diff options
Diffstat (limited to 'system')
24 files changed, 381 insertions, 161 deletions
diff --git a/system/core/Config.php b/system/core/Config.php index 1e149d005..91826bd41 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -76,7 +76,7 @@ class CI_Config { log_message('debug', 'Config Class Initialized'); // Set the base_url automatically if none was provided - if ($this->config['base_url'] == '') + if (empty($this->config['base_url'])) { if (isset($_SERVER['HTTP_HOST'])) { diff --git a/system/core/Input.php b/system/core/Input.php index 901b4147e..6e6885992 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -228,7 +228,7 @@ class CI_Input { /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * * @param mixed @@ -238,14 +238,15 @@ class CI_Input { * @param string the cookie path * @param string the cookie prefix * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ - public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { // always leave 'name' in last place, as the loop will break otherwise, due to $$item - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) { if (isset($name[$item])) { @@ -270,6 +271,10 @@ class CI_Input { { $secure = config_item('cookie_secure'); } + if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + { + $httponly = config_item('cookie_httponly'); + } if ( ! is_numeric($expire)) { @@ -280,7 +285,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); } // -------------------------------------------------------------------- diff --git a/system/core/Security.php b/system/core/Security.php index cd8a61028..ac39ce97b 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -196,7 +196,15 @@ class CI_Security { return FALSE; } - setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); + setcookie( + $this->_csrf_cookie_name, + $this->_csrf_hash, + $expire, + config_item('cookie_path'), + config_item('cookie_domain'), + $secure_cookie, + config_item('cookie_httponly') + ); log_message('debug', 'CRSF cookie Set'); return $this; diff --git a/system/core/URI.php b/system/core/URI.php index 4a2e87c2a..48bb7ae3c 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -22,7 +22,6 @@ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 - * @filesource */ // ------------------------------------------------------------------------ @@ -93,7 +92,7 @@ class CI_URI { if (strtoupper($this->config->item('uri_protocol')) === 'AUTO') { // Is the request coming from the command line? - if (php_sapi_name() === 'cli' OR defined('STDIN')) + if ($this->_is_cli_request()) { $this->_set_uri_string($this->_parse_cli_args()); return; @@ -227,6 +226,21 @@ class CI_URI { } // -------------------------------------------------------------------- + + /** + * Is cli Request? + * + * Duplicate of function from the Input class to test to see if a request was made from the command line + * + * @return boolean + */ + protected function _is_cli_request() + { + return (php_sapi_name() == 'cli') OR defined('STDIN'); + } + + + // -------------------------------------------------------------------- /** * Parse cli arguments diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 756709698..35164a79c 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -214,6 +214,7 @@ class CI_DB_active_record extends CI_DB_driver { $sql = $this->protect_identifiers($type.'('.trim($select).')').' AS '.$this->protect_identifiers(trim($alias)); $this->ar_select[] = $sql; + $this->ar_no_escape[] = NULL; if ($this->ar_caching === TRUE) { diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index a04a65eeb..bcff43392 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -165,7 +165,7 @@ class CI_DB_driver { } // Now we set the character set and that's all - return $this->db_set_charset($this->char_set, $this->dbcollat); + return $this->db_set_charset($this->char_set); } // -------------------------------------------------------------------- @@ -177,9 +177,9 @@ class CI_DB_driver { * @param string * @return bool */ - public function db_set_charset($charset, $collation = '') + public function db_set_charset($charset) { - if (method_exists($this, '_db_set_charset') && ! $this->_db_set_charset($charset, $collation)) + if (method_exists($this, '_db_set_charset') && ! $this->_db_set_charset($charset)) { log_message('error', 'Unable to set database connection charset: '.