diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/core/CodeIgniter.php | 8 | ||||
-rw-r--r-- | system/core/Common.php | 25 | ||||
-rw-r--r-- | system/core/Input.php | 33 | ||||
-rw-r--r-- | system/core/Loader.php | 6 | ||||
-rw-r--r-- | system/core/Log.php | 4 | ||||
-rw-r--r-- | system/core/Output.php | 14 | ||||
-rw-r--r-- | system/core/Router.php | 17 | ||||
-rw-r--r-- | system/core/Security.php | 3 | ||||
-rw-r--r-- | system/core/URI.php | 2 | ||||
-rw-r--r-- | system/database/DB_driver.php | 4 | ||||
-rw-r--r-- | system/helpers/captcha_helper.php | 5 | ||||
-rw-r--r-- | system/libraries/Cart.php | 4 | ||||
-rw-r--r-- | system/libraries/Email.php | 22 | ||||
-rw-r--r-- | system/libraries/Encrypt.php | 2 | ||||
-rw-r--r-- | system/libraries/Form_validation.php | 2 | ||||
-rw-r--r-- | system/libraries/Profiler.php | 4 | ||||
-rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 3 | ||||
-rw-r--r-- | system/libraries/Upload.php | 32 |
18 files changed, 116 insertions, 74 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 7f76977b5..3fe5c0648 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -241,12 +241,12 @@ defined('BASEPATH') OR exit('No direct script access allowed'); // Load the local application controller // Note: The Router class automatically validates the controller path using the router->_validate_request(). // If this include fails it means that the default controller in the Routes.php file is not resolving to something valid. - if ( ! file_exists(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php')) + if ( ! file_exists(APPPATH.'controllers/'.$RTR->directory.$RTR->class.'.php')) { show_error('Unable to load your default controller. Please make sure the controller specified in your Routes.php file is valid.'); } - include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php'); + include(APPPATH.'controllers/'.$RTR->directory.$RTR->class.'.php'); // Set a mark point for benchmarking $BM->mark('loading_time:_base_classes_end'); @@ -260,8 +260,8 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * loader class can be called via the URI, nor can * controller functions that begin with an underscore. */ - $class = $RTR->fetch_class(); - $method = $RTR->fetch_method(); + $class = $RTR->class; + $method = $RTR->method; if ( ! class_exists($class, FALSE) OR $method[0] === '_' OR method_exists('CI_Controller', $method)) { diff --git a/system/core/Common.php b/system/core/Common.php index efa7a9380..93cd0a0ae 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -92,7 +92,7 @@ if ( ! function_exists('is_really_writable')) */ if (is_dir($file)) { - $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100)); + $file = rtrim($file, '/').'/'.md5(mt_rand()); if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE) { return FALSE; @@ -346,7 +346,20 @@ if ( ! function_exists('is_https')) */ function is_https() { - return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on'); + if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') + { + return TRUE; + } + elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') + { + return TRUE; + } + elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') + { + return TRUE; + } + + return FALSE; } } @@ -424,12 +437,12 @@ if ( ! function_exists('log_message')) * We use this as a simple mechanism to access the logging * class and send messages to be logged. * - * @param string - * @param string - * @param bool + * @param string the error level: 'error', 'debug' or 'info' + * @param string the error message + * @param bool whether the error is a native PHP error * @return void */ - function log_message($level = 'error', $message, $php_error = FALSE) + function log_message($level, $message, $php_error = FALSE) { static $_log, $_log_threshold; diff --git a/system/core/Input.php b/system/core/Input.php index 6690b7f2e..0ef81128e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -790,31 +790,30 @@ class CI_Input { */ public function request_headers($xss_clean = FALSE) { + // If header is already defined, return it immediately + if ( ! empty($this->headers)) + { + return $this->headers; + } + // In Apache, you can simply call apache_request_headers() if (function_exists('apache_request_headers')) { - $headers = apache_request_headers(); + return $this->headers = apache_request_headers(); } - else - { - $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); - foreach ($_SERVER as $key => $val) - { - if (sscanf($key, 'HTTP_%s', $header) === 1) - { - $headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); - } - } - } + $this->headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); - // take SOME_HEADER and turn it into Some-Header - foreach ($headers as $key => $val) + foreach ($_SERVER as $key => $val) { - $key = str_replace(array('_', '-'), ' ', strtolower($key)); - $key = str_replace(' ', '-', ucwords($key)); + if (sscanf($key, 'HTTP_%s', $header) === 1) + { + // take SOME_HEADER and turn it into Some-Header + $header = str_replace('_', ' ', strtolower($header)); + $header = str_replace(' ', '-', ucwords($header)); - $this->headers[$key] = $val; + $this->headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); + } } return $this->headers; diff --git a/system/core/Loader.php b/system/core/Loader.php index d4e63231c..70a6b6fa6 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -658,7 +658,7 @@ class CI_Loader { return FALSE; } - if ( ! class_exists('CI_Driver_Library')) + if ( ! class_exists('CI_Driver_Library', FALSE)) { // We aren't instantiating an object here, just making the base class available require BASEPATH.'libraries/Driver.php'; @@ -713,7 +713,7 @@ class CI_Loader { * * Return a list of all package paths. * - * @param bool $include_base Whether to include BASEPATH (default: TRUE) + * @param bool $include_base Whether to include BASEPATH (default: FALSE) * @return array */ public function get_package_paths($include_base = FALSE) @@ -955,7 +955,7 @@ class CI_Loader { // Is this a class extension request? if (file_exists($subclass)) { - $baseclass = BASEPATH.'libraries/'.$class.'.php'; + $baseclass = BASEPATH.'libraries/'.$subdir.$class.'.php'; if ( ! file_exists($baseclass)) { diff --git a/system/core/Log.php b/system/core/Log.php index a84d3dc22..e4d72b544 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -138,12 +138,12 @@ class CI_Log { * * Generally this function will be called using the global log_message() function * - * @param string the error level + * @param string the error level: 'error', 'debug' or 'info' * @param string the error message * @param bool whether the error is a native PHP error * @return bool */ - public function write_log($level = 'error', $msg, $php_error = FALSE) + public function write_log($level, $msg, $php_error = FALSE) { if ($this->_enabled === FALSE) { diff --git a/system/core/Output.php b/system/core/Output.php index 3320ae154..06d7a866b 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -841,9 +841,8 @@ class CI_Output { $output = substr_replace($output, '', 0, $pos); // Remove closing tag and save it for later - $end_pos = strlen($output); $pos = strpos($output, '</'); - $closing_tag = substr($output, $pos, $end_pos); + $closing_tag = substr($output, $pos, strlen($output)); $output = substr_replace($output, '', $pos); } @@ -852,7 +851,16 @@ class CI_Output { // Remove spaces around curly brackets, colons, // semi-colons, parenthesis, commas - $output = preg_replace('!\s*(:|;|,|}|{|\(|\))\s*!i', '$1', $output); + $chunks = preg_split('/([\'|"]).+(?![^\\\]\\1)\\1/iU', $output, -1, PREG_SPLIT_OFFSET_CAPTURE); + for ($i = count($chunks) - 1; $i >= 0; $i--) + { + $output = substr_replace( + $output, + preg_replace('/\s*(:|;|,|}|{|\(|\))\s*/i', '$1', $chunks[$i][0]), + $chunks[$i][1], + strlen($chunks[$i][0]) + ); + } // Replace tabs with spaces // Replace carriage returns & multiple new lines with single new line diff --git a/system/core/Router.php b/system/core/Router.php index bb0ce16bd..c86ab9c20 100644 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -119,16 +119,16 @@ class CI_Router { if (isset($_GET[$this->config->item('directory_trigger')]) && is_string($_GET[$this->config->item('directory_trigger')])) { $this->set_directory(trim($this->uri->_filter_uri($_GET[$this->config->item('directory_trigger')]))); - $segments[] = $this->fetch_directory(); + $segments[] = $this->directory; } $this->set_class(trim($this->uri->_filter_uri($_GET[$this->config->item('controller_trigger')]))); - $segments[] = $this->fetch_class(); + $segments[] = $this->class; if ( ! empty($_GET[$this->config->item('function_trigger')]) && is_string($_GET[$this->config->item('function_trigger')])) { $this->set_method(trim($this->uri->_filter_uri($_GET[$this->config->item('function_trigger')]))); - $segments[] = $this->fetch_method(); + $segments[] = $this->method; } } @@ -270,7 +270,7 @@ class CI_Router { empty($segments[1]) OR $segments[1] = str_replace('-', '_', $segments[1]); // Does the requested controller exist in the sub-folder? - if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$segments[0].'.php')) + if ( ! file_exists(APPPATH.'controllers/'.$this->directory.$segments[0].'.php')) { if ( ! empty($this->routes['404_override'])) { @@ -279,7 +279,7 @@ class CI_Router { } else { - show_404($this->fetch_directory().$segments[0]); + show_404($this->directory.$segments[0]); } } } @@ -287,7 +287,7 @@ class CI_Router { { // Is the method being specified in the route? $segments = explode('/', $this->default_controller); - if ( ! file_exists(APPPATH.'controllers/'.$this->fetch_directory().$segments[0].'.php')) + if ( ! file_exists(APPPATH.'controllers/'.$this->directory.$segments[0].'.php')) { $this->directory = ''; } @@ -413,6 +413,7 @@ class CI_Router { /** * Fetch the current class * + * @deprecated 3.0.0 Read the 'class' property instead * @return string */ public function fetch_class() @@ -438,11 +439,12 @@ class CI_Router { /** * Fetch the current method * + * @deprecated 3.0.0 Read the 'method' property instead * @return string */ public function fetch_method() { - return ($this->method === $this->fetch_class()) ? 'index' : $this->method; + return $this->method; } // -------------------------------------------------------------------- @@ -466,6 +468,7 @@ class CI_Router { * Feches the sub-directory (if any) that contains the requested * controller class. * + * @deprecated 3.0.0 Read the 'directory' property instead * @return string */ public function fetch_directory() diff --git a/system/core/Security.php b/system/core/Security.php index 7aae54efc..196d61144 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -488,8 +488,7 @@ class CI_Security { { if ($this->_xss_hash === '') { - mt_srand(); - $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); + $this->_xss_hash = md5(uniqid(mt_rand())); } return $this->_xss_hash; diff --git a/system/core/URI.php b/system/core/URI.php index b2286f032..bc086d223 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -720,7 +720,7 @@ class CI_URI { { global $RTR; - if (($dir = $RTR->fetch_directory()) === '/') + if (($dir = $RTR->directory) === '/') { $dir = ''; } diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 97021f125..593d78ba4 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -704,7 +704,7 @@ abstract class CI_DB_driver { { $driver = 'CI_DB_'.$this->dbdriver.'_result'; - if ( ! class_exists($driver)) + if ( ! class_exists($driver, FALSE)) { include_once(BASEPATH.'database/DB_result.php'); include_once(BASEPATH.'database/drivers/'.$this->dbdriver.'/'.$this->dbdriver.'_result.php'); @@ -816,7 +816,7 @@ abstract class CI_DB_driver { } // The query() function will set this flag to FALSE in the event that a query failed - if ($this->_trans_status === FALSE) + if ($this->_trans_status === FALSE OR $this->_trans_failure === TRUE) { $this->trans_rollback(); diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 78e255a15..f3b9c6cc4 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -51,7 +51,7 @@ if ( ! function_exists('create_captcha')) */ function create_captcha($data = '', $img_path = '', $img_url = '', $font_path = '') { - $defaults = array('word' => '', 'img_path' => '', 'img_url' => '', 'img_width' => '150', 'img_height' => '30', 'font_path' => '', 'expiration' => 7200); + $defaults = array('word' => '', 'img_path' => '', 'img_url' => '', 'img_width' => '150', 'img_height' => '30', 'font_path' => '', 'expiration' => 7200, 'word_length' => 8, 'pool' => '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'); foreach ($defaults as $key => $val) { @@ -95,9 +95,8 @@ if ( ! function_exists('create_captcha')) if (empty($word)) { - $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $word = ''; - for ($i = 0, $mt_rand_max = strlen($pool) - 1; $i < 8; $i++) + for ($i = 0, $mt_rand_max = strlen($pool) - 1; $i < $word_length; $i++) { $word .