summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/core/Loader.php2
-rwxr-xr-xsystem/core/Security.php39
-rw-r--r--system/database/DB_active_rec.php2
-rw-r--r--system/database/DB_driver.php22
-rw-r--r--system/database/DB_result.php6
-rw-r--r--system/database/drivers/oci8/oci8_result.php15
-rw-r--r--system/database/drivers/odbc/odbc_driver.php7
-rw-r--r--system/database/drivers/odbc/odbc_result.php71
-rw-r--r--system/database/drivers/postgre/postgre_driver.php10
-rw-r--r--system/libraries/Session.php10
10 files changed, 122 insertions, 62 deletions
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 12daaa928..20cf7ef33 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -833,7 +833,7 @@ class CI_Loader {
// If the PHP installation does not support short tags we'll
// do a little string replacement, changing the short tags
// to standard PHP echo statements.
- if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE)
+ if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE)
{
echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace('<?=', '<?php echo ', file_get_contents($_ci_path))));
}
diff --git a/system/core/Security.php b/system/core/Security.php
index 1007f61f4..6f25fb5bb 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -25,8 +25,6 @@
* @filesource
*/
-// ------------------------------------------------------------------------
-
/**
* Security Class
*
@@ -106,23 +104,27 @@ class CI_Security {
public function __construct()
{
- // CSRF config
- foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
+ // Is CSRF protection enabled?
+ if (config_item('csrf_protection') === TRUE)
{
- if (FALSE !== ($val = config_item($key)))
+ // CSRF config
+ foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
{
- $this->{'_'.$key} = $val;
+ if (FALSE !== ($val = config_item($key)))
+ {
+ $this->{'_'.$key} = $val;
+ }
}
- }
- // Append application specific cookie prefix
- if (config_item('cookie_prefix'))
- {
- $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
- }
+ // Append application specific cookie prefix
+ if (config_item('cookie_prefix'))
+ {
+ $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
+ }
- // Set the CSRF hash
- $this->_csrf_set_hash();
+ // Set the CSRF hash
+ $this->_csrf_set_hash();
+ }
log_message('debug', 'Security Class Initialized');
}
@@ -189,7 +191,7 @@ class CI_Security {
$expire = time() + $this->_csrf_expire;
$secure_cookie = (bool) config_item('cookie_secure');
- if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS']))
+ if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off'))
{
return FALSE;
}
@@ -358,7 +360,7 @@ class CI_Security {
foreach ($words as $word)
{
- $word = implode("\s*", str_split($word)) . "\s*";
+ $word = implode('\s*', str_split($word)).'\s*';
// We only want to do this when it is followed by a non-word character
// That way valid stuff like "dealer to" does not become "dealerto"
@@ -425,7 +427,6 @@ class CI_Security {
'\\1\\2&#40;\\3&#41;',
$str);
-
// Final clean up
// This adds a bit of extra precaution in case
// something got through the above filters
@@ -601,7 +602,7 @@ class CI_Security {
}
// find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
@@ -633,7 +634,7 @@ class CI_Security {
{
return '&lt;'.$matches[1].$matches[2].$matches[3] // encode opening brace
// encode captured opening or closing brace to prevent recursive vectors:
- . str_replace(array('>', '<'), array('&gt;', '&lt;'), $matches[4]);
+ .str_replace(array('>', '<'), array('&gt;', '&lt;'), $matches[4]);
}
// --------------------------------------------------------------------
diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php
index eaae23f30..f648e5591 100644
--- a/system/database/DB_active_rec.php
+++ b/system/database/DB_active_rec.php
@@ -341,7 +341,7 @@ class CI_DB_active_record extends CI_DB_driver {
$this->_track_aliases($table);
// Strip apart the condition and protect the identifiers
- if (preg_match('/([\w\.]+)([\W\s]+)(.+)/', $cond, $match))
+ if (preg_match('/([\[\w\.]+)([\W\s]+)(.+)/', $cond, $match))
{
$cond = $this->_protect_identifiers($match[1]).$match[2].$this->_protect_identifiers($match[3]);
}
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index e403efb9f..a61450d4c 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -77,12 +77,6 @@ class CI_DB_driver {
var $_protect_identifiers = TRUE;
var $_reserved_identifiers = array('*'); // Identifiers that should NOT be escaped
- // These are use with Oracle
- var $stmt_id;
- var $curs_id;
- var $limit_used;
-
-
/**
* Constructor. Accepts one parameter containing the database
* connection settings.
@@ -396,21 +390,9 @@ class CI_DB_driver {
}
// Load and instantiate the result driver
+ $driver = $this->load_rdriver();
+ $RES = new $driver($this);
- $driver = $this->load_rdriver();
- $RES = new $driver();
- $RES->conn_id = $this->conn_id;
- $RES->result_id = $this->result_id;
-
- if ($this->dbdriver == 'oci8')
- {
- $RES->stmt_id = $this->stmt_id;
- $RES->curs_id = NULL;
- $RES->limit_used = $this->limit_used;
- $this->stmt_id = FALSE;
- }
-
- // oci8 vars must be set before calling this
$RES->num_rows = $RES->num_rows();
// Is query caching enabled? If so, we'll serialize the
diff --git a/system/database/DB_result.php b/system/database/DB_result.php
index 730443222..61aa56121 100644
--- a/system/database/DB_result.php
+++ b/system/database/DB_result.php
@@ -47,6 +47,12 @@ class CI_DB_result {
public $num_rows = 0;
public $row_data = NULL;
+ public function __construct(&$driver_object)
+ {
+ $this->conn_id = $driver_object->conn_id;
+ $this->result_id = $driver_object->result_id;
+ }
+
/**
* Query result. Acts as a wrapper function for the following functions.
