summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/core/Common.php23
-rw-r--r--system/core/Input.php33
-rw-r--r--system/core/Loader.php6
-rw-r--r--system/core/Log.php4
-rw-r--r--system/database/DB_driver.php2
-rw-r--r--system/libraries/Email.php22
-rw-r--r--system/libraries/Form_validation.php2
-rw-r--r--system/libraries/Profiler.php2
-rw-r--r--system/libraries/Upload.php31
9 files changed, 78 insertions, 47 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index b4f0c388e..93cd0a0ae 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -346,7 +346,20 @@ if ( ! function_exists('is_https'))
*/
function is_https()
{
- return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on');
+ if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
+ {
+ return TRUE;
+ }
+ elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+ {
+ return TRUE;
+ }
+ elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
+ {
+ return TRUE;
+ }
+
+ return FALSE;
}
}
@@ -424,12 +437,12 @@ if ( ! function_exists('log_message'))
* We use this as a simple mechanism to access the logging
* class and send messages to be logged.
*
- * @param string
- * @param string
- * @param bool
+ * @param string the error level: 'error', 'debug' or 'info'
+ * @param string the error message
+ * @param bool whether the error is a native PHP error
* @return void
*/
- function log_message($level = 'error', $message, $php_error = FALSE)
+ function log_message($level, $message, $php_error = FALSE)
{
static $_log, $_log_threshold;
diff --git a/system/core/Input.php b/system/core/Input.php
index 6690b7f2e..0ef81128e 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -790,31 +790,30 @@ class CI_Input {
*/
public function request_headers($xss_clean = FALSE)
{
+ // If header is already defined, return it immediately
+ if ( ! empty($this->headers))
+ {
+ return $this->headers;
+ }
+
// In Apache, you can simply call apache_request_headers()
if (function_exists('apache_request_headers'))
{
- $headers = apache_request_headers();
+ return $this->headers = apache_request_headers();
}
- else
- {
- $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE');
- foreach ($_SERVER as $key => $val)
- {
- if (sscanf($key, 'HTTP_%s', $header) === 1)
- {
- $headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
- }
- }
- }
+ $this->headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE');
- // take SOME_HEADER and turn it into Some-Header
- foreach ($headers as $key => $val)
+ foreach ($_SERVER as $key => $val)
{
- $key = str_replace(array('_', '-'), ' ', strtolower($key));
- $key = str_replace(' ', '-', ucwords($key));
+ if (sscanf($key, 'HTTP_%s', $header) === 1)
+ {
+ // take SOME_HEADER and turn it into Some-Header
+ $header = str_replace('_', ' ', strtolower($header));
+ $header = str_replace(' ', '-', ucwords($header));
- $this->headers[$key] = $val;
+ $this->headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
+ }
}
return $this->headers;
diff --git a/system/core/Loader.php b/system/core/Loader.php
index d4e63231c..70a6b6fa6 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -658,7 +658,7 @@ class CI_Loader {
return FALSE;
}
- if ( ! class_exists('CI_Driver_Library'))
+ if ( ! class_exists('CI_Driver_Library', FALSE))
{
// We aren't instantiating an object here, just making the base class available
require BASEPATH.'libraries/Driver.php';
@@ -713,7 +713,7 @@ class CI_Loader {
*
* Return a list of all package paths.
*
- * @param bool $include_base Whether to include BASEPATH (default: TRUE)
+ * @param bool $include_base Whether to include BASEPATH (default: FALSE)
* @return array
*/
public function get_package_paths($include_base = FALSE)
@@ -955,7 +955,7 @@ class CI_Loader {
// Is this a class extension request?
