summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/core/Security.php14
-rw-r--r--system/database/DB_driver.php10
-rw-r--r--system/database/drivers/mssql/mssql_driver.php44
-rw-r--r--system/database/drivers/sqlsrv/sqlsrv_driver.php4
-rw-r--r--system/helpers/array_helper.php6
-rw-r--r--system/helpers/date_helper.php8
-rw-r--r--system/libraries/Session.php11
-rw-r--r--system/libraries/Xmlrpc.php23
8 files changed, 62 insertions, 58 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 227217e75..b22d2cf19 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -395,20 +395,20 @@ class CI_Security {
if (preg_match('/<a/i', $str))
{
- $str = preg_replace_callback('#<a\s+([^>]*?)(>|$)#si', array($this, '_js_link_removal'), $str);
+ $str = preg_replace_callback('#<a\s+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
}
if (preg_match('/<img/i', $str))
{
- $str = preg_replace_callback('#<img\s+([^>]*?)(\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
+ $str = preg_replace_callback('#<img\s+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
}
- if (preg_match('/(script|xss)/i', $str))
+ if (preg_match('/script|xss/i', $str))
{
- $str = preg_replace('#<(/*)(script|xss)(.*?)\>#si', '[removed]', $str);
+ $str = preg_replace('#</*(?:script|xss).*?>#si', '[removed]', $str);
}
}
- while($original !== $str);
+ while ($original !== $str);
unset($original);
@@ -683,7 +683,7 @@ class CI_Security {
protected function _js_link_removal($match)
{
return str_replace($match[1],
- preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
+ preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),
@@ -706,7 +706,7 @@ class CI_Security {
protected function _js_img_removal($match)
{
return str_replace($match[1],
- preg_replace('#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+ preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 380bbc301..334bdbd04 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -982,11 +982,15 @@ abstract class CI_DB_driver {
{
if (is_array($this->_escape_char))
{
- $preg_ec = array(preg_quote($this->_escape_char[0]), preg_quote($this->_escape_char[1]));
+ $preg_ec = array(
+ preg_quote($this->_escape_char[0]), preg_quote($this->_escape_char[1]),
+ $this->_escape_char[0], $this->_escape_char[1]
+ );
}
else
{
$preg_ec[0] = $preg_ec[1] = preg_quote($this->_escape_char);
+ $preg_ec[2] = $preg_ec[3] = $this->_escape_char;
}
}
@@ -994,11 +998,11 @@ abstract class CI_DB_driver {
{
if (strpos($item, '.'.$id) !== FALSE)
{
- return preg_replace('/'.$preg_ec[0].'?([^'.$preg_ec[1].'\.]+)'.$preg_ec[1].'?\./i', $preg_ec[0].'$1'.$preg_ec[1].'.', $item);
+ return preg_replace('/'.$preg_ec[0].'?([^'.$preg_ec[1].'\.]+)'.$preg_ec[1].'?\./i', $preg_ec[2].'$1'.$preg_ec[3].'.', $item);
}
}
- return preg_replace('/'.$preg_ec[0].'?([^'.$preg_ec[1].'\.]+)'.$preg_ec[1].'?(\.)?/i', $preg_ec[0].'$1'.$preg_ec[1].'$2', $item);
+ return preg_replace('/'.$preg_ec[0].'?([^'.$preg_ec[1].'\.]+)'.$preg_ec[1].'?(\.)?/i', $preg_ec[2].'$1'.$preg_ec[3].'$2', $item);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php