*
diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php
index 0f69fa9ef..383b9f1a0 100644
--- a/system/database/drivers/oci8/oci8_result.php
+++ b/system/database/drivers/oci8/oci8_result.php
@@ -38,9 +38,18 @@
*/
class CI_DB_oci8_result extends CI_DB_result {
- var $stmt_id;
- var $curs_id;
- var $limit_used;
+ public $stmt_id;
+ public $curs_id;
+ public $limit_used;
+
+ public function __construct(&$driver_object)
+ {
+ parent::__construct($driver_object);
+ $this->stmt_id = $driver_object->stmt_id;
+ $this->curs_id = $driver_object->curs_id;
+ $this->limit_used = $driver_object->limit_used;
+ $driver_object->stmt_id = FALSE;
+ }
/**
* Number of rows in the result set.
diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php
index 779b0c62f..a6e08cf2f 100644
--- a/system/database/drivers/odbc/odbc_driver.php
+++ b/system/database/drivers/odbc/odbc_driver.php
@@ -287,12 +287,11 @@ class CI_DB_odbc_driver extends CI_DB {
/**
* Insert ID
*
- * @access public
- * @return integer
+ * @return bool
*/
- function insert_id()
+ public function insert_id()
{
- return @odbc_insert_id($this->conn_id);
+ return ($this->db->db_debug) ? $this->db->display_error('db_unsuported_feature') : FALSE;
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/odbc/odbc_result.php b/system/database/drivers/odbc/odbc_result.php
index 572e110ca..de2c58cb9 100644
--- a/system/database/drivers/odbc/odbc_result.php
+++ b/system/database/drivers/odbc/odbc_result.php
@@ -245,8 +245,77 @@ class CI_DB_odbc_result extends CI_DB_result {
return $rs_assoc;
}
-}
+ // --------------------------------------------------------------------
+
+ /**
+ * Query result. Array version.
+ *
+ * @return array
+ */
+ public function result_array()
+ {
+ if (count($this->result_array) > 0)
+ {
+ return $this->result_array;
+ }
+ elseif (($c = count($this->result_object)) > 0)
+ {
+ for ($i = 0; $i < $c; $i++)
+ {
+ $this->result_array[$i] = (array) $this->result_object[$i];
+ }
+ }
+ elseif ($this->result_id === FALSE)
+ {
+ return array();
+ }
+ else
+ {
+ while ($row = $this->_fetch_assoc())
+ {
+ $this->result_array[] = $row;
+ }
+ }
+ return $this->result_array;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Query result. Object version.
+ *
+ * @return array
+ */
+ public function result_object()
+ {
+ if (count($this->result_object) > 0)
+ {
+ return $this->result_object;
+ }
+ elseif (($c = count($this->result_array)) > 0)
+ {
+ for ($i = 0; $i < $c; $i++)
+ {
+ $this->result_object[$i] = (object) $this->result_array[$i];
+ }
+ }
+ elseif ($this->result_id === FALSE)
+ {
+ return array();
+ }
+ else
+ {
+ while ($row = $this->_fetch_object())
+ {
+ $this->result_object[] = $row;
+ }
+ }
+
+ return $this->result_object;
+ }
+
+}
/* End of file odbc_result.php */
/* Location: ./system/database/drivers/odbc/odbc_result.php */
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index df0f50da5..5b248e9bc 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -587,16 +587,10 @@ class CI_DB_postgre_driver extends CI_DB {
$valstr[] = $key." = ".$val;
}
- $limit = ( ! $limit) ? '' : ' LIMIT '.$limit;
-
- $orderby = (count($orderby) >= 1)?' ORDER BY '.implode(", ", $orderby):'';
-
$sql = "UPDATE ".$table." SET ".implode(', ', $valstr);
$sql .= ($where != '' AND count($where) >=1) ? " WHERE ".implode(" ", $where) : '';
- $sql .= $orderby.$limit;
-
return $sql;
}
@@ -647,9 +641,7 @@ class CI_DB_postgre_driver extends CI_DB {
$conditions .= implode("\n", $like);
}
- $limit = ( ! $limit) ? '' : ' LIMIT '.$limit;
-
- return "DELETE FROM ".$table.$conditions.$limit;
+ return "DELETE FROM ".$table.$conditions;
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index dd50a91e1..104b88810 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -454,7 +454,7 @@ class CI_Session {
*/
public function userdata($item)
{
- return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];
+ return isset($this->userdata[$item]) ? $this->userdata[$item] : FALSE;
}
// --------------------------------------------------------------------
@@ -729,7 +729,7 @@ class CI_Session {
*/
protected function _unserialize($data)
{
- $data = @unserialize(strip_slashes($data));
+ $data = @unserialize(strip_slashes(trim($data)));
if (is_array($data))
{
@@ -737,9 +737,11 @@ class CI_Session {
return $data;
}
- return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
+ return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data;
}
+ // --------------------------------------------------------------------
+
/**
* Unescape slashes
*
@@ -779,7 +781,7 @@ class CI_Session {
{
$expire = $this->now - $this->sess_expiration;
- $this->CI->db->where("last_activity < {$expire}");
+ $this->CI->db->where('last_activity < '.$expire);
$this->CI->db->delete($this->sess_table_name);
log_message('debug', 'Session garbage collection performed.');