diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/core/Common.php | 15 | ||||
-rw-r--r-- | system/core/Loader.php | 2 | ||||
-rw-r--r-- | system/database/DB_driver.php | 1 | ||||
-rw-r--r-- | system/database/drivers/oci8/oci8_driver.php | 8 | ||||
-rw-r--r-- | system/libraries/Cache/drivers/Cache_memcached.php | 2 | ||||
-rw-r--r-- | system/libraries/Email.php | 6 | ||||
-rw-r--r-- | system/libraries/Form_validation.php | 2 | ||||
-rw-r--r-- | system/libraries/Parser.php | 4 | ||||
-rw-r--r-- | system/libraries/Profiler.php | 2 | ||||
-rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 9 | ||||
-rw-r--r-- | system/libraries/Session/drivers/Session_native.php | 6 | ||||
-rw-r--r-- | system/libraries/Upload.php | 31 |
12 files changed, 60 insertions, 28 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index cad340f33..93cd0a0ae 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -346,7 +346,20 @@ if ( ! function_exists('is_https')) */ function is_https() { - return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on'); + if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') + { + return TRUE; + } + elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') + { + return TRUE; + } + elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') + { + return TRUE; + } + + return FALSE; } } diff --git a/system/core/Loader.php b/system/core/Loader.php index 49bd641b1..70a6b6fa6 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -955,7 +955,7 @@ class CI_Loader { // Is this a class extension request? if (file_exists($subclass)) { - $baseclass = BASEPATH.'libraries/'.$class.'.php'; + $baseclass = BASEPATH.'libraries/'.$subdir.$class.'.php'; if ( ! file_exists($baseclass)) { diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 593d78ba4..425657e17 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -561,7 +561,6 @@ abstract class CI_DB_driver { if ($sql === '') { log_message('error', 'Invalid query: '.$sql); - return ($this->db_debug) ? $this->display_error('db_invalid_query') : FALSE; } elseif ( ! is_bool($return_object)) diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 0ec8b53b8..93e62b4dd 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -327,12 +327,8 @@ class CI_DB_oci8_driver extends CI_DB { { if ($package === '' OR $procedure === '' OR ! is_array($params)) { - if ($this->db_debug) - { - log_message('error', 'Invalid query: '.$package.'.'.$procedure); - return $this->display_error('db_invalid_query'); - } - return FALSE; + log_message('error', 'Invalid query: '.$package.'.'.$procedure); + return ($this->db_debug) ? $this->display_error('db_invalid_query') : FALSE; } // build the query string diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php index 246a7a264..f04483d2c 100644 --- a/system/libraries/Cache/drivers/Cache_memcached.php +++ b/system/libraries/Cache/drivers/Cache_memcached.php @@ -196,7 +196,7 @@ class CI_Cache_memcached extends CI_Driver { return FALSE; } - foreach ($this->_memcache_conf as $name => $cache_server) + foreach ($this->_memcache_conf as $cache_server) { if ( ! array_key_exists('hostname', $cache_server)) { diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 10253c796..46ffaa1d4 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -739,7 +739,7 @@ class CI_Email { */ public function set_header($header, $value) { - $this->_headers[$header] = $value; + $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value); } // -------------------------------------------------------------------- @@ -1275,7 +1275,7 @@ class CI_Email { if ($this->send_multipart === FALSE) { $hdr .= 'Content-Type: text/html; charset='.$this->charset.$this->newline - .'Content-Transfer-Encoding: quoted-printable'; + .'Content-Transfer-Encoding: quoted-printable'.$this->newline.$this->newline; } else { @@ -2140,7 +2140,7 @@ class CI_Email { if (in_array('headers', $include, TRUE)) { - $raw_data = $this->_header_str."\n"; + $raw_data = htmlspecialchars($this->_header_str)."\n"; } if (in_array('subject', $include, TRUE)) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 1ed50844c..40ba01202 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1405,7 +1405,7 @@ class CI_Form_validation { */ public function valid_base64($str) { - return ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str); + return (base64_encode(base64_decode($str)) === $str); } // -------------------------------------------------------------------- diff --git a/system/libraries/Parser.php b/system/libraries/Parser.php index 1c26bd2b2..c1f1ad73b 100644 --- a/system/libraries/Parser.php +++ b/system/libraries/Parser.php @@ -38,14 +38,14 @@ defined('BASEPATH') OR exit('No direct script access allowed'); class CI_Parser { /** - * Left delimeter character for psuedo vars + * Left delimiter character for pseudo vars * * @var string */ public $l_delim = '{'; /** - * Right delimeter character for psuedo vars + * Right delimiter character for pseudo vars * * @var string */ diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index 7ce56931c..ed64f0a59 100644 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -447,7 +447,7 @@ class CI_Profiler { .' (<span style="cursor: pointer;" onclick="var s=document.getElementById(\'ci_profiler_httpheaders_table\').style;s.display=s.display==\'none\'?\'\':\'none\';this.innerHTML=this.innerHTML==\''.$this->CI->lang->line('profiler_section_show').'\'?\''.$this->CI->lang->line('profiler_section_hide').'\':\''.