summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rwxr-xr-xsystem/core/CodeIgniter.php2
-rwxr-xr-xsystem/core/Common.php2
-rwxr-xr-xsystem/core/Config.php12
-rwxr-xr-xsystem/core/Input.php71
-rwxr-xr-xsystem/core/Security.php51
-rwxr-xr-xsystem/database/drivers/oci8/oci8_result.php10
-rw-r--r--system/database/drivers/pdo/pdo_result.php23
-rwxr-xr-xsystem/libraries/Cache/drivers/Cache_file.php11
-rw-r--r--system/libraries/Migration.php32
-rwxr-xr-xsystem/libraries/Profiler.php2
-rwxr-xr-xsystem/libraries/Session.php7
11 files changed, 106 insertions, 117 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index cd3333331..c16c79c09 100755
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -33,7 +33,7 @@
* @var string
*
*/
- define('CI_VERSION', '2.1.2');
+ define('CI_VERSION', '2.1.3');
/**
* CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
diff --git a/system/core/Common.php b/system/core/Common.php
index d79375475..07534c51f 100755
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -187,7 +187,7 @@ if ( ! function_exists('load_class'))
*/
if ( ! function_exists('is_loaded'))
{
- function is_loaded($class = '')
+ function &is_loaded($class = '')
{
static $_is_loaded = array();
diff --git a/system/core/Config.php b/system/core/Config.php
index 714c4667b..5dffbf3f2 100755
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -99,12 +99,12 @@ class CI_Config {
$found = FALSE;
$loaded = FALSE;
+ $check_locations = defined('ENVIRONMENT')
+ ? array(ENVIRONMENT.'/'.$file, $file)
+ : array($file);
+
foreach ($this->_config_paths as $path)
{
- $check_locations = defined('ENVIRONMENT')
- ? array(ENVIRONMENT.'/'.$file, $file)
- : array($file);
-
foreach ($check_locations as $location)
{
$file_path = $path.'config/'.$location.'.php';
@@ -168,7 +168,7 @@ class CI_Config {
{
return FALSE;
}
- show_error('The configuration file '.$file.'.php'.' does not exist.');
+ show_error('The configuration file '.$file.'.php does not exist.');
}
return TRUE;
@@ -279,7 +279,7 @@ class CI_Config {
*/
function base_url($uri = '')
{
- return $this->slash_item('base_url').ltrim($this->_uri_string($uri),'/');
+ return $this->slash_item('base_url').ltrim($this->_uri_string($uri), '/');
}
// -------------------------------------------------------------
diff --git a/system/core/Input.php b/system/core/Input.php
index 3559d8607..0c1f2b08e 100755
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -73,13 +73,13 @@ class CI_Input {
*/
protected $headers = array();
-
/**
* Constructor
*
* Sets whether to globally enable the XSS processing
* and whether to allow the $_GET array
*
+ * @return void
*/
public function __construct()
{
@@ -306,50 +306,49 @@ class CI_Input {
/**
* Fetch the IP Address
*
- * @access public
* @return string
*/
- function ip_address()
+ public function ip_address()
{
if ($this->ip_address !== FALSE)
{
return $this->ip_address;
}
- if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
+ $proxy_ips = config_item('proxy_ips');
+ if ( ! empty($proxy_ips))
{
- $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY);
- $proxies = is_array($proxies) ? $proxies : array($proxies);
+ $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips));
+ foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header)
+ {
+ if (($spoof = $this->server($header)) !== FALSE)
+ {
+ // Some proxies typically list the whole chain of IP
+ // addresses through which the client has reached us.
+ // e.g. client_ip, proxy_ip1, proxy_ip2, etc.
+ if (strpos($spoof, ',') !== FALSE)
+ {
+ $spoof = explode(',', $spoof, 2);
+ $spoof = $spoof[0];
+ }
- $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
- }
- elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
- {
- $this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
- }
- elseif ($this->server('REMOTE_ADDR'))
- {
- $this->ip_address = $_SERVER['REMOTE_ADDR'];
- }
- elseif ($this->server('HTTP_CLIENT_IP'))
- {
- $this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
- }
- elseif ($this->server('HTTP_X_FORWARDED_FOR'))
- {
- $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
+ if ( ! $this->valid_ip($spoof))
+ {
+ $spoof = FALSE;
+ }
+ else
+ {
+ break;
+ }
+ }
+ }
- if ($this->ip_address === FALSE)
- {
- $this->ip_address = '0.0.0.0';
- return $this->ip_address;
+ $this->ip_address = ($spoof !== FALSE && in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE))
+ ? $spoof : $_SERVER['REMOTE_ADDR'];
}
-
- if (strpos($this->ip_address, ',') !== FALSE)
+ else
{
- $x = explode(',', $this->ip_address);
- $this->ip_address = trim(end($x));
+ $this->ip_address = $_SERVER['REMOTE_ADDR'];
}
if ( ! $this->valid_ip($this->ip_address))
@@ -642,8 +641,8 @@ class CI_Input {
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
- // CSRF Protection check
- if ($this->_enable_csrf == TRUE)
+ // CSRF Protection check on HTTP requests
+ if ($this->_enable_csrf == TRUE && ! $this->is_cli_request())
{
$this->security->csrf_verify();
}
@@ -837,11 +836,11 @@ class CI_Input {
*
* Test to see if a request was made from the command line
*
- * @return boolean
+ * @return bool
*/
public function is_cli_request()
{
- return (php_sapi_name() == 'cli') or defined('STDIN');
+ return (php_sapi_name() === 'cli' OR defined('STDIN'));
}
}
diff --git a/system/core/Security.php b/system/core/Security.php
index 7af240ded..00089d765 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -98,26 +98,32 @@ class CI_Security {
/**
* Constructor
+ *
+ * @return void
*/
public function __construct()
{
- // CSRF config
- foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
+ // Is CSRF protection enabled?
