diff options
Diffstat (limited to 'system/libraries')
| -rw-r--r-- | system/libraries/Email.php | 338 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 159 | ||||
| -rw-r--r-- | system/libraries/Image_lib.php | 2 | ||||
| -rw-r--r-- | system/libraries/Profiler.php | 12 | ||||
| -rw-r--r-- | system/libraries/Session.php | 12 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 121 |
6 files changed, 354 insertions, 290 deletions
diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 922107e9f..8d839d0c9 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Email Class * @@ -40,55 +38,55 @@ */ class CI_Email { - public $useragent = "CodeIgniter"; - public $mailpath = "/usr/sbin/sendmail"; // Sendmail path - public $protocol = "mail"; // mail/sendmail/smtp - public $smtp_host = ""; // SMTP Server. Example: mail.earthlink.net - public $smtp_user = ""; // SMTP Username - public $smtp_pass = ""; // SMTP Password - public $smtp_port = "25"; // SMTP Port - public $smtp_timeout = 5; // SMTP Timeout in seconds - public $smtp_crypto = ""; // SMTP Encryption. Can be null, tls or ssl. - public $wordwrap = TRUE; // TRUE/FALSE Turns word-wrap on/off - public $wrapchars = "76"; // Number of characters to wrap at. - public $mailtype = "text"; // text/html Defines email formatting - public $charset = "utf-8"; // Default char set: iso-8859-1 or us-ascii - public $multipart = "mixed"; // "mixed" (in the body) or "related" (separate) - public $alt_message = ''; // Alternative message for HTML emails - public $validate = FALSE; // TRUE/FALSE. Enables email validation - public $priority = "3"; // Default priority (1 - 5) - public $newline = "\n"; // Default newline. "\r\n" or "\n" (Use "\r\n" to comply with RFC 822) - public $crlf = "\n"; // The RFC 2045 compliant CRLF for quoted-printable is "\r\n". Apparently some servers, + public $useragent = 'CodeIgniter'; + public $mailpath = '/usr/sbin/sendmail'; // Sendmail path + public $protocol = 'mail'; // mail/sendmail/smtp + public $smtp_host = ''; // SMTP Server. Example: mail.earthlink.net + public $smtp_user = ''; // SMTP Username + public $smtp_pass = ''; // SMTP Password + public $smtp_port = 25; // SMTP Port + public $smtp_timeout = 5; // SMTP Timeout in seconds + public $smtp_crypto = ''; // SMTP Encryption. Can be null, tls or ssl. + public $wordwrap = TRUE; // TRUE/FALSE Turns word-wrap on/off + public $wrapchars = 76; // Number of characters to wrap at. + public $mailtype = 'text'; // text/html Defines email formatting + public $charset = 'utf-8'; // Default char set: iso-8859-1 or us-ascii + public $multipart = 'mixed'; // "mixed" (in the body) or "related" (separate) + public $alt_message = ''; // Alternative message for HTML emails + public $validate = FALSE; // TRUE/FALSE. Enables email validation + public $priority = 3; // Default priority (1 - 5) + public $newline = "\n"; // Default newline. "\r\n" or "\n" (Use "\r\n" to comply with RFC 822) + public $crlf = "\n"; // The RFC 2045 compliant CRLF for quoted-printable is "\r\n". Apparently some servers, // even on the receiving end think they need to muck with CRLFs, so using "\n", while // distasteful, is the only thing that seems to work for all environments. public $send_multipart = TRUE; // TRUE/FALSE - Yahoo does not like multipart alternative, so this is an override. Set to FALSE for Yahoo. - public $bcc_batch_mode = FALSE; // TRUE/FALSE Turns on/off Bcc batch feature + public $bcc_batch_mode = FALSE; // TRUE/FALSE - Turns on/off Bcc batch feature public $bcc_batch_size = 200; // If bcc_batch_mode = TRUE, sets max number of Bccs in each batch - private $_safe_mode = FALSE; - private $_subject = ""; - private $_body = ""; - private $_finalbody = ""; - private $_alt_boundary = ""; - private $_atc_boundary = ""; - private $_header_str = ""; - private $_smtp_connect = ""; - private $_encoding = "8bit"; - private $_IP = FALSE; - private $_smtp_auth = FALSE; - private $_replyto_flag = FALSE; - private $_debug_msg = array(); - private $_recipients = array(); - private $_cc_array = array(); - private $_bcc_array = array(); - private $_headers = array(); - private $_attach_name = array(); - private $_attach_type = array(); - private $_attach_disp = array(); - private $_protocols = array('mail', 'sendmail', 'smtp'); - private $_base_charsets = array('us-ascii', 'iso-2022-'); // 7-bit charsets (excluding language suffix) - private $_bit_depths = array('7bit', '8bit'); - private $_priorities = array('1 (Highest)', '2 (High)', '3 (Normal)', '4 (Low)', '5 (Lowest)'); + protected $_safe_mode = FALSE; + protected $_subject = ''; + protected $_body = ''; + protected $_finalbody = ''; + protected $_alt_boundary = ''; + protected $_atc_boundary = ''; + protected $_header_str = ''; + protected $_smtp_connect = ''; + protected $_encoding = '8bit'; + protected $_IP = FALSE; + protected $_smtp_auth = FALSE; + protected $_replyto_flag = FALSE; + protected $_debug_msg = array(); + protected $_recipients = array(); + protected $_cc_array = array(); + protected $_bcc_array = array(); + protected $_headers = array(); + protected $_attach_name = array(); + protected $_attach_type = array(); + protected $_attach_disp = array(); + protected $_protocols = array('mail', 'sendmail', 'smtp'); + protected $_base_charsets = array('us-ascii', 'iso-2022-'); // 7-bit charsets (excluding language suffix) + protected $_bit_depths = array('7bit', '8bit'); + protected $_priorities = array('1 (Highest)', '2 (High)', '3 (Normal)', '4 (Low)', '5 (Lowest)'); /** * Constructor - Sets Email Preferences @@ -103,11 +101,11 @@ class CI_Email { } else { - $this->_smtp_auth = ($this->smtp_user == '' AND $this->smtp_pass == '') ? FALSE : TRUE; - $this->_safe_mode = (bool) @ini_get("safe_mode"); + $this->_smtp_auth = ! ($this->smtp_user == '' && $this->smtp_pass == ''); + $this->_safe_mode = (bool) @ini_get('safe_mode'); } - log_message('debug', "Email Class Initialized"); + log_message('debug', 'Email Class Initialized'); } // -------------------------------------------------------------------- @@ -115,7 +113,6 @@ class CI_Email { /** * Initialize preferences * - * @access public * @param array * @return void */ @@ -139,8 +136,8 @@ class CI_Email { } $this->clear(); - $this->_smtp_auth = ($this->smtp_user == '' AND $this->smtp_pass == '') ? FALSE : TRUE; - $this->_safe_mode = (bool) @ini_get("safe_mode"); + $this->_smtp_auth = ! ($this->smtp_user == '' && $this->smtp_pass == ''); + $this->_safe_mode = (bool) @ini_get('safe_mode'); return $this; } @@ -150,17 +147,16 @@ class CI_Email { /** * Initialize the Email Data * - * @access public * @param bool - * @return void + * @return object */ public function clear($clear_attachments = FALSE) { - $this->_subject = ""; - $this->_body = ""; - $this->_finalbody = ""; - $this->_header_str = ""; - $this->_replyto_flag = FALSE; + $this->_subject = ''; + $this->_body = ''; + $this->_finalbody = ''; + $this->_header_str = ''; + $this->_replyto_flag = FALSE; $this->_recipients = array(); $this->_cc_array = array(); $this->_bcc_array = array(); @@ -185,14 +181,13 @@ class CI_Email { /** * Set FROM * - * @access public * @param string * @param string - * @return void + * @return object */ public function from($from, $name = '') { - if (preg_match( '/\<(.*)\>/', $from, $match)) + if (preg_match('/\<(.*)\>/', $from, $match)) { $from = $match[1]; } @@ -228,14 +223,13 @@ class CI_Email { /** * Set Reply-to * - * @access public * @param string * @param string - * @return void + * @return object */ public function reply_to($replyto, $name = '') { - if (preg_match( '/\<(.*)\>/', $replyto, $match)) + if (preg_match('/\<(.*)\>/', $replyto, $match)) { $replyto = $match[1]; } @@ -266,9 +260,8 @@ class CI_Email { /** * Set Recipients * - * @access public * @param string - * @return void + * @return object */ public function to($to) { @@ -282,17 +275,17 @@ class CI_Email { if ($this->_get_protocol() !== 'mail') { - $this->_set_header('To', implode(", ", $to)); + $this->_set_header('To', implode(', ', $to)); } switch ($this->_get_protocol()) { - case 'smtp' : + case 'smtp': $this->_recipients = $to; break; - case 'sendmail' : - case 'mail' : - $this->_recipients = implode(", ", $to); + case 'sendmail': + case 'mail': + $this->_recipients = implode(', ', $to); break; } @@ -304,9 +297,8 @@ class CI_Email { /** * Set CC * - * @access public * @param string - * @return void + * @return object */ public function cc($cc) { @@ -318,7 +310,7 @@ class CI_Email { $this->validate_email($cc); } - $this->_set_header('Cc', implode(", ", $cc)); + $this->_set_header('Cc', implode(', ', $cc)); if ($this->_get_protocol() === 'smtp') { @@ -333,10 +325,9 @@ class CI_Email { /** * Set BCC * - * @access public * @param string * @param string - * @return void + * @return object */ public function bcc($bcc, $limit = '') { @@ -360,7 +351,7 @@ class CI_Email { } else { - $this->_set_header('Bcc', implode(", ", $bcc)); + $this->_set_header('Bcc', implode(', ', $bcc)); } return $this; @@ -371,9 +362,8 @@ class CI_Email { /** * Set Email Subject * - * @access public * @param string - * @return void + * @return object */ public function subject($subject) { @@ -387,13 +377,12 @@ class CI_Email { /** * Set Body * - * @access public * @param string - * @return void + * @return object */ public function message($body) { - $this->_body = rtrim(str_replace("\r", "", $body)); + $this->_body = rtrim(str_replace("\r", '', $body)); /* strip slashes only if magic quotes is ON if we do it with magic quotes OFF, it strips real, user-inputted chars. @@ -414,9 +403,8 @@ class CI_Email { /** * Assign file attachments * - * @access public * @param string - * @return void + * @return object */ public function attach($filename, $disposition = '', $newname = NULL) { @@ -431,7 +419,6 @@ class CI_Email { /** * Add a Header Item * - * @access protected * @param string * @param string * @return void @@ -446,7 +433,6 @@ class CI_Email { /** * Convert a String to an Array * - * @access protected * @param string * @return array */ @@ -460,8 +446,7 @@ class CI_Email { } else { - $email = trim($email); - settype($email, "array"); + $email = (array) trim($email); } } return $email; @@ -472,9 +457,8 @@ class CI_Email { /** * Set Multipart Value * - * @access public * @param string - * @return void + * @return object */ public function set_alt_message($str = '') { @@ -487,9 +471,8 @@ class CI_Email { /** * Set Mailtype * - * @access public * @param string - * @return void + * @return object */ public function set_mailtype($type = 'text') { @@ -502,9 +485,8 @@ class CI_Email { /** * Set Wordwrap * - * @access public * @param bool - * @return void + * @return object */ public function set_wordwrap($wordwrap = TRUE) { @@ -517,13 +499,12 @@ class CI_Email { /** * Set Protocol * - * @access public * @param string - * @return void + * @return object */ public function set_protocol($protocol = 'mail') { - $this->protocol = ( ! in_array($protocol, $this->_protocols, TRUE)) ? 