11 files changed, 80 insertions, 100 deletions
diff --git a/system/core/Input.php b/system/core/Input.php
index f6397e35b..cbb185a8d 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -521,7 +521,7 @@ class CI_Input {
 						$netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr));
 						for ($j = 0; $j < 8; $j++)
 						{
-							$netaddr[$i] = intval($netaddr[$j], 16);
+							$netaddr[$j] = intval($netaddr[$j], 16);
 						}
 					}
 					else
diff --git a/system/core/Loader.php b/system/core/Loader.php
index d2c350816..1111481b7 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -591,15 +591,21 @@ class CI_Loader {
 	 */
 	public function helper($helpers = array())
 	{
-		foreach ($this->_ci_prep_filename($helpers, '_helper') as $helper)
+		is_array($helpers) OR $helpers = array($helpers);
+		foreach ($helpers as &$helper)
 		{
+			$filename = basename($helper);
+			$filepath = ($filename === $helper) ? '' : substr($helper, 0, strlen($helper) - strlen($filename));
+			$filename = strtolower(preg_replace('#(_helper)?(.php)?$#i', '', $filename)).'_helper';
+			$helper   = $filepath.$filename;
+
 			if (isset($this->_ci_helpers[$helper]))
 			{
 				continue;
 			}
 
 			// Is this a helper extension request?
-			$ext_helper = config_item('subclass_prefix').$helper;
+			$ext_helper = config_item('subclass_prefix').$filename;
 			$ext_loaded = FALSE;
 			foreach ($this->_ci_helper_paths as $path)
 			{
@@ -1404,34 +1410,4 @@ class CI_Loader {
 		$CI =& get_instance();
 		return $CI->$component;
 	}
-
-	// --------------------------------------------------------------------
-
-	/**
-	 * Prep filename
-	 *
-	 * This function prepares filenames of various items to
-	 * make their loading more reliable.
-	 *
-	 * @param	string|string[]	$filename	Filename(s)
-	 * @param 	string		$extension	Filename extension
-	 * @return	array
-	 */
-	protected function _ci_prep_filename($filename, $extension)
-	{
-		if ( ! is_array($filename))
-		{
-			return array(strtolower(str_replace(array($extension, '.php'), '', $filename).$extension));
-		}
-		else
-		{
-			foreach ($filename as $key => $val)
-			{
-				$filename[$key] = strtolower(str_replace(array($extension, '.php'), '', $val).$extension);
-			}
-
-			return $filename;
-		}
-	}
-
 }
diff --git a/system/core/Output.php b/system/core/Output.php
index 7921a54ef..94a6340e7 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -311,11 +311,12 @@ class CI_Output {
 			return NULL;
 		}
 
-		for ($i = 0, $c = count($headers); $i < $c; $i++)
+		// Count backwards, in order to get the last matching header
+		for ($c = count($headers) - 1; $c > -1; $c--)
 		{
-			if (strncasecmp($header, $headers[$i], $l = self::strlen($header)) === 0)
+			if (strncasecmp($header, $headers[$c], $l = self::strlen($header)) === 0)
 			{
-				return trim(self::substr($headers[$i], $l+1));
+				return trim(self::substr($headers[$c], $l+1));
 			}
 		}
 
diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php
index 5f1fcf07e..0606a4562 100644
--- a/system/helpers/date_helper.php
+++ b/system/helpers/date_helper.php
@@ -496,6 +496,7 @@ if ( ! function_exists('nice_date'))
 	 * Turns many "reasonably-date-like" strings into something
 	 * that is actually useful. This only works for dates after unix epoch.
 	 *
+	 * @deprecated	3.1.3	Use DateTime::createFromFormat($input_format, $input)->format($output_format);
 	 * @param	string	The terribly formatted date-like string
 	 * @param	string	Date format to return (same as php date function)
 	 * @return	string
@@ -529,9 +530,9 @@ if ( ! function_exists('nice_date'))
 		}
 
 		// Date Like: YYYYMMDD
-		if (preg_match('/^(\d{2})\d{2}(\d{4})$/i', $bad_date, $matches))
+		if (preg_match('/^\d{8}$/i', $bad_date, $matches))
 		{
-			return date($format, strtotime($matches[1].'/01/'.$matches[2]));
+			return DateTime::createFromFormat('Ymd', $bad_date)->format($format);
 		}
 