= $pool[mt_rand(0, $mt_rand_max)]; } diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index b7b0697fb..edc300bd7 100644 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -51,7 +51,7 @@ class CI_Cart { * * @var string */ - public $product_name_rules = '\.\:\-_ a-z0-9'; + public $product_name_rules = '\w \-\.\:'; /** * only allow safe product names @@ -214,7 +214,7 @@ class CI_Cart { // Validate the product name. It can only be alpha-numeric, dashes, underscores, colons or periods. // Note: These can be user-specified by setting the $this->product_name_rules variable. - if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i', $items['name'])) + if ($this->product_name_safe && ! preg_match('/^['.$this->product_name_rules.']+$/i'.(UTF8_ENABLED ? 'u' : ''), $items['name'])) { log_message('error', 'An invalid name was submitted as the product name: '.$items['name'].' The name can only contain alpha-numeric characters, dashes, underscores, colons, and spaces'); return FALSE; diff --git a/system/libraries/Email.php b/system/libraries/Email.php index a745d331d..46ffaa1d4 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -739,7 +739,7 @@ class CI_Email { */ public function set_header($header, $value) { - $this->_headers[$header] = $value; + $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value); } // -------------------------------------------------------------------- @@ -1236,7 +1236,7 @@ class CI_Email { /** * Build Final Body and attachments * - * @return void + * @return bool */ protected function _build_message() { @@ -1275,7 +1275,7 @@ class CI_Email { if ($this->send_multipart === FALSE) { $hdr .= 'Content-Type: text/html; charset='.$this->charset.$this->newline - .'Content-Transfer-Encoding: quoted-printable'; + .'Content-Transfer-Encoding: quoted-printable'.$this->newline.$this->newline; } else { @@ -1401,7 +1401,7 @@ class CI_Email { $body .= implode($this->newline, $attachment).$this->newline.'--'.$this->_atc_boundary.'--'; $this->_finalbody = ($this->_get_protocol() === 'mail') ? $body : $hdr.$body; - return; + return TRUE; } // -------------------------------------------------------------------- @@ -1606,7 +1606,11 @@ class CI_Email { return $result; } - $this->_build_message(); + if ($this->_build_message() === FALSE) + { + return FALSE; + } + $result = $this->_spool_email(); if ($result && $auto_clear) @@ -1665,7 +1669,11 @@ class CI_Email { $this->_bcc_array = $bcc; } - $this->_build_message(); + if ($this->_build_message() === FALSE) + { + return FALSE; + } + $this->_spool_email(); } } @@ -2132,7 +2140,7 @@ class CI_Email { if (in_array('headers', $include, TRUE)) { - $raw_data = $this->_header_str."\n"; + $raw_data = htmlspecialchars($this->_header_str)."\n"; } if (in_array('subject', $include, TRUE)) diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index c6a1cb175..8ac5420de 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -244,7 +244,7 @@ class CI_Encrypt { $rand = ''; do { - $rand .= mt_rand(0, mt_getrandmax()); + $rand .= mt_rand(); } while (strlen($rand) < 32); diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 1ed50844c..40ba01202 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1405,7 +1405,7 @@ class CI_Form_validation { */ public function valid_base64($str) { - return ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str); + return (base64_encode(base64_decode($str)) === $str); } // -------------------------------------------------------------------- diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index 470688fdc..0c60efb8b 100644 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -405,7 +405,7 @@ class CI_Profiler { .'