index 7634be2bb..3026b36dc 100644
--- a/system/database/drivers/mssql/mssql_driver.php
+++ b/system/database/drivers/mssql/mssql_driver.php
@@ -83,40 +83,16 @@ class CI_DB_mssql_driver extends CI_DB {
/**
* Non-persistent database connection
*
- * @return resource
- */
- public function db_connect()
- {
- return $this->_mssql_connect();
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Persistent database connection
- *
- * @return resource
- */
- public function db_pconnect()
- {
- return $this->_mssql_connect(TRUE);
- }
-
- // --------------------------------------------------------------------
-
- /*
- * MSSQL Connect
- *
* @param bool
* @return resource
*/
- protected function _mssql_connect($persistent = FALSE)
+ public function db_connect($persistent = FALSE)
{
- $conn_id = ($persistent)
+ $this->conn_id = ($persistent)
? @mssql_pconnect($this->hostname, $this->username, $this->password)
: @mssql_connect($this->hostname, $this->username, $this->password);
- if ( ! $conn_id)
+ if ( ! $this->conn_id)
{
return FALSE;
}
@@ -127,7 +103,19 @@ class CI_DB_mssql_driver extends CI_DB {
$this->_quoted_identifier = empty($query) ? FALSE : (bool) $query['qi'];
$this->_escape_char = ($this->_quoted_identifier) ? '"' : array('[', ']');
- return $conn_id;
+ return $this->conn_id;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Persistent database connection
+ *
+ * @return resource
+ */
+ public function db_pconnect()
+ {
+ return $this->db_connect(TRUE);
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/sqlsrv/sqlsrv_driver.php b/system/database/drivers/sqlsrv/sqlsrv_driver.php
index 4fdc4aae0..12482dee0 100644
--- a/system/database/drivers/sqlsrv/sqlsrv_driver.php
+++ b/system/database/drivers/sqlsrv/sqlsrv_driver.php
@@ -86,7 +86,7 @@ class CI_DB_sqlsrv_driver extends CI_DB {
unset($connection['UID'], $connection['PWD']);
}
- $conn_id = sqlsrv_connect($this->hostname, $connection);
+ $this->conn_id = sqlsrv_connect($this->hostname, $connection);
// Determine how identifiers are escaped
$query = $this->query('SELECT CASE WHEN (@@OPTIONS | 256) = @@OPTIONS THEN 1 ELSE 0 END AS qi');
@@ -94,7 +94,7 @@ class CI_DB_sqlsrv_driver extends CI_DB {
$this->_quoted_identifier = empty($query) ? FALSE : (bool) $query['qi'];
$this->_escape_char = ($this->_quoted_identifier) ? '"' : array('[', ']');
- return $conn_id;
+ return $this->conn_id;
}
// --------------------------------------------------------------------
diff --git a/system/helpers/array_helper.php b/system/helpers/array_helper.php
index 6a7c8e3c7..5d0243951 100644
--- a/system/helpers/array_helper.php
+++ b/system/helpers/array_helper.php
@@ -43,14 +43,14 @@ if ( ! function_exists('element'))
* Element
*
* Lets you determine whether an array index is set and whether it has a value.
- * If the element is empty it returns FALSE (or whatever you specify as the default value.)
+ * If the element is empty it returns NULL (or whatever you specify as the default value.)