 		// Date Like: MM-DD-YYYY __or__ M-D-YYYY (or anything in between)
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 525a1277e..162cc7777 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -1878,7 +1878,7 @@ class CI_Email {
 		// is popen() enabled?
 		if ( ! function_usable('popen')
 			OR FALSE === ($fp = @popen(
-						$this->mailpath.' -oi -f '.$this->clean_email($this->_headers['From']).' -t'
+						$this->mailpath.' -oi -f '.escapeshellarg($this->clean_email($this->_headers['From'])).' -t'
 						, 'w'))
 		) // server probably has popen disabled, so nothing we can do to get a verbose error.
 		{
diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php
index 7ec8ba365..06cdde0b8 100644
--- a/system/libraries/Image_lib.php
+++ b/system/libraries/Image_lib.php
@@ -886,7 +886,7 @@ class CI_Image_lib {
 			}
 		}
 
-		$cmd .= escapeshellarg($this->full_src_path).' '.escapeshellarg($this->full_dst_path).' 2>&1';
+		$cmd .= ' '.escapeshellarg($this->full_src_path).' '.escapeshellarg($this->full_dst_path).' 2>&1';
 
 		$retval = 1;
 		// exec() might be disabled
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index cb152f91f..2f5241256 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -208,8 +208,12 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 		// Prevent previous QB calls from messing with our queries
 		$this->_db->reset_query();
 
+		if ($this->_lock === FALSE)
+		{
+			return $this->_fail();
+		}
 		// Was the ID regenerated?
-		if ($session_id !== $this->_session_id)
+		elseif ($session_id !== $this->_session_id)
 		{
 			if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
 			{
@@ -219,10 +223,6 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 			$this->_row_exists = FALSE;
 			$this->_session_id = $session_id;
 		}
-		elseif ($this->_lock === FALSE)
-		{
-			return $this->_fail();
-		}
 
 		if ($this->_row_exists === FALSE)
 		{
@@ -354,7 +354,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 	{
 		if ($this->_platform === 'mysql')
 		{
-			$arg = $session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : '');
+			$arg = md5($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''));
 			if ($this->_db->query("SELECT GET_LOCK('".$arg."', 300) AS ci_session_lock")->row()->ci_session_lock)
 			{
 				$this->_lock = $arg;
@@ -417,4 +417,4 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 
 		return parent::_release_lock();
 	}
-}
-\ No newline at end of file
+}
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index 99b4d1baa..eb1dcd3d8 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -186,7 +186,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 	 */
 	public function write($session_id, $session_data)
 	{
-		if ( ! isset($this->_memcached))
+		if ( ! isset($this->_memcached, $this->_lock_key))
 		{
 			return $this->_fail();
 		}
@@ -202,28 +202,25 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 			$this->_session_id = $session_id;
 		}
 
-		if (isset($this->_lock_key))
-		{
-			$key = $this->_key_prefix.$session_id;
-
-			$this->_memcached->replace($this->_lock_key, time(), 300);
-			if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
-			{
-				if ($this->_memcached->set($key, $session_data, $this->_config['expiration']))
-				{
-					$this->_fingerprint = $fingerprint;
-					return $this->_success;
-				}
+		$key = $this->_key_prefix.$session_id;
 
-				return $this->_fail();
-			}
-			elseif (
-				$this->_memcached->touch($key, $this->_config['expiration'])
-				OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
-			)
+		$this->_memcached->replace($this->_lock_key, time(), 300);
+		if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
+		{
+			if ($this->_memcached->set($key, $session_data, $this->_config['expiration']))
 			{
+				$this->_fingerprint = $fingerprint;
 				return $this->_success;
 			}
+
+			return $this->_fail();
+		}
+		elseif (
+			$this->_memcached->touch($key, $this->_config['expiration'])
+			OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
+		)
+		{
+			return $this->_success;
 		}
 
 		return $this->_fail();
@@ -375,4 +372,4 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 
 		return TRUE;
 	}
-}
-\ No newline at end of file
+}
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index 592f1ff6c..233b15619 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -223,7 +223,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 	 */
 	public function write($session_id, $session_data)
 	{
-		if ( ! isset($this->_redis))
+		if ( ! isset($this->_redis, $this->_lock_key))
 		{
 			return $this->_fail();
 		}
@@ -239,27 +239,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 			$this->_session_id = $session_id;
 		}
 