$this->CI->lang->line('profiler_section_show').'\';">'.$this->CI->lang->line('profiler_section_show')."</span>)</legend>\n\n\n" .'<table style="width:100%;display:none;" id="ci_profiler_httpheaders_table">'."\n"; - foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR') as $header) + foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR', 'HTTP_DNT') as $header) { $val = isset($_SERVER[$header]) ? $_SERVER[$header] : ''; $output .= '<tr><td style="vertical-align:top;width:50%;padding:5px;color:#900;background-color:#ddd;">' diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 7174d63c8..d3d22d03a 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -402,6 +402,7 @@ class CI_Session_cookie extends CI_Session_driver { // Is the session data we unserialized an array with the correct format? if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity'])) { + log_message('debug', 'Session: Wrong cookie data format'); $this->sess_destroy(); return FALSE; } @@ -409,6 +410,7 @@ class CI_Session_cookie extends CI_Session_driver { // Is the session current? if (($session['last_activity'] + $this->sess_expiration) < $this->now OR $session['last_activity'] > $this->now) { + log_message('debug', 'Session: Expired'); $this->sess_destroy(); return FALSE; } @@ -416,6 +418,7 @@ class CI_Session_cookie extends CI_Session_driver { // Does the IP match? if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $this->CI->input->ip_address()) { + log_message('debug', 'Session: IP address mismatch'); $this->sess_destroy(); return FALSE; } @@ -424,6 +427,7 @@ class CI_Session_cookie extends CI_Session_driver { if ($this->sess_match_useragent === TRUE && trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120))) { + log_message('debug', 'Session: User Agent string mismatch'); $this->sess_destroy(); return FALSE; } @@ -459,6 +463,7 @@ class CI_Session_cookie extends CI_Session_driver { // No result? Kill it! if (empty($query) OR $query->num_rows() === 0) { + log_message('debug', 'Session: No match found in our database'); $this->sess_destroy(); return FALSE; } @@ -498,6 +503,8 @@ class CI_Session_cookie extends CI_Session_driver { 'last_activity' => $this->now, ); + log_message('debug', 'Session: Creating new session ('.$this->userdata['session_id'].')'); + // Check for database if ($this->sess_use_database === TRUE) { @@ -536,6 +543,8 @@ class CI_Session_cookie extends CI_Session_driver { { // Get new id $this->userdata['session_id'] = $this->_make_sess_id(); + + log_message('debug', 'Session: Regenerate ID'); } // Check for database diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php index fb5ce1906..c237ad059 100644 --- a/system/libraries/Session/drivers/Session_native.php +++ b/system/libraries/Session/drivers/Session_native.php @@ -117,18 +117,21 @@ class CI_Session_native extends CI_Session_driver { if (isset($_SESSION['last_activity']) && (($_SESSION['last_activity'] + $expire) < $now OR $_SESSION['last_activity'] > $now)) { // Expired - destroy + log_message('debug', 'Session: Expired'); $destroy = TRUE; } elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address']) && $_SESSION['ip_address'] !== $this->CI->input->ip_address()) { // IP doesn't match - destroy + log_message('debug', 'Session: IP address mismatch'); $destroy = TRUE; } elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent']) && $_SESSION['user_agent'] !== trim(substr($this->CI->input->user_agent(), 0, 50))) { // Agent doesn't match - destroy + log_message('debug', 'Session: User Agent string mismatch'); $destroy = TRUE; } @@ -145,9 +148,10 @@ class CI_Session_native extends CI_Session_driver { && ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now) { // Changing the session ID amidst a series of AJAX calls causes problems - if( ! $this->CI->input->is_ajax_request()) + if ( ! $this->CI->input->is_ajax_request()) { // Regenerate ID, but don't destroy session + log_message('debug', 'Session: Regenerate ID'); $this->sess_regenerate(FALSE); } } diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 7c48b4294..85428044d 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -136,6 +136,13 @@ class CI_Upload { public $file_ext = ''; /** + * Force filename extension to lowercase + * + * @var string + */ + public $file_ext_tolower = FALSE; + + /** * Upload path * * @var string @@ -294,6 +301,7 @@ class CI_Upload { 'file_type' => '', 'file_size' => NULL, 'file_ext' => '', + 'file_ext_tolower' => FALSE, 'upload_path' => '', 'overwrite' => FALSE, 'encrypt_name' => FALSE, @@ -965,7 +973,14 @@ class CI_Upload { public function get_extension($filename) { $x = explode('.', $filename); - return (count($x) !== 1) ? '.'.end($x) : ''; + + if (count($x) === 1) + { + return ''; + } + + $ext = ($this->file_ext_tolower) ? strtolower(end($x)) : end($x); + return '.'.$ext; } // -------------------------------------------------------------------- @@ -1075,18 +1090,14 @@ class CI_Upload { $CI =& get_instance(); $CI->lang->load('upload'); - if (is_array($msg)) + if ( ! is_array($msg)) { - foreach ($msg as $val) - { - $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val); - $this->error_msg[] = $msg; - log_message('error', $msg); - } + $msg = array($msg); } - else + + foreach ($msg as $val) { - $msg = ($CI->lang->line($msg) === FALSE) ? $msg : $CI->lang->line($msg); + $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val); $this->error_msg[] = $msg; log_message('error', $msg); } |