$charset); @@ -670,7 +670,7 @@ class CI_DB_driver { */ public function escape($str) { - if (is_string($str)) + if (is_string($str) OR method_exists($str, '__toString')) { $str = "'".$this->escape_str($str)."'"; } diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 071ce4327..ba646d226 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -144,10 +144,9 @@ class CI_DB_mysql_driver extends CI_DB { * Set client character set * * @param string - * @param string * @return bool */ - protected function _db_set_charset($charset, $collation) + protected function _db_set_charset($charset) { return @mysql_set_charset($charset, $this->conn_id); } diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index e84b8346d..f38b94c13 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -144,10 +144,9 @@ class CI_DB_mysqli_driver extends CI_DB { * Set client character set * * @param string - * @param string * @return bool */ - protected function _db_set_charset($charset, $collation) + protected function _db_set_charset($charset) { return @mysqli_set_charset($this->conn_id, $charset); } diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 09764779a..658a3d5a0 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -561,6 +561,11 @@ class CI_DB_pdo_driver extends CI_DB { // Analog function to show all tables in postgre $sql = "SELECT * FROM information_schema.tables WHERE table_schema = 'public'"; } + elseif ($this->pdodriver == 'sqlite') + { + // Analog function to show all tables in sqlite + $sql = "SELECT name FROM sqlite_master WHERE type='table' AND name NOT LIKE 'sqlite_%'"; + } else { $sql = "SHOW TABLES FROM `".$this->database."`"; @@ -603,6 +608,22 @@ class CI_DB_pdo_driver extends CI_DB { */ function _field_data($table) { + if ($this->pdodriver == 'mysql' or $this->pdodriver == 'pgsql') + { + // Analog function for mysql and postgre + return 'SELECT * FROM '.$this->_from_tables($table).' LIMIT 1'; + } + elseif ($this->pdodriver == 'oci') + { + // Analog function for oci + return 'SELECT * FROM '.$this->_from_tables($table).' WHERE ROWNUM <= 1'; + } + elseif ($this->pdodriver == 'sqlite') + { + // Analog function for sqlite + return 'PRAGMA table_info('.$this->_from_tables($table).')'; + } + return 'SELECT TOP 1 FROM '.$this->_from_tables($table); } diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php index 309f1947d..384b753da 100644 --- a/system/database/drivers/pdo/pdo_result.php +++ b/system/database/drivers/pdo/pdo_result.php @@ -160,9 +160,48 @@ class CI_DB_pdo_result extends CI_DB_result { try { - for($i = 0; $i < $this->num_fields(); $i++) + if (strpos($this->result_id->queryString, 'PRAGMA') !== FALSE) { - $data[] = $this->result_id->getColumnMeta($i); + foreach ($this->result_array() as $field) + { + preg_match('/([a-zA-Z]+)(\(\d+\))?/', $field['type'], $matches); + + $F = new stdClass(); + $F->name = $field['name']; + $F->type = ( ! empty($matches[1])) ? $matches[1] : NULL; + $F->default = NULL; + $F->max_length = ( ! empty($matches[2])) ? preg_replace('/[^\d]/', '', $matches[2]) : NULL; + $F->primary_key = (int) $field['pk']; + $F->pdo_type = NULL; + + $data[] = $F; + } + } + else + { + for($i = 0, $max = $this->num_fields(); $i < $max; $i++) + { + $field = $this->result_id->getColumnMeta($i); + + $F = new stdClass(); + $F->name = $field['name']; + $F->type = $field['native_type']; + $F->default = NULL; + $F->pdo_type = $field['pdo_type']; + + if ($field['precision'] < 0) + { + $F->max_length = NULL; + $F->primary_key = 0; + } + else + { + $F->max_length = ($field['len'] > 255) ? 