'mail' : strtolower($protocol); + $this->protocol = in_array($protocol, $this->_protocols, TRUE) ? strtolower($protocol) : 'mail'; return $this; } @@ -532,19 +513,12 @@ class CI_Email { /** * Set Priority * - * @access public - * @param integer - * @return void + * @param int + * @return object */ public function set_priority($n = 3) { - if ( ! is_numeric($n) OR $n < 1 OR $n > 5) - { - $this->priority = 3; - return; - } - - $this->priority = (int) $n; + $this->priority = preg_match('/^[1-5]$/', $n) ? (int) $n : 3; return $this; } @@ -553,9 +527,8 @@ class CI_Email { /** * Set Newline Character * - * @access public * @param string - * @return void + * @return object */ public function set_newline($newline = "\n") { @@ -568,13 +541,12 @@ class CI_Email { /** * Set CRLF * - * @access public * @param string - * @return void + * @return object */ public function set_crlf($crlf = "\n") { - $this->crlf = ($crlf !== "\n" AND $crlf !== "\r\n" AND $crlf !== "\r") ? "\n" : $crlf; + $this->crlf = ($crlf !== "\n" && $crlf !== "\r\n" && $crlf !== "\r") ? "\n" : $crlf; return $this; } @@ -583,13 +555,12 @@ class CI_Email { /** * Set Message Boundary * - * @access protected * @return void */ protected function _set_boundaries() { - $this->_alt_boundary = "B_ALT_".uniqid(''); // multipart/alternative - $this->_atc_boundary = "B_ATC_".uniqid(''); // attachment boundary + $this->_alt_boundary = 'B_ALT_'.uniqid(''); // multipart/alternative + $this->_atc_boundary = 'B_ATC_'.uniqid(''); // attachment boundary } // -------------------------------------------------------------------- @@ -597,14 +568,12 @@ class CI_Email { /** * Get the Message ID * - * @access protected * @return string */ protected function _get_message_id() { $from = str_replace(array('>', '<'), '', $this->_headers['Return-Path']); - - return "<".uniqid('').strstr($from, '@').">"; + return '<'.uniqid('').strstr($from, '@').'>'; } // -------------------------------------------------------------------- @@ -612,14 +581,13 @@ class CI_Email { /** * Get Mail Protocol * - * @access protected * @param bool - * @return string + * @return mixed */ protected function _get_protocol($return = TRUE) { $this->protocol = strtolower($this->protocol); - $this->protocol = ( ! in_array($this->protocol, $this->_protocols, TRUE)) ? 'mail' : $this->protocol; + in_array($this->protocol, $this->_protocols, TRUE) OR $this->protocol = 'mail'; if ($return == TRUE) { @@ -632,13 +600,12 @@ class CI_Email { /** * Get Mail Encoding * - * @access protected * @param bool * @return string */ protected function _get_encoding($return = TRUE) { - $this->_encoding = ( ! in_array($this->_encoding, $this->_bit_depths)) ? '8bit' : $this->_encoding; + in_array($this->_encoding, $this->_bit_depths) OR $this->_encoding = '8bit'; foreach ($this->_base_charsets as $charset) { @@ -659,7 +626,6 @@ class CI_Email { /** * Get content type (text/html/attachment) * - * @access protected * @return string */ protected function _get_content_type() @@ -687,17 +653,16 @@ class CI_Email { /** * Set RFC 822 Date * - * @access protected * @return string */ protected function _set_date() { - $timezone = date("Z"); + $timezone = date('Z'); $operator = (strncmp($timezone, '-', 1) === 0) ? '-' : '+'; $timezone = abs($timezone); $timezone = floor($timezone/3600) * 100 + ($timezone % 3600) / 60; - return sprintf("%s %s%04d", date("D, j M Y H:i:s"), $operator, $timezone); + return sprintf('%s %s%04d', date('D, j M Y H:i:s'), $operator, $timezone); } // -------------------------------------------------------------------- @@ -705,12 +670,11 @@ class CI_Email { /** * Mime message * - * @access protected * @return string */ protected function _get_mime_message() { - return "This is a multi-part message in MIME format.".$this->newline."Your email application may not support this format."; + return 'This is a multi-part message in MIME format.'.$this->newline.'Your email application may not support this format.'; } // -------------------------------------------------------------------- @@ -718,7 +682,6 @@ class CI_Email { /** * Validate Email Address * - * @access public * @param string * @return bool */ @@ -747,13 +710,12 @@ class CI_Email { /** * Email Validation * - * @access public * @param string * @return bool */ public function valid_email($address) { - return (bool) preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $address); + return (bool) preg_match('/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix', $address); } // -------------------------------------------------------------------- @@ -761,7 +723,6 @@ class CI_Email { /** * Clean Extended Email Address: Joe Smith <joe@smith.com> * - * @access public * @param string * @return string */ @@ -776,7 +737,7 @@ class CI_Email { foreach ($email as $addy) { - $clean_email[] = (preg_match( '/\<(.*)\>/', $addy, $match)) ? $match[1] : $addy; + $clean_email[] = preg_match('/\<(.*)\>/', $addy, $match) ? $match[1] : $addy; } return $clean_email; @@ -792,12 +753,11 @@ class CI_Email { * If the user hasn't specified his own alternative message * it creates one by stripping the HTML * - * @access protected * @return string */ protected function _get_alt_message() { - if ($this->alt_message != "") + if ($this->alt_message != '') { return $this->word_wrap($this->alt_message, '76'); } @@ -818,9 +778,8 @@ class CI_Email { /** * Word Wrap * - * @access public * @param string - * @param integer + * @param int * @return string */ public function word_wrap($str, $charlim = '') @@ -911,8 +870,6 @@ class CI_Email { /** * Build final headers * - * @access protected - * @param string * @return string */ protected function _build_headers() @@ -929,7 +886,6 @@ class CI_Email { /** * Write Headers as a string * - * @access protected * @return void */ protected function _write_headers() @@ -964,12 +920,11 @@ class CI_Email { /** * Build Final Body and attachments * - * @access protected * @return void */ protected function _build_message() { - if ($this->wordwrap === TRUE AND $this->mailtype !