+ if (config_item('csrf_protection') === TRUE)
{
- if (FALSE !== ($val = config_item($key)))
+ // CSRF config
+ foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
{
- $this->{'_'.$key} = $val;
+ if (FALSE !== ($val = config_item($key)))
+ {
+ $this->{'_'.$key} = $val;
+ }
}
- }
- // Append application specific cookie prefix
- if (config_item('cookie_prefix'))
- {
- $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
- }
+ // Append application specific cookie prefix
+ if (config_item('cookie_prefix'))
+ {
+ $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name;
+ }
- // Set the CSRF hash
- $this->_csrf_set_hash();
+ // Set the CSRF hash
+ $this->_csrf_set_hash();
+ }
log_message('debug', "Security Class Initialized");
}
@@ -131,15 +137,14 @@ class CI_Security {
*/
public function csrf_verify()
{
- // If no POST data exists we will set the CSRF cookie
- if (count($_POST) == 0)
+ // If it's not a POST request we will set the CSRF cookie
+ if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST')
{
return $this->csrf_set_cookie();
}
// Do the tokens exist in both the _POST and _COOKIE arrays?
- if ( ! isset($_POST[$this->_csrf_token_name]) OR
- ! isset($_COOKIE[$this->_csrf_cookie_name]))
+ if ( ! isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]))
{
$this->csrf_show_error();
}
@@ -159,7 +164,7 @@ class CI_Security {
$this->_csrf_set_hash();
$this->csrf_set_cookie();
- log_message('debug', "CSRF token verified ");
+ log_message('debug', 'CSRF token verified');
return $this;
}
@@ -176,14 +181,9 @@ class CI_Security {
$expire = time() + $this->_csrf_expire;
$secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
- if ($secure_cookie)
+ if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off'))
{
- $req = isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] : FALSE;
-
- if ( ! $req OR $req == 'off')
- {
- return FALSE;
- }
+ return FALSE;
}
setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
@@ -871,7 +871,6 @@ class CI_Security {
}
}
-// END Security Class
/* End of file Security.php */
-/* Location: ./system/libraries/Security.php */
+/* Location: ./system/libraries/Security.php */ \ No newline at end of file
diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php
index ae133d7b5..3421278a5 100755
--- a/system/database/drivers/oci8/oci8_result.php
+++ b/system/database/drivers/oci8/oci8_result.php
@@ -26,9 +26,9 @@
*/
class CI_DB_oci8_result extends CI_DB_result {
- var $stmt_id;
- var $curs_id;
- var $limit_used;
+ public $stmt_id;
+ public $curs_id;
+ public $limit_used;
/**
* Number of rows in the result set.
@@ -36,8 +36,6 @@ class CI_DB_oci8_result extends CI_DB_result {
* Oracle doesn't have a graceful way to retun the number of rows
* so we have to use what amounts to a hack.