0 : $field['len']; + $F->primary_key = (int) ( ! empty($field['flags']) && in_array('primary_key', $field['flags'])); + } + + $data[] = $F; + } } return $data; diff --git a/system/helpers/array_helper.php b/system/helpers/array_helper.php index e5e32c48d..464d1d112 100644 --- a/system/helpers/array_helper.php +++ b/system/helpers/array_helper.php @@ -1,13 +1,13 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE - * + * * Licensed under the Open Software License version 3.0 - * + * * This source file is subject to the Open Software License (OSL 3.0) that is * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Array Helpers * @@ -45,7 +43,6 @@ * Lets you determine whether an array index is set and whether it has a value. * If the element is empty it returns FALSE (or whatever you specify as the default value.) * - * @access public * @param string * @param array * @param mixed @@ -55,12 +52,7 @@ if ( ! function_exists('element')) { function element($item, $array, $default = FALSE) { - if ( ! isset($array[$item]) OR $array[$item] == "") - { - return $default; - } - - return $array[$item]; + return empty($array[$item]) ? $default : $array[$item]; } } @@ -69,7 +61,6 @@ if ( ! function_exists('element')) /** * Random Element - Takes an array as input and returns a random element * - * @access public * @param array * @return mixed depends on what the array contains */ @@ -77,12 +68,7 @@ if ( ! function_exists('random_element')) { function random_element($array) { - if ( ! is_array($array)) - { - return $array; - } - - return $array[array_rand($array)]; + return is_array($array) ? $array[array_rand($array)] : $array; } } @@ -91,10 +77,9 @@ if ( ! function_exists('random_element')) /** * Elements * - * Returns only the array items specified. Will return a default value if + * Returns only the array items specified. Will return a default value if * it is not set. * - * @access public * @param array * @param array * @param mixed @@ -105,22 +90,12 @@ if ( ! function_exists('elements')) function elements($items, $array, $default = FALSE) { $return = array(); - - if ( ! is_array($items)) - { - $items = array($items); - } - + + is_array($items) OR $items = array($items); + foreach ($items as $item) { - if (isset($array[$item])) - { - $return[$item] = $array[$item]; - } - else - { - $return[$item] = $default; - } + $return[$item] = isset($array[$item]) ? $array[$item] : $default; } return $return; @@ -128,4 +103,4 @@ if ( ! function_exists('elements')) } /* End of file array_helper.php */ -/* Location: ./system/helpers/array_helper.php */
\ No newline at end of file +/* Location: ./system/helpers/array_helper.php */ diff --git a/system/helpers/cookie_helper.php b/system/helpers/cookie_helper.php index b46f80540..ec8aa3250 100644 --- a/system/helpers/cookie_helper.php +++ b/system/helpers/cookie_helper.php @@ -1,13 +1,13 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE - * + * * Licensed under the Open Software License version 3.0 - * + * * This source file is subject to the Open Software License (OSL 3.0) that is * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Cookie Helpers * @@ -42,25 +40,26 @@ /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * - * @access public * @param mixed * @param string the value of the cookie * @param string the number of seconds until expiration * @param string the cookie domain. Usually: .yourdomain.com * @param string the cookie path * @param string the cookie prefix + * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ if ( ! function_exists('set_cookie')) { - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { // Set the config file options $CI =& get_instance(); - $CI->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure); + $CI->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure, $httponly); } } @@ -69,7 +68,6 @@ if ( ! function_exists('set_cookie')) /** * Fetch an item from the COOKIE array * - * @access public * @param string * @param bool * @return mixed @@ -79,14 +77,7 @@ if ( ! function_exists('get_cookie')) function get_cookie($index = '', $xss_clean = FALSE) { $CI =& get_instance(); - - $prefix = ''; - - if ( ! isset($_COOKIE[$index]) && config_item('cookie_prefix') != '') - { - $prefix = config_item('cookie_prefix'); - } - + $prefix = isset($_COOKIE[$index]) ? '' : config_item('cookie_prefix'); return $CI->input->cookie($prefix.