== 'html') + if ($this->wordwrap === TRUE && $this->mailtype !== 'html') { $this->_body = $this->word_wrap($this->_body); } @@ -1131,9 +1086,8 @@ class CI_Email { * Prepares string for Quoted-Printable Content-Transfer-Encoding * Refer to RFC 2045 http://www.ietf.org/rfc/rfc2045.txt * - * @access protected * @param string - * @param integer + * @param int * @return string */ protected function _prep_quoted_printable($str, $charlim = '') @@ -1203,9 +1157,7 @@ class CI_Email { } // get rid of extra CRLF tacked onto the end - $output = substr($output, 0, strlen($this->crlf) * -1); - - return $output; + return substr($output, 0, strlen($this->crlf) * -1); } // -------------------------------------------------------------------- @@ -1216,10 +1168,9 @@ class CI_Email { * Performs "Q Encoding" on a string for use in email headers. It's related * but not identical to quoted-printable, so it has its own method * - * @access public - * @param str - * @param bool // set to TRUE for processing From: headers - * @return str + * @param string + * @param bool set to TRUE for processing From: headers + * @return string */ protected function _prep_q_encoding($str, $from = FALSE) { @@ -1275,9 +1226,7 @@ class CI_Email { // wrap each line with the shebang, charset, and transfer encoding // the preceding space on successive lines is required for header "folding" - $str = trim(preg_replace('/^(.*)$/m', ' =?'.$this->charset.'?Q?$1?=', $str)); - - return $str; + return trim(preg_replace('/^(.*)$/m', ' =?'.$this->charset.'?Q?$1?=', $str)); } // -------------------------------------------------------------------- @@ -1285,7 +1234,6 @@ class CI_Email { /** * Send Email * - * @access public * @return bool */ public function send() @@ -1295,9 +1243,9 @@ class CI_Email { $this->reply_to($this->_headers['From']); } - if (( ! isset($this->_recipients) AND ! isset($this->_headers['To'])) AND - ( ! isset($this->_bcc_array) AND ! isset($this->_headers['Bcc'])) AND - ( ! isset($this->_headers['Cc']))) + if ( ! isset($this->_recipients) && ! isset($this->_headers['To']) + && ! isset($this->_bcc_array) && ! isset($this->_headers['Bcc']) + && ! isset($this->_headers['Cc'])) { $this->_set_error_message('lang:email_no_recipients'); return FALSE; @@ -1305,44 +1253,40 @@ class CI_Email { $this->_build_headers(); - if ($this->bcc_batch_mode AND count($this->_bcc_array) > $this->bcc_batch_size) + if ($this->bcc_batch_mode && count($this->_bcc_array) > $this->bcc_batch_size) { return $this->batch_bcc_send(); } $this->_build_message(); - return $this->_spool_email(); } // -------------------------------------------------------------------- /** - * Batch Bcc Send. Sends groups of BCCs in batches + * Batch Bcc Send. Sends groups of BCCs in batches * - * @access public - * @return bool + * @return void */ public function batch_bcc_send() { - $float = $this->bcc_batch_size -1; - - $set = ""; - + $float = $this->bcc_batch_size - 1; + $set = ''; $chunk = array(); for ($i = 0, $c = count($this->_bcc_array); $i < $c; $i++) { if (isset($this->_bcc_array[$i])) { - $set .= ", ".$this->_bcc_array[$i]; + $set .= ', '.$this->_bcc_array[$i]; } if ($i == $float) { $chunk[] = substr($set, 1); $float += $this->bcc_batch_size; - $set = ""; + $set = ''; } if ($i === $c-1) @@ -1359,7 +1303,7 @@ class CI_Email { if ($this->protocol !== 'smtp') { - $this->_set_header('Bcc', implode(", ", $bcc)); + $this->_set_header('Bcc', implode(', ', $bcc)); } else { @@ -1376,7 +1320,6 @@ class CI_Email { /** * Unwrap special elements * - * @access protected * @return void */ protected function _unwrap_specials() @@ -1389,7 +1332,6 @@ class CI_Email { /** * Strip line-breaks via callback * - * @access protected * @return string */ protected function _remove_nl_callback($matches) @@ -1407,7 +1349,6 @@ class CI_Email { /** * Spool mail to the mail server * - * @access protected * @return bool */ protected function _spool_email() @@ -1418,6 +1359,7 @@ class CI_Email { if ( ! $this->$method()) { $this->_set_error_message('lang:email_send_failure_' . ($this->_get_protocol() === 'mail' ? 'phpmail' : $this->_get_protocol())); + return FALSE; } $this->_set_error_message('lang:email_sent', $this->_get_protocol()); @@ -1429,7 +1371,6 @@ class CI_Email { /** * Send using mail() * - * @access protected * @return bool */ protected function _send_with_mail() @@ -1451,7 +1392,6 @@ class CI_Email { /** * Send using Sendmail * - * @access protected * @return bool */ protected function _send_with_sendmail() @@ -1484,7 +1424,6 @@ class CI_Email { /** * Send using SMTP * - * @access protected * @return bool */ protected function _send_with_smtp() @@ -1495,8 +1434,10 @@ class CI_Email { return FALSE; } - $this->_smtp_connect(); - $this->_smtp_authenticate(); + if ( ! $this->_smtp_connect() OR ! $this->_smtp_authenticate()) + { + return FALSE; + } $this->_send_command('from', $this->clean_email($this->_headers['From'])); @@ -1553,7 +1494,6 @@ class CI_Email { /** * SMTP Connect * - * @access protected * @param string * @return string */ @@ -1597,7 +1537,6 @@ class CI_Email { /** * Send SMTP command * - * @access protected * @param string * @param string * @return string @@ -1670,7 +1609,6 @@ class CI_Email { /** * SMTP Authenticate * - * @access protected * @return bool */ protected