if (file_exists($subclass))
{
- $baseclass = BASEPATH.'libraries/'.$class.'.php';
+ $baseclass = BASEPATH.'libraries/'.$subdir.$class.'.php';
if ( ! file_exists($baseclass))
{
diff --git a/system/core/Log.php b/system/core/Log.php
index a84d3dc22..e4d72b544 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -138,12 +138,12 @@ class CI_Log {
*
* Generally this function will be called using the global log_message() function
*
- * @param string the error level
+ * @param string the error level: 'error', 'debug' or 'info'
* @param string the error message
* @param bool whether the error is a native PHP error
* @return bool
*/
- public function write_log($level = 'error', $msg, $php_error = FALSE)
+ public function write_log($level, $msg, $php_error = FALSE)
{
if ($this->_enabled === FALSE)
{
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 9239dc154..593d78ba4 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -704,7 +704,7 @@ abstract class CI_DB_driver {
{
$driver = 'CI_DB_'.$this->dbdriver.'_result';
- if ( ! class_exists($driver))
+ if ( ! class_exists($driver, FALSE))
{
include_once(BASEPATH.'database/DB_result.php');
include_once(BASEPATH.'database/drivers/'.$this->dbdriver.'/'.$this->dbdriver.'_result.php');
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index a745d331d..46ffaa1d4 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -739,7 +739,7 @@ class CI_Email {
*/
public function set_header($header, $value)
{
- $this->_headers[$header] = $value;
+ $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value);
}
// --------------------------------------------------------------------
@@ -1236,7 +1236,7 @@ class CI_Email {
/**
* Build Final Body and attachments
*
- * @return void
+ * @return bool
*/
protected function _build_message()
{
@@ -1275,7 +1275,7 @@ class CI_Email {
if ($this->send_multipart === FALSE)
{
$hdr .= 'Content-Type: text/html; charset='.$this->charset.$this->newline
- .'Content-Transfer-Encoding: quoted-printable';
+ .'Content-Transfer-Encoding: quoted-printable'.$this->newline.$this->newline;
}
else
{
@@ -1401,7 +1401,7 @@ class CI_Email {
$body .= implode($this->newline, $attachment).$this->newline.'--'.$this->_atc_boundary.'--';
$this->_finalbody = ($this->_get_protocol() === 'mail') ? $body : $hdr.$body;
- return;
+ return TRUE;
}
// --------------------------------------------------------------------
@@ -1606,7 +1606,11 @@ class CI_Email {
return $result;
}
- $this->_build_message();
+ if ($this->_build_message() === FALSE)
+ {
+ return FALSE;
+ }
+
$result = $this->_spool_email();
if ($result && $auto_clear)
@@ -1665,7 +1669,11 @@ class CI_Email {
$this->_bcc_array = $bcc;
}
- $this->_build_message();
+ if ($this->_build_message() === FALSE)
+ {
+ return FALSE;
+ }
+
$this->_spool_email();
}
}
@@ -2132,7 +2140,7 @@ class CI_Email {
if (in_array('headers', $include, TRUE))
{
- $raw_data = $this->_header_str."\n";
+ $raw_data = htmlspecialchars($this->_header_str)."\n";
}
if (in_array('subject', $include, TRUE))
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 1ed50844c..40ba01202 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1405,7 +1405,7 @@ class CI_Form_validation {
*/
public function valid_base64($str)
{
- return ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str);
+ return (base64_encode(base64_decode($str)) === $str);
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index 3c7ce5406..0c60efb8b 100644
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -447,7 +447,7 @@ class CI_Profiler {
.'&nbsp;&nbsp;(<span style="cursor: pointer;" onclick="var s=document.getElementById(\'ci_profiler_httpheaders_table\').style;s.display=s.display==\'none\'?\'\':\'none\';this.innerHTML=this.innerHTML==\''.$this->CI->lang->line('profiler_section_show').'\'?\''.$this->CI->lang->line('profiler_section_hide').'\':\''.$this->CI->lang->line('profiler_section_show').'\';">'.$this->CI->lang->line('profiler_section_show')."</span>)</legend>\n\n\n"
.'<table style="width:100%;display:none;" id="ci_profiler_httpheaders_table">'."\n";
- foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR') as $header)
+ foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR', 'HTTP_DNT') as $header)
{
$val = isset($_SERVER[$header]) ? $_SERVER[$header] : '';
$output .= '<tr><td style="vertical-align:top;width:50%;padding:5px;color:#900;background-color:#ddd;">'
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 7c48b4294..85428044d 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -136,6 +136,13 @@ class CI_Upload {
public $file_ext = '';
/**
+ * Force filename extension to lowercase
+ *
+ * @var string
+ */
+ public $file_ext_tolower = FALSE;
+
+ /**
* Upload path
*
* @var string
@@ -294,6 +301,7 @@ class CI_Upload {
'file_type' => '',
'file_size' => NULL,
'file_ext' => '',
+ 'file_ext_tolower' => FALSE,
'upload_path' => '',
'overwrite' => FALSE,
'encrypt_name' => FALSE,
@@ -965,7 +973,14 @@ class CI_Upload {
public function get_extension($filename)
{
$x = explode('.', $filename);
- return (count($x) !== 1) ? '.'.end($x) : '';
+
+ if (count($x) === 1)
+ {
+ return '';
+ }
+
+ $ext = ($this->file_ext_tolower) ? strtolower(end($x)) : end($x);
+ return '.'.$ext;
}
// --------------------------------------------------------------------
@@ -1075,18 +1090,14 @@ class CI_Upload {
$CI =& get_instance();
$CI->lang->load('upload');
- if (is_array($msg))
+ if ( ! is_array($msg))
{
- foreach ($msg as $val)
- {
- $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val);
- $this->error_msg[] = $msg;
- log_message('error', $msg);
- }
+ $msg = array($msg);
}
- else
+
+ foreach ($msg as $val)
{
- $msg = ($CI->lang->line($msg) === FALSE) ? $msg : $CI->lang->line($msg);
+ $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val);
$this->error_msg[] = $msg;
log_message('error', $msg);
}
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-11-10 11:21:31 +0100