*
* @param string
* @param array
* @param mixed
* @return mixed depends on what the array contains
*/
- function element($item, $array, $default = FALSE)
+ function element($item, $array, $default = NULL)
{
return empty($array[$item]) ? $default : $array[$item];
}
@@ -87,7 +87,7 @@ if ( ! function_exists('elements'))
* @param mixed
* @return mixed depends on what the array contains
*/
- function elements($items, $array, $default = FALSE)
+ function elements($items, $array, $default = NULL)
{
$return = array();
diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php
index fc790c585..9637e26ce 100644
--- a/system/helpers/date_helper.php
+++ b/system/helpers/date_helper.php
@@ -124,16 +124,16 @@ if ( ! function_exists('standard_date'))
function standard_date($fmt = 'DATE_RFC822', $time = '')
{
$formats = array(
- 'DATE_ATOM' => '%Y-%m-%dT%H:%i:%s%O',
+ 'DATE_ATOM' => '%Y-%m-%dT%H:%i:%s%P',
'DATE_COOKIE' => '%l, %d-%M-%y %H:%i:%s UTC',
- 'DATE_ISO8601' => '%Y-%m-%dT%H:%i:%s%O',
+ 'DATE_ISO8601' => '%Y-%m-%dT%H:%i:%s%P',
'DATE_RFC822' => '%D, %d %M %y %H:%i:%s %O',
'DATE_RFC850' => '%l, %d-%M-%y %H:%i:%s UTC',
'DATE_RFC1036' => '%D, %d %M %y %H:%i:%s %O',
'DATE_RFC1123' => '%D, %d %M %Y %H:%i:%s %O',
- 'DATE_RFC2822' => '%D, %d %M %Y %H:%i:%s %O',
+ 'DATE_RFC2822' => '%r',
'DATE_RSS' => '%D, %d %M %Y %H:%i:%s %O',
- 'DATE_W3C' => '%Y-%m-%dT%H:%i:%s%O'
+ 'DATE_W3C' => '%Y-%m-%dT%H:%i:%s%P'
);
return isset($formats[$fmt]) ? mdate($formats[$fmt], $time) : FALSE;
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 72a942b8a..af38dc366 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -155,12 +155,6 @@ class CI_Session {
*/
public $time_reference = 'local';
- /**
- * Probablity level of garbage collection of old sessions
- *
- * @var int
- */
- public $gc_probability = 5;
/**
* Session data
@@ -940,8 +934,11 @@ class CI_Session {
return;
}
+ $probability = ini_get('session.gc_probability');
+ $divisor = ini_get('session.gc_divisor');
+
srand(time());
- if ((rand() % 100) < $this->gc_probability)
+ if ((mt_rand(0, $divisor) / $divisor) < $probability)
{
$expire = $this->now - $this->sess_expiration;
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index eac4ac118..cbb91c40a 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -174,7 +174,7 @@ class CI_Xmlrpc {
* @param int port
* @return void
*/
- public function server($url, $port = 80)
+ public function server($url, $port = 80, $proxy = FALSE, $proxy_port = 8080)
{
if (strpos($url, 'http') !== 0)
{
@@ -190,7 +190,7 @@ class CI_Xmlrpc {
$path .= '?'.$parts['query'];
}
- $this->client = new XML_RPC_Client($path, $parts['host'], $port);
+ $this->client = new XML_RPC_Client($path, $parts['host'], $port, $proxy, $proxy_port);
}
// --------------------------------------------------------------------
@@ -385,6 +385,8 @@ class XML_RPC_Client extends CI_Xmlrpc
public $path = '';
public $server = '';
public $port = 80;
+ public $proxy = FALSE;
+ public $proxy_port = 8080;
public $errno = '';
public $errstring = '';
public $timeout = 5;
@@ -398,13 +400,15 @@ class XML_RPC_Client extends CI_Xmlrpc
* @param int
* @return void
*/
- public function __construct($path, $server, $port = 80)
+ public function __construct($path, $server, $port = 80, $proxy = FALSE, $proxy_port = 8080)
{
parent::__construct();
$this->port = $port;
$this->server = $server;
$this->path = $path;
+ $this->proxy = $proxy;
+ $this->proxy_port = $proxy_port;
}
// --------------------------------------------------------------------
@@ -436,7 +440,18 @@ class XML_RPC_Client extends CI_Xmlrpc
*/
public function sendPayload($msg)
{
- $fp = @fsockopen($this->server, $this->port,$this->errno, $this->errstring, $this->timeout);
+ if ($this->proxy === FALSE)
+ {
+ $server = $this->server;
+ $port = $this->port;
+ }
+ else
+ {
+ $server = $this->proxy;
+ $port = $this->proxy_port;
+ }
+
+ $fp = @fsockopen($server, $port, $this->errno, $this->errstring, $this->timeout);
if ( ! is_resource($fp))
{