function _smtp_authenticate() @@ -1680,7 +1618,7 @@ class CI_Email { return TRUE; } - if ($this->smtp_user == "" AND $this->smtp_pass == "") + if ($this->smtp_user == '' && $this->smtp_pass == '') { $this->_set_error_message('lang:email_no_smtp_unpw'); return FALSE; @@ -1724,7 +1662,6 @@ class CI_Email { /** * Send SMTP data * - * @access protected * @return bool */ protected function _send_data($data) @@ -1743,7 +1680,6 @@ class CI_Email { /** * Get SMTP data * - * @access protected * @return string */ protected function _get_smtp_data() @@ -1768,12 +1704,11 @@ class CI_Email { /** * Get Hostname * - * @access protected * @return string */ protected function _get_hostname() { - return (isset($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : 'localhost.localdomain'; + return isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost.localdomain'; } // -------------------------------------------------------------------- @@ -1781,7 +1716,6 @@ class CI_Email { /** * Get IP * - * @access protected * @return string */ protected function _get_ip() @@ -1791,13 +1725,13 @@ class CI_Email { return $this->_IP; } - $cip = (isset($_SERVER['HTTP_CLIENT_IP']) AND $_SERVER['HTTP_CLIENT_IP'] != "") ? $_SERVER['HTTP_CLIENT_IP'] : FALSE; - $rip = (isset($_SERVER['REMOTE_ADDR']) AND $_SERVER['REMOTE_ADDR'] != "") ? $_SERVER['REMOTE_ADDR'] : FALSE; + $cip = ( ! empty($_SERVER['HTTP_CLIENT_IP'])) ? $_SERVER['HTTP_CLIENT_IP'] : FALSE; + $rip = ( ! empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : FALSE; if ($cip) $this->_IP = $cip; elseif ($rip) $this->_IP = $rip; else { - $fip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND $_SERVER['HTTP_X_FORWARDED_FOR'] != "") ? $_SERVER['HTTP_X_FORWARDED_FOR'] : FALSE; + $fip = ( ! empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : FALSE; if ($fip) { $this->_IP = $fip; @@ -1810,7 +1744,7 @@ class CI_Email { $this->_IP = end($x); } - if ( ! preg_match( "/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", $this->_IP)) + if ( ! preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $this->_IP)) { $this->_IP = '0.0.0.0'; } @@ -1823,7 +1757,6 @@ class CI_Email { /** * Get Debug Message * - * @access public * @return string */ public function print_debugger() @@ -1838,8 +1771,7 @@ class CI_Email { } } - $msg .= "<pre>".$this->_header_str."\n".htmlspecialchars($this->_subject)."\n".htmlspecialchars($this->_finalbody).'</pre>'; - return $msg; + return $msg.'<pre>'.$this->_header_str."\n".htmlspecialchars($this->_subject)."\n".htmlspecialchars($this->_finalbody).'</pre>'; } // -------------------------------------------------------------------- @@ -1847,16 +1779,15 @@ class CI_Email { /** * Set Message * - * @access protected * @param string - * @return string + * @return void */ protected function _set_error_message($msg, $val = '') { $CI =& get_instance(); $CI->lang->load('email'); - if (substr($msg, 0, 5) !== 'lang:' || FALSE === ($line = $CI->lang->line(substr($msg, 5)))) + if (substr($msg, 0, 5) !== 'lang:' OR FALSE === ($line = $CI->lang->line(substr($msg, 5)))) { $this->_debug_msg[] = str_replace('%s', $val, $msg)."<br />"; } @@ -1871,13 +1802,13 @@ class CI_Email { /** * Mime Types * - * @access protected * @param string * @return string */ - protected function _mime_types($ext = "") + protected function _mime_types($ext = '') { - $mimes = array( 'hqx' => 'application/mac-binhex40', + $mimes = array( + 'hqx' => 'application/mac-binhex40', 'cpt' => 'application/mac-compactpro', 'doc' => 'application/msword', 'bin' => 'application/macbinary', @@ -1966,11 +1897,10 @@ class CI_Email { 'eml' => 'message/rfc822' ); - return ( ! isset($mimes[strtolower($ext)])) ? "application/x-unknown-content-type" : $mimes[strtolower($ext)]; + return isset($mimes[strtolower($ext)]) ? $mimes[strtolower($ext)] : 'application/x-unknown-content-type'; } } -// END CI_Email class /* End of file Email.php */ /* Location: ./system/libraries/Email.php */ diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 79414656f..f2f3712d9 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -47,10 +47,8 @@ class CI_Form_validation { protected $_error_suffix = '</p>'; protected $error_string = ''; protected $_safe_form_data = FALSE; + protected $validation_data = array(); - /** - * Constructor - */ public function __construct($rules = array()) { $this->CI =& get_instance(); @@ -109,7 +107,8 @@ class CI_Form_validation { public function set_rules($field, $label = '', $rules = '') { // No reason to set rules if we have no POST data - if (count($_POST) === 0) + // or a validation array has not been specified + if (count($_POST) === 0 && count($this->validation_data) === 0) { return $this; } @@ -186,10 +185,33 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * By default, form validation uses the $_POST array to validate + * + * If an array is set through this method, then this array will + * be used instead of the $_POST array + * + * Note that if you are validating multiple arrays, then the + * reset_validation() function should be called after validating + * each array due to the limitations of CI's singleton + * + * @param array $data + * @return void + */ + public function set_data($data = '') + { + if ( ! empty($data) && is_array($data)) + { + $this->validation_data = $data; + } + } + + // -------------------------------------------------------------------- + + /** * Set Error Message * * Lets users set their own error messages on the fly. Note: The key - * name has to match the function name that it corresponds to. + * name has to match the