*
- *
- * @access public
* @return integer
*/
public function num_rows()
@@ -53,7 +51,7 @@ class CI_DB_oci8_result extends CI_DB_result {
}
}
- return $rowcount;
+ return $this->num_rows;
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php
index a366a5f12..44fdd6dc5 100644
--- a/system/database/drivers/pdo/pdo_result.php
+++ b/system/database/drivers/pdo/pdo_result.php
@@ -26,26 +26,27 @@
*/
class CI_DB_pdo_result extends CI_DB_result {
+ public $num_rows;
+
/**
* Number of rows in the result set
*
- * @access public
- * @return integer
+ * @return int
*/
- function num_rows()
+ public function num_rows()
{
- if (is_numeric(stripos($this->result_id->queryString, 'SELECT')))
+ if (is_int($this->num_rows))
{
- $dbh = $this->conn_id;
- $query = $dbh->query($this->result_id->queryString);
- $result = $query->fetchAll();
- unset($dbh, $query);
- return count($result);
+ return $this->num_rows;
}
- else
+ elseif (($this->num_rows = $this->result_id->rowCount()) > 0)
{
- return $this->result_id->rowCount();
+ return $this->num_rows;
}
+
+ $this->num_rows = count($this->result_id->fetchAll());
+ $this->result_id->execute();
+ return $this->num_rows;
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php
index c50043660..e515eebf1 100755
--- a/system/libraries/Cache/drivers/Cache_file.php
+++ b/system/libraries/Cache/drivers/Cache_file.php
@@ -151,13 +151,12 @@ class CI_Cache_file extends CI_Driver {
{
return FALSE;
}
-
- $data = read_file($this->_cache_path.$id);
+
+ $data = read_file($this->_cache_path.$id);
$data = unserialize($data);
-
+
if (is_array($data))
{
- $data = $data['data'];
$mtime = filemtime($this->_cache_path.$id);
if ( ! isset($data['ttl']))
@@ -166,11 +165,11 @@ class CI_Cache_file extends CI_Driver {
}
return array(
- 'expire' => $mtime + $data['ttl'],
+ 'expire' => $mtime + $data['ttl'],
'mtime' => $mtime
);
}
-
+
return FALSE;
}
diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php
index 5a41377ea..df2dd7ce3 100644
--- a/system/libraries/Migration.php
+++ b/system/libraries/Migration.php
@@ -57,7 +57,7 @@ class CI_Migration {
}
// If not set, set it
- $this->_migration_path == '' OR $this->_migration_path = APPPATH . 'migrations/';
+ $this->_migration_path == '' AND $this->_migration_path = APPPATH . 'migrations/';
// Add trailing slash if not set
$this->_migration_path = rtrim($this->_migration_path, '/').'/';
@@ -89,8 +89,7 @@ class CI_Migration {
* Calls each migration step required to get to the schema version of
* choice
*
- * @access public
- * @param $version integer Target schema version
+ * @param int Target schema version
* @return mixed TRUE if already latest, FALSE if failed, int if upgraded
*/
public function version($target_version)
@@ -105,14 +104,13 @@ class CI_Migration {
++$stop;
$step = 1;
}
-
else
{
// Moving Down
$step = -1;
}
-
- $method = $step === 1 ? 'up' : 'down';
+
+ $method = ($step === 1) ? 'up' : 'down';
$migrations = array();
// We now prepare to actually DO the migrations
@@ -216,7 +214,6 @@ class CI_Migration {
/**
* Set's the schema to the latest migration
*
- * @access public
* @return mixed true if already latest, false if failed, int if upgraded
*/
public function latest()
@@ -228,7 +225,7 @@ class CI_Migration {
}
$last_migration = basename(end($migrations));
-
+
// Calculate the last migration step from existing migration
// filenames and procceed to the standard version migration
return $this->version((int) substr($last_migration, 0, 3));
@@ -239,7 +236,6 @@ class CI_Migration {
/**
* Set's the schema to the migration version set in config
*
- * @access public
* @return mixed true if already current, false if failed, int if upgraded
*/
public function current()
@@ -252,7 +248,6 @@ class CI_Migration {
/**
* Error string
*
- * @access public
* @return string Error message returned as a string
*/
public function error_string()
@@ -265,7 +260,6 @@ class CI_Migration {
/**
* Set's the schema to the latest migration
*
- * @access protected
* @return mixed true if already latest, false if failed, int if upgraded
*/
protected function find_migrations()
@@ -273,7 +267,7 @@ class CI_Migration {
// Load all *_*.php files in the migrations path
$files = glob($this->_migration_path . '*_*.php');
$file_count = count($files);
-
+
for ($i = 0; $i < $file_count; $i++)
{
// Mark wrongly formatted files as false for later filtering
@@ -283,9 +277,8 @@ class CI_Migration {
$files[$i] = FALSE;
}
}
-
- sort($files);
+ sort($files);
return $files;
}
@@ -294,8 +287,7 @@ class CI_Migration {
/**
* Retrieves current schema version
*
- * @access protected
- * @return integer Current Migration
+ * @return int Current Migration
*/
protected function _get_version()
{
@@ -308,9 +300,8 @@ class CI_Migration {
/**
* Stores the current schema version
*
- * @access protected
- * @param $migrations integer Migration reached
- * @return void Outputs a report of the migration
+ * @param int Migration reached
+ * @return bool
*/
protected function _update_version($migrations)
{
@@ -324,8 +315,7 @@ class CI_Migration {
/**
* Enable the use of CI super-global
*
- * @access public
- * @param $var
+ * @param mixed $var
* @return mixed
*/
public function __get($var)
diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index 082a5ee1d..882a82c1f 100755
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -506,7 +506,7 @@ class CI_Profiler {
foreach ($this->CI->session->all_userdata() as $key => $val)
{
- if (is_array($val))
+ if (is_array($val) OR is_object($val))
{
$val = print_r($val, TRUE);
}
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 8ee08c5b2..891fdd36a 100755
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -97,7 +97,7 @@ class CI_Session {
{
$this->sess_expiration = (60*60*24*365*2);
}
-
+
// Set the cookie name
$this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
@@ -399,7 +399,7 @@ class CI_Session {
function sess_destroy()
{
// Kill the session DB row
- if ($this->sess_use_database === TRUE AND isset($this->userdata['session_id']))
+ if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
{
$this->CI->db->where('session_id', $this->userdata['session_id']);
$this->CI->db->delete($this->sess_table_name);
@@ -414,6 +414,9 @@ class CI_Session {
$this->cookie_domain,
0
);
+
+ // Kill session data
+ $this->userdata = array();
}
// --------------------------------------------------------------------