
'file_type' => '',
'file_size' => NULL,
'file_ext' => '',
+ 'file_ext_tolower' => FALSE,
'upload_path' => '',
'overwrite' => FALSE,
'encrypt_name' => FALSE,
@@ -366,25 +374,25 @@ class CI_Upload {
switch ($error)
{
- case 1: // UPLOAD_ERR_INI_SIZE
+ case UPLOAD_ERR_INI_SIZE:
$this->set_error('upload_file_exceeds_limit');
break;
- case 2: // UPLOAD_ERR_FORM_SIZE
+ case UPLOAD_ERR_FORM_SIZE:
$this->set_error('upload_file_exceeds_form_limit');
break;
- case 3: // UPLOAD_ERR_PARTIAL
+ case UPLOAD_ERR_PARTIAL:
$this->set_error('upload_file_partial');
break;
- case 4: // UPLOAD_ERR_NO_FILE
+ case UPLOAD_ERR_NO_FILE:
$this->set_error('upload_no_file_selected');
break;
- case 6: // UPLOAD_ERR_NO_TMP_DIR
+ case UPLOAD_ERR_NO_TMP_DIR:
$this->set_error('upload_no_temp_directory');
break;
- case 7: // UPLOAD_ERR_CANT_WRITE
+ case UPLOAD_ERR_CANT_WRITE:
$this->set_error('upload_unable_to_write_file');
break;
- case 8: // UPLOAD_ERR_EXTENSION
+ case UPLOAD_ERR_EXTENSION:
$this->set_error('upload_stopped_by_extension');
break;
default:
@@ -604,7 +612,6 @@ class CI_Upload {
{
if ($this->encrypt_name === TRUE)
{
- mt_srand();
$filename = md5(uniqid(mt_rand())).$this->file_ext;
}
@@ -966,7 +973,14 @@ class CI_Upload {
public function get_extension($filename)
{
$x = explode('.', $filename);
- return (count($x) !== 1) ? '.'.end($x) : '';
+
+ if (count($x) === 1)
+ {
+ return '';
+ }
+
+ $ext = ($this->file_ext_tolower) ? strtolower(end($x)) : end($x);
+ return '.'.$ext;
}
// --------------------------------------------------------------------
@@ -1076,18 +1090,14 @@ class CI_Upload {
$CI =& get_instance();
$CI->lang->load('upload');
- if (is_array($msg))
+ if ( ! is_array($msg))
{
- foreach ($msg as $val)
- {
- $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val);
- $this->error_msg[] = $msg;
- log_message('error', $msg);
- }
+ $msg = array($msg);
}
- else
+
+ foreach ($msg as $val)
{
- $msg = ($CI->lang->line($msg) === FALSE) ? $msg : $CI->lang->line($msg);
+ $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val);
$this->error_msg[] = $msg;
log_message('error', $msg);
}