$index, $xss_clean); } } @@ -97,7 +88,7 @@ if ( ! function_exists('get_cookie')) * Delete a COOKIE * * @param mixed - * @param string the cookie domain. Usually: .yourdomain.com + * @param string the cookie domain. Usually: .yourdomain.com * @param string the cookie path * @param string the cookie prefix * @return void @@ -110,6 +101,5 @@ if ( ! function_exists('delete_cookie')) } } - /* End of file cookie_helper.php */ -/* Location: ./system/helpers/cookie_helper.php */
\ No newline at end of file +/* Location: ./system/helpers/cookie_helper.php */ diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 2a34cf93e..d54553292 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -128,15 +128,16 @@ if ( ! function_exists('standard_date')) function standard_date($fmt = 'DATE_RFC822', $time = '') { $formats = array( - 'DATE_ATOM' => '%Y-%m-%dT%H:%i:%s%Q', + 'DATE_ATOM' => '%Y-%m-%dT%H:%i:%s%O', 'DATE_COOKIE' => '%l, %d-%M-%y %H:%i:%s UTC', - 'DATE_ISO8601' => '%Y-%m-%dT%H:%i:%s%Q', + 'DATE_ISO8601' => '%Y-%m-%dT%H:%i:%s%O', 'DATE_RFC822' => '%D, %d %M %y %H:%i:%s %O', 'DATE_RFC850' => '%l, %d-%M-%y %H:%i:%s UTC', 'DATE_RFC1036' => '%D, %d %M %y %H:%i:%s %O', 'DATE_RFC1123' => '%D, %d %M %Y %H:%i:%s %O', + 'DATE_RFC2822' => '%D, %d %M %Y %H:%i:%s %O', 'DATE_RSS' => '%D, %d %M %Y %H:%i:%s %O', - 'DATE_W3C' => '%Y-%m-%dT%H:%i:%s%Q' + 'DATE_W3C' => '%Y-%m-%dT%H:%i:%s%O' ); if ( ! isset($formats[$fmt])) @@ -159,11 +160,12 @@ if ( ! function_exists('standard_date')) * @access public * @param integer a number of seconds * @param integer Unix timestamp - * @return integer + * @param integer a number of display units + * @return string */ if ( ! function_exists('timespan')) { - function timespan($seconds = 1, $time = '') + function timespan($seconds = 1, $time = '', $units = 7) { $CI =& get_instance(); $CI->lang->load('date'); @@ -178,24 +180,29 @@ if ( ! function_exists('timespan')) $time = time(); } + if ( ! is_numeric($units)) + { + $units = 7; + } + $seconds = ($time <= $seconds) ? 1 : $time - $seconds; - $str = ''; + $str = array(); $years = floor($seconds / 31557600); if ($years > 0) { - $str .= $years.' '.$CI->lang->line((($years > 1) ? 'date_years' : 'date_year')).', '; + $str[] = $years.' '.$CI->lang->line((($years > 1) ? 'date_years' : 'date_year')); } $seconds -= $years * 31557600; $months = floor($seconds / 2629743); - if ($years > 0 OR $months > 0) + if (count($str) < $units && ($years > 0 OR $months > 0)) { if ($months > 0) { - $str .= $months.' '.$CI->lang->line((($months > 1) ? 'date_months' : 'date_month')).', '; + $str[] = $months.' '.$CI->lang->line((($months > 1) ? 'date_months' : 'date_month')); } $seconds -= $months * 2629743; @@ -203,11 +210,11 @@ if ( ! function_exists('timespan')) $weeks = floor($seconds / 604800); - if ($years > 0 OR $months > 0 OR $weeks > 0) + if (count($str) < $units && ($years > 0 OR $months > 0 OR $weeks > 0)) { if ($weeks > 0) { - $str .= $weeks.' '.$CI->lang->line((($weeks > 1) ? 'date_weeks' : 'date_week')).', '; + $str[] = $weeks.' '.$CI->lang->line((($weeks > 1) ? 'date_weeks' : 'date_week')); } $seconds -= $weeks * 604800; @@ -215,11 +222,11 @@ if ( ! function_exists('timespan')) $days = floor($seconds / 86400); - if ($months > 0 OR $weeks > 0 OR $days > 0) + if (count($str) < $units && ($months > 0 OR $weeks > 0 OR $days > 0)) { if ($days > 0) { - $str .= $days.' '.$CI->lang->line((($days > 1) ? 'date_days' : 'date_day')).', '; + $str[] = $days.' '.$CI->lang->line((($days > 1) ? 'date_days' : 'date_day')); } $seconds -= $days * 86400; @@ -227,11 +234,11 @@ if ( ! function_exists('timespan')) $hours = floor($seconds / 3600); - if ($days > 0 OR $hours > 0) + if (count($str) < $units && ($days > 0 OR $hours > 0)) { if ($hours > 0) { - $str .