summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/core/Common.php2
-rw-r--r--system/core/Security.php3
-rw-r--r--system/libraries/Cart.php4
-rw-r--r--system/libraries/Encrypt.php2
-rw-r--r--system/libraries/Session/drivers/Session_cookie.php3
-rw-r--r--system/libraries/Upload.php15
6 files changed, 13 insertions, 16 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index efa7a9380..b4f0c388e 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -92,7 +92,7 @@ if ( ! function_exists('is_really_writable'))
*/
if (is_dir($file))
{
- $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100));
+ $file = rtrim($file, '/').'/'.md5(mt_rand());
if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE)
{
return FALSE;
diff --git a/system/core/Security.php b/system/core/Security.php
index 7aae54efc..196d61144 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -488,8 +488,7 @@ class CI_Security {
{
if ($this->_xss_hash === '')
{
- mt_srand();
- $this->_xss_hash = md5(time() + mt_rand(0, 1999999999));
+ $this->_xss_hash = md5(uniqid(mt_rand()));
}
return $this->_xss_hash;
diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php
index b7b0697fb..edc300bd7 100644
--- a/system/libraries/Cart.php
+++ b/system/libraries/Cart.php
@@ -51,7 +51,7 @@ class CI_Cart {
*
* @var string
*/
- public $product_name_rules = '\.\:\-_ a-z0-9';
+ public $product_name_rules = '\w \-\.\:';
/**
* only allow safe product names
@@ -214,7 +214,7 @@ class CI_Cart {
// Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods.
// Note: These can be user-specified by setting the $this->product_name_rules variable.
- if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i', $items['name']))
+ if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $items['name']))
{
log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces');
return FALSE;
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php
index c6a1cb175..8ac5420de 100644
--- a/system/libraries/Encrypt.php
+++ b/system/libraries/Encrypt.php
@@ -244,7 +244,7 @@ class CI_Encrypt {
$rand = '';
do
{
- $rand .= mt_rand(0, mt_getrandmax());
+ $rand .= mt_rand();
}
while (strlen($rand) < 32);
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 0e8644102..7174d63c8 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -641,7 +641,7 @@ class CI_Session_cookie extends CI_Session_driver {
$new_sessid = '';
do
{
- $new_sessid .= mt_rand(0, mt_getrandmax());
+ $new_sessid .= mt_rand();
}
while (strlen($new_sessid) < 32);
@@ -832,7 +832,6 @@ class CI_Session_cookie extends CI_Session_driver {
$probability = ini_get('session.gc_probability');
$divisor = ini_get('session.gc_divisor');
- srand(time());
if ((mt_rand(0, $divisor) / $divisor) < $probability)
{
$expire = $this->now - $this->sess_expiration;
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 1c14f99ed..7c48b4294 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -366,25 +366,25 @@ class CI_Upload {
switch ($error)
{
- case 1: // UPLOAD_ERR_INI_SIZE
+ case UPLOAD_ERR_INI_SIZE:
$this->set_error('upload_file_exceeds_limit');
break;
- case 2: // UPLOAD_ERR_FORM_SIZE
+ case UPLOAD_ERR_FORM_SIZE:
$this->set_error('upload_file_exceeds_form_limit');
break;
- case 3: // UPLOAD_ERR_PARTIAL
+ case UPLOAD_ERR_PARTIAL:
$this->set_error('upload_file_partial');
break;
- case 4: // UPLOAD_ERR_NO_FILE
+ case UPLOAD_ERR_NO_FILE:
$this->set_error('upload_no_file_selected');
break;
- case 6: // UPLOAD_ERR_NO_TMP_DIR
+ case UPLOAD_ERR_NO_TMP_DIR:
$this->set_error('upload_no_temp_directory');
break;
- case 7: // UPLOAD_ERR_CANT_WRITE
+ case UPLOAD_ERR_CANT_WRITE:
$this->set_error('upload_unable_to_write_file');
break;
- case 8: // UPLOAD_ERR_EXTENSION
+ case UPLOAD_ERR_EXTENSION:
$this->set_error('upload_stopped_by_extension');
break;
default:
@@ -604,7 +604,6 @@ class CI_Upload {
{
if ($this->encrypt_name === TRUE)
{
- mt_srand();
$filename = md5(uniqid(mt_rand())).$this->file_ext;
}