-		if (isset($this->_lock_key))
+		$this->_redis->setTimeout($this->_lock_key, 300);
+		if ($this->_fingerprint !== ($fingerprint = md5($session_data)) OR $this->_key_exists === FALSE)
 		{
-			$this->_redis->setTimeout($this->_lock_key, 300);
-			if ($this->_fingerprint !== ($fingerprint = md5($session_data)) OR $this->_key_exists === FALSE)
+			if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
 			{
-				if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
-				{
-					$this->_fingerprint = $fingerprint;
-					$this->_key_exists = TRUE;
-					return $this->_success;
-				}
-
-				return $this->_fail();
+				$this->_fingerprint = $fingerprint;
+				$this->_key_exists = TRUE;
+				return $this->_success;
 			}
 
-			return ($this->_redis->setTimeout($this->_key_prefix.$session_id, $this->_config['expiration']))
-				? $this->_success
-				: $this->_fail();
+			return $this->_fail();
 		}
 
-		return $this->_fail();
+		return ($this->_redis->setTimeout($this->_key_prefix.$session_id, $this->_config['expiration']))
+			? $this->_success
+			: $this->_fail();
 	}
 
 	// ------------------------------------------------------------------------
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 23fd02ead..778ed6892 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -1218,21 +1218,31 @@ class CI_Upload {
 		// We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii)
 		$regexp = '/^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/';
 
-		// Fileinfo extension - most reliable method
-		$finfo = @finfo_open(FILEINFO_MIME);
-		if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system
+		/**
+		 * Fileinfo extension - most reliable method
+		 *
+		 * Apparently XAMPP, CentOS, cPanel and who knows what
+		 * other PHP distribution channels EXPLICITLY DISABLE
+		 * ext/fileinfo, which is otherwise enabled by default
+		 * since PHP 5.3 ...
+		 */
+		if (function_exists('finfo_file'))
 		{
-			$mime = @finfo_file($finfo, $file['tmp_name']);
-			finfo_close($finfo);
-
-			/* According to the comments section of the PHP manual page,
-			 * it is possible that this function returns an empty string
-			 * for some files (e.g. if they don't exist in the magic MIME database)
-			 */
-			if (is_string($mime) && preg_match($regexp, $mime, $matches))
+			$finfo = @finfo_open(FILEINFO_MIME);
+			if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system
 			{
-				$this->file_type = $matches[1];
-				return;
+				$mime = @finfo_file($finfo, $file['tmp_name']);
+				finfo_close($finfo);
+
+				/* According to the comments section of the PHP manual page,
+				 * it is possible that this function returns an empty string
+				 * for some files (e.g. if they don't exist in the magic MIME database)
+				 */
+				if (is_string($mime) && preg_match($regexp, $mime, $matches))
+				{
+					$this->file_type = $matches[1];
+					return;
+				}
 			}
 		}
 
diff --git a/system/libraries/Xmlrpcs.php b/system/libraries/Xmlrpcs.php
index afcdbe68c..f343a7ec0 100644
--- a/system/libraries/Xmlrpcs.php
+++ b/system/libraries/Xmlrpcs.php
@@ -339,11 +339,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc {
 		//-------------------------------------
 
 		$method_parts = explode('.', $this->methods[$methName]['function']);
-		$objectCall = (isset($method_parts[1]) && $method_parts[1] !== '');
+		$objectCall   = ! empty($method_parts[1]);
 
 		if ($system_call === TRUE)
 		{
-			if ( ! is_callable(array($this,$method_parts[1])))
+			if ( ! is_callable(array($this, $method_parts[1])))
 			{
 				return new XML_RPC_Response(0, $this->xmlrpcerr['unknown_method'], $this->xmlrpcstr['unknown_method']);
 			}
@@ -400,11 +400,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc {
 			}
 			elseif ($this->object === FALSE)
 			{
-				return get_instance()->$method_parts[1]($m);
+				return get_instance()->{$method_parts[1]}($m);
 			}
 			else
 			{
-				return $this->object->$method_parts[1]($m);
+				return $this->object->{$method_parts[1]}($m);
 			}
 		}
 		else