function name that it corresponds to. * * @param string * @param string @@ -259,6 +281,20 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * Get Array of Error Messages + * + * Returns the error messages as an array + * + * @return array + */ + public function error_array() + { + return $this->_error_array; + } + + // -------------------------------------------------------------------- + + /** * Error String * * Returns the error messages as a string, wrapped in the error delimiters @@ -310,7 +346,8 @@ class CI_Form_validation { public function run($group = '') { // Do we even have any data to process? Mm? - if (count($_POST) === 0) + $validation_array = ( ! empty($this->validation_data)) ? $this->validation_data : $_POST; + if (count($validation_array) === 0) { return FALSE; } @@ -352,18 +389,18 @@ class CI_Form_validation { // corresponding $_POST item and test for errors foreach ($this->_field_data as $field => $row) { - // Fetch the data from the corresponding $_POST array and cache it in the _field_data array. + // Fetch the data from the corresponding $_POST or validation array and cache it in the _field_data array. // Depending on whether the field name is an array or a string will determine where we get it from. if ($row['is_array'] === TRUE) { - $this->_field_data[$field]['postdata'] = $this->_reduce_array($_POST, $row['keys']); + $this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']); } else { - if (isset($_POST[$field]) AND $_POST[$field] != "") + if (isset($validation_array[$field]) AND $validation_array[$field] != "") { - $this->_field_data[$field]['postdata'] = $_POST[$field]; + $this->_field_data[$field]['postdata'] = $validation_array[$field]; } } @@ -727,11 +764,11 @@ class CI_Form_validation { * * @param string the field name * @param string - * @return void + * @return string */ public function set_value($field = '', $default = '') { - if ( ! isset($this->_field_data[$field])) + if ( ! isset($this->_field_data[$field], $this->_field_data[$field]['postdata'])) { return $default; } @@ -760,13 +797,9 @@ class CI_Form_validation { */ public function set_select($field = '', $value = '', $default = FALSE) { - if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) + if ( ! isset($this->_field_data[$field], $this->_field_data[$field]['postdata'])) { - if ($default === TRUE AND count($this->_field_data) === 0) - { - return ' selected="selected"'; - } - return ''; + return ($default === TRUE && count($this->_field_data) === 0) ? ' selected="selected"' : ''; } $field = $this->_field_data[$field]['postdata']; @@ -778,12 +811,9 @@ class CI_Form_validation { return ''; } } - else + elseif (($field == '' OR $value == '') OR ($field != $value)) { - if (($field == '' OR $value == '') OR ($field != $value)) - { - return ''; - } + return ''; } return ' selected="selected"'; @@ -803,13 +833,9 @@ class CI_Form_validation { */ public function set_radio($field = '', $value = '', $default = FALSE) { - if ( ! isset($this->_field_data[$field]) OR ! isset($this->_field_data[$field]['postdata'])) + if ( ! isset($this->_field_data[$field], $this->_field_data[$field]['postdata'])) { - if ($default === TRUE AND count($this->_field_data) === 0) - { - return ' checked="checked"'; - } - return ''; + return ($default === TRUE && count($this->_field_data) === 0) ? ' checked="checked"' : ''; } $field = $this->_field_data[$field]['postdata']; @@ -888,14 +914,13 @@ class CI_Form_validation { */ public function matches($str, $field) { - if ( ! isset($_POST[$field])) + $validation_array = ( ! empty($this->validation_data)) ? $this->validation_data : $_POST; + if ( ! isset($validation_array[$field])) { return FALSE; } - $field = $_POST[$field]; - - return ($str === $field); + return ($str === $validation_array[$field]); } // -------------------------------------------------------------------- @@ -932,7 +957,7 @@ class CI_Form_validation { */ public function min_length($str, $val) { - if (preg_match("/[^0-9]/", $val)) + if (preg_match('/[^0-9]/', $val)) { return FALSE; } @@ -956,7 +981,7 @@ class CI_Form_validation { */ public function max_length($str, $val) { - if (preg_match("/[^0-9]/", $val)) + if (preg_match('/[^0-9]/', $val)) { return FALSE; } @@ -980,7 +1005,7 @@ class CI_Form_validation { */ public function exact_length($str, $val) { - if (preg_match("/[^0-9]/", $val)) + if (preg_match('/[^0-9]/', $val)) { return FALSE; } @@ -1140,7 +1165,7 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** - * Greather than + * Greater than * * @param string * @return bool @@ -1155,6 +1180,24 @@ class CI_Form_validation { } // -------------------------------------------------------------------- + + /** + * Equal to or Greater than + * + * @access public + * @param string + * @return bool + */ + function greater_than_equal_to($str, $min) + { + if ( ! is_numeric($str)) + { + return FALSE; + } + return $str >= $min; + } + + // -------------------------------------------------------------------- /** * Less than @@ -1174,6 +1217,24 @@ class CI_Form_validation { // -------------------------------------------------------------------- /** + * Equal to or Less than + * + * @access public + * @param string + * @return bool + */ + function less_than_equal_to($str, $max) + { + if ( ! is_numeric($str)) + { + return FALSE; + } + return $str <= $max; + } + + // -------------------------------------------------------------------- + + /** * Is a Natural number (0,1,2,3, etc.) * * @param string @@ -1194,7 +1255,7 @@ class CI_Form_validation { */ public function is_natural_no_zero($str) { - return ($str != 0 AND preg_match('/^[0-9]+$/', $str)); + return ($str != 0 && preg_match('/^[0-9]+$/', $str)); } // -------------------------------------------------------------------- @@ -1241,7 +1302,7 @@ class CI_Form_validation { return $data; } - return str_replace(array("'", '"', '<', '>'), array("'", """, '<', '>'), stripslashes($data)); + return str_replace(array("'", '"', '<', '>'), array(''', '"', '<', '>'), stripslashes($data)); } // -------------------------------------------------------------------- @@ -1306,8 +1367,26 @@ class CI_Form_validation { return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); } + // -------------------------------------------------------------------- + + /** + * Reset validation vars + * + * Prevents subsequent validation routines from being affected by the + * results of any previous validation routine due to the CI singleton. + * + * @return void + */ + public function reset_validation() + { + $this->_field_data = array(); + $this->_config_rules = array(); + $this->_error_array = array(); + $this->_error_messages = array(); + $this->error_string = ''; + } + } -// END Form Validation Class /* End of file Form_validation.php */ /* Location: ./system/libraries/Form_validation.php */ diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index 5ea830fb1..9826eabdd 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -251,7 +251,7 @@ class CI_Image_lib { } else { - if (function_exists('realpath') && @realpath($this->new_image) !== FALSE) + if (strpos($this->new_image, '/') === FALSE AND strpos($this->new_image, '\\') === FALSE) { $full_dest_path = str_replace('\\', '/', realpath($this->new_image)); } diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index 89c616543..04216be5d 100644 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -270,7 +270,7 @@ class CI_Profiler { } $output .= "<tr><td style='width:50%;color:#000;background-color:#ddd;padding:5px'>$_GET[".$key."] </td><td style='width:50%;padding:5px;color:#cd6e00;font-weight:normal;background-color:#ddd;'>" - . (is_array($val) ? "<pre>" . htmlspecialchars(stripslashes(print_r($val, true))) . "</pre>" : htmlspecialchars(stripslashes($val))) + . ((is_array($val) OR is_object($val)) ? "<pre>" . htmlspecialchars(stripslashes(print_r($val, true))) . "</pre>" : htmlspecialchars(stripslashes($val))) . "</td></tr>\n"; } @@ -311,7 +311,7 @@ class CI_Profiler { } $output .= "<tr><td style='width:50%;padding:5px;color:#000;background-color:#ddd;'>$_POST[".$key."] </td><td style='width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;'>"; - if (is_array($val)) + if (is_array($val) OR is_object($val)) { $output .= "<pre>" . htmlspecialchars(stripslashes(print_r($val, TRUE))) . "</pre>"; } @@ -426,9 +426,9 @@ class CI_Profiler { . '<legend style="color:#000;"> '.$this->CI->lang->line('profiler_config').' (<span style="cursor: pointer;" onclick="var s=document.getElementById(\'ci_profiler_config_table\').style;s.display=s.display==\'none\'?\'\':\'none\';this.innerHTML=this.innerHTML==\''.$this->CI->lang->line('profiler_section_show').'\'?\''.$this->CI->lang->line('profiler_section_hide').'\':\''.$this->CI->lang->line('profiler_section_show').'\';">'.$this->CI->lang->line('profiler_section_show').'</span>)</legend>' . "\n\n\n<table style='width:100%; display:none' id='ci_profiler_config_table'>\n"; - foreach ($this->CI->config->config as $config=>$val) + foreach ($this->CI->config->config as $config => $val) { - if (is_array($val)) + if (is_array($val) OR is_object($val)) { $val = print_r($val, TRUE); } @@ -459,7 +459,7 @@ class CI_Profiler { foreach ($this->CI->session->all_userdata() as $key => $val) { - if (is_array($val) || is_object($val)) + if (is_array($val) OR is_object($val)) { $val = print_r($val, TRUE); } @@ -501,7 +501,5 @@ class CI_Profiler { } } -// END CI_Profiler class - /* End of file Profiler.php */ /* Location: ./system/libraries/Profiler.php */ diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 66b39a6a2..104b88810 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -219,7 +219,7 @@ class CI_Session { $this->CI->db->where('user_agent', $session['user_agent']); } - $query = $this->CI->db->get($this->sess_table_name); + $query = $this->CI->db->limit(1)->get($this->sess_table_name); // No result? Kill it! if ($query->num_rows() === 0) @@ -454,7 +454,7 @@ class CI_Session { */ public function userdata($item) { - return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item]; + return isset($this->userdata[$item]) ? $this->userdata[$item] : FALSE; } // -------------------------------------------------------------------- @@ -729,7 +729,7 @@ class CI_Session { */ protected function _unserialize($data) { - $data = @unserialize(strip_slashes($data)); + $data = @unserialize(strip_slashes(trim($data))); if (is_array($data)) { @@ -737,9 +737,11 @@ class CI_Session { return $data; } - return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data; + return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data; } + // -------------------------------------------------------------------- + /** * Unescape slashes * @@ -779,7 +781,7 @@ class CI_Session { { $expire = $this->now - $this->sess_expiration; - $this->CI->db->where("last_activity < {$expire}"); + $this->CI->db->where('last_activity < '.