<fieldset id="ci_profiler_controller_info" style="border:1px solid #995300;padding:6px 10px 10px 10px;margin:20px 0 20px 0;background-color:#eee;">' ."\n" .'<legend style="color:#995300;"> '.$this->CI->lang->line('profiler_controller_info')." </legend>\n" - .'<div style="color:#995300;font-weight:normal;padding:4px 0 4px 0;">'.$this->CI->router->fetch_class().'/'.$this->CI->router->fetch_method() + .'<div style="color:#995300;font-weight:normal;padding:4px 0 4px 0;">'.$this->CI->router->class.'/'.$this->CI->router->method .'</div></fieldset>'; } @@ -447,7 +447,7 @@ class CI_Profiler { .' (<span style="cursor: pointer;" onclick="var s=document.getElementById(\'ci_profiler_httpheaders_table\').style;s.display=s.display==\'none\'?\'\':\'none\';this.innerHTML=this.innerHTML==\''.$this->CI->lang->line('profiler_section_show').'\'?\''.$this->CI->lang->line('profiler_section_hide').'\':\''.$this->CI->lang->line('profiler_section_show').'\';">'.$this->CI->lang->line('profiler_section_show')."</span>)</legend>\n\n\n" .'<table style="width:100%;display:none;" id="ci_profiler_httpheaders_table">'."\n"; - foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR') as $header) + foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR', 'HTTP_DNT') as $header) { $val = isset($_SERVER[$header]) ? $_SERVER[$header] : ''; $output .= '<tr><td style="vertical-align:top;width:50%;padding:5px;color:#900;background-color:#ddd;">' diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 0e8644102..7174d63c8 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -641,7 +641,7 @@ class CI_Session_cookie extends CI_Session_driver { $new_sessid = ''; do { - $new_sessid .= mt_rand(0, mt_getrandmax()); + $new_sessid .= mt_rand(); } while (strlen($new_sessid) < 32); @@ -832,7 +832,6 @@ class CI_Session_cookie extends CI_Session_driver { $probability = ini_get('session.gc_probability'); $divisor = ini_get('session.gc_divisor'); - srand(time()); if ((mt_rand(0, $divisor) / $divisor) < $probability) { $expire = $this->now - $this->sess_expiration; diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 82b46f094..85428044d 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -136,6 +136,13 @@ class CI_Upload { public $file_ext = ''; /** + * Force filename extension to lowercase + * + * @var string + */ + public $file_ext_tolower = FALSE; + + /** * Upload path * * @var string @@ -294,6 +301,7 @@ class CI_Upload { 'file_type' => '', 'file_size' => NULL, 'file_ext' => '', + 'file_ext_tolower' => FALSE, 'upload_path' => '', 'overwrite' => FALSE, 'encrypt_name' => FALSE, @@ -366,25 +374,25 @@ class CI_Upload { switch ($error) { - case 1: // UPLOAD_ERR_INI_SIZE + case UPLOAD_ERR_INI_SIZE: $this->set_error('upload_file_exceeds_limit'); break; - case 2: // UPLOAD_ERR_FORM_SIZE + case UPLOAD_ERR_FORM_SIZE: $this->set_error('upload_file_exceeds_form_limit'); break; - case 3: // UPLOAD_ERR_PARTIAL + case UPLOAD_ERR_PARTIAL: $this->set_error('upload_file_partial'); break; - case 4: // UPLOAD_ERR_NO_FILE + case UPLOAD_ERR_NO_FILE: $this->set_error('upload_no_file_selected'); break; - case 6: // UPLOAD_ERR_NO_TMP_DIR + case UPLOAD_ERR_NO_TMP_DIR: $this->set_error('upload_no_temp_directory'); break; - case 7: // UPLOAD_ERR_CANT_WRITE + case UPLOAD_ERR_CANT_WRITE: $this->set_error('upload_unable_to_write_file'); break; - case 8: // UPLOAD_ERR_EXTENSION + case UPLOAD_ERR_EXTENSION: $this->set_error('upload_stopped_by_extension'); break; default: @@ -604,7 +612,6 @@ class CI_Upload { { if ($this->encrypt_name === TRUE) { - mt_srand(); $filename = md5(uniqid(mt_rand())).$this->file_ext; } @@ -966,7 +973,14 @@ class CI_Upload { public function get_extension($filename) { $x = explode('.', $filename); - return (count($x) !== 1) ? '.'.end($x) : ''; + + if (count($x) === 1) + { + return ''; + } + + $ext = ($this->file_ext_tolower) ? strtolower(end($x)) : end($x); + return '.'.$ext; } // -------------------------------------------------------------------- |