$expire); $this->CI->db->delete($this->sess_table_name); log_message('debug', 'Session garbage collection performed.'); diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 0c63886e7..89575c849 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * @@ -593,16 +593,17 @@ class CI_Upload { /** * Verify that the filetype is allowed * + * @param bool * @return bool */ public function is_allowed_filetype($ignore_mime = FALSE) { - if ($this->allowed_types == '*') + if ($this->allowed_types === '*') { return TRUE; } - if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) + if ( ! is_array($this->allowed_types) OR count($this->allowed_types) === 0) { $this->set_error('upload_no_file_types'); return FALSE; @@ -618,12 +619,9 @@ class CI_Upload { // Images get some additional checks $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); - if (in_array($ext, $image_types)) + if (in_array($ext, $image_types) && @getimagesize($this->file_temp) === FALSE) { - if (getimagesize($this->file_temp) === FALSE) - { - return FALSE; - } + return FALSE; } if ($ignore_mime === TRUE) @@ -640,7 +638,7 @@ class CI_Upload { return TRUE; } } - elseif ($mime == $this->file_type) + elseif ($mime === $this->file_type) { return TRUE; } @@ -960,7 +958,7 @@ class CI_Upload { } elseif (is_file(APPPATH.'config/mimes.php')) { - include(APPPATH.'config//mimes.php'); + include(APPPATH.'config/mimes.php'); } else { @@ -1026,47 +1024,104 @@ class CI_Upload { */ protected function _file_mime_type($file) { - // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) - if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) + // We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii) + $regexp = '/^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/'; + + /* Fileinfo extension - most reliable method + * + * Unfortunately, prior to PHP 5.3 - it's only available as a PECL extension and the + * more convenient FILEINFO_MIME_TYPE flag doesn't exist. + */ + if (function_exists('finfo_file')) { - $finfo = new finfo(FILEINFO_MIME_TYPE); - if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system + $finfo = finfo_open(FILEINFO_MIME); + if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system { - $file_type = $finfo->file($file['tmp_name']); + $mime = @finfo_file($finfo, $file['tmp_name']); + finfo_close($finfo); /* According to the comments section of the PHP manual page, * it is possible that this function returns an empty string * for some files (e.g. if they don't exist in the magic MIME database) */ - if (strlen($file_type) > 1) + if (is_string($mime) && preg_match($regexp, $mime, $matches)) { - $this->file_type = $file_type; + $this->file_type = $matches[1]; return; } } } - // Fall back to the deprecated mime_content_type(), if available - if (function_exists('mime_content_type')) - { - $this->file_type = @mime_content_type($file['tmp_name']); - return; - } - - /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type, - * which is still more secure than depending on the value of $_FILES[$field]['type']. + /* This is an ugly hack, but UNIX-type systems provide a "native" way to detect the file type, + * which is still more secure than depending on the value of $_FILES[$field]['type'], and as it + * was reported in issue #750 (https://github.com/EllisLab/CodeIgniter/issues/750) - it's better + * than mime_content_type() as well, hence the attempts to try calling the command line with + * three different functions. * * Notes: - * - a 'W' in the substr() expression bellow, would mean that we're using Windows - * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check + * - the DIRECTORY_SEPARATOR comparison ensures that we're not on a Windows system + * - many system admins would disable the exec(), shell_exec(), popen() and similar functions + * due to security concerns, hence the function_exists() checks */ - if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec')) + if (DIRECTORY_SEPARATOR !== '\\') + { + $cmd = 'file --brief --mime ' . escapeshellarg($file['tmp_name']) . ' 2>&1'; + + if (function_exists('exec')) + { + /* This might look confusing, as $mime is being populated with all of the output when set in the second parameter. + * However, we only neeed the last line, which is the actual return value of exec(), and as such - it overwrites + * anything that could already be set for $mime previously. This effectively makes the second parameter a dummy + * value, which is only put to allow us to get the return status code. + */ + $mime = @exec($cmd, $mime, $return_status); + if ($return_status === 0 && is_string($mime) && preg_match($regexp, $mime, $matches)) + { + $this->file_type = $matches[1]; + return; + } + } + + if ( (bool) @ini_get('safe_mode') === FALSE && function_exists('shell_exec')) + { + $mime = @shell_exec($cmd); + if (strlen($mime) > 0) + { + $mime = explode("\n", trim($mime)); + if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) + { + $this->file_type = $matches[1]; + return; + } + } + } + + if (function_exists('popen')) + { + $proc = @popen($cmd, 'r'); + if (is_resource($proc)) + { + $mime = @fread($proc, 512); + @pclose($proc); + if ($mime !== FALSE) + { + $mime = explode("\n", trim($mime)); + if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) + { + $this->file_type = $matches[1]; + return; + } + } + } + } + } + + // Fall back to the deprecated mime_content_type(), if available (still better than $_FILES[$field]['type']) + if (function_exists('mime_content_type')) { - $output = array(); - @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); - if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution + $this->file_type = @mime_content_type($file['tmp_name']); + if (strlen($this->file_type) > 0) // It's possible that mime_content_type() returns FALSE or an empty string { - $this->file_type = rtrim($output[0]); return; } } |