= $hours.' '.$CI->lang->line((($hours > 1) ? 'date_hours' : 'date_hour')).', '; + $str[] = $hours.' '.$CI->lang->line((($hours > 1) ? 'date_hours' : 'date_hour')); } $seconds -= $hours * 3600; @@ -239,22 +246,22 @@ if ( ! function_exists('timespan')) $minutes = floor($seconds / 60); - if ($days > 0 OR $hours > 0 OR $minutes > 0) + if (count($str) < $units && ($days > 0 OR $hours > 0 OR $minutes > 0)) { if ($minutes > 0) { - $str .= $minutes.' '.$CI->lang->line((($minutes > 1) ? 'date_minutes' : 'date_minute')).', '; + $str[] = $minutes.' '.$CI->lang->line((($minutes > 1) ? 'date_minutes' : 'date_minute')); } $seconds -= $minutes * 60; } - if ($str == '') + if (count($str) === 0) { - $str .= $seconds.' '.$CI->lang->line((($seconds > 1) ? 'date_seconds' : 'date_second')).', '; + $str[] = $seconds.' '.$CI->lang->line((($seconds > 1) ? 'date_seconds' : 'date_second')); } - return substr(trim($str), 0, -1); + return implode(', ', $str); } } diff --git a/system/helpers/directory_helper.php b/system/helpers/directory_helper.php index 1d67e056d..d7ca13e85 100644 --- a/system/helpers/directory_helper.php +++ b/system/helpers/directory_helper.php @@ -1,13 +1,13 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /** * CodeIgniter * * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE - * + * * Licensed under the Open Software License version 3.0 - * + * * This source file is subject to the Open Software License (OSL 3.0) that is * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Directory Helpers * @@ -43,12 +41,11 @@ * Create a Directory Map * * Reads the specified directory and builds an array - * representation of it. Sub-folders contained with the + * representation of it. Sub-folders contained with the * directory will be mapped as well. * - * @access public * @param string path to source - * @param int depth of directories to traverse (0 = fully recursive, 1 = current dir, etc) + * @param int depth of directories to traverse (0 = fully recursive, 1 = current dir, etc) * @return array */ if ( ! function_exists('directory_map')) @@ -64,7 +61,7 @@ if ( ! function_exists('directory_map')) while (FALSE !== ($file = readdir($fp))) { // Remove '.', '..', and hidden files [optional] - if ( ! trim($file, '.') OR ($hidden == FALSE && $file[0] == '.')) + if ( ! trim($file, '.') OR ($hidden == FALSE && $file[0] === '.')) { continue; } @@ -87,6 +84,5 @@ if ( ! function_exists('directory_map')) } } - /* End of file directory_helper.php */ -/* Location: ./system/helpers/directory_helper.php */
\ No newline at end of file +/* Location: ./system/helpers/directory_helper.php */ diff --git a/system/helpers/inflector_helper.php b/system/helpers/inflector_helper.php index 9cf015d2b..485806b20 100644 --- a/system/helpers/inflector_helper.php +++ b/system/helpers/inflector_helper.php @@ -170,7 +170,7 @@ if ( ! function_exists('camelize')) { function camelize($str) { - return str_replace(' ', '', ucwords(preg_replace('/[\s_]+/', ' ', strtolower($str)))); + return strtolower($str[0]).substr(str_replace(' ', '', ucwords(preg_replace('/[\s_]+/', ' ', $str))), 1); } } diff --git a/system/helpers/path_helper.php b/system/helpers/path_helper.php index 2eb85fefa..c31f0bdc5 100644 --- a/system/helpers/path_helper.php +++ b/system/helpers/path_helper.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Path Helpers * @@ -51,28 +49,24 @@ if ( ! function_exists('set_realpath')) { function set_realpath($path, $check_existance = FALSE) { - // Security check to make sure the path is NOT a URL. No remote file inclusion! - if (preg_match("#^(http:\/\/|https:\/\/|www\.|ftp|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i", $path)) + // Security check to make sure the path is NOT a URL. No remote file inclusion! + if (preg_match('#^(http:\/\/|https:\/\/|www\.|ftp|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})#i', $path)) { show_error('The path you submitted must be a local server path, not a URL'); } // Resolve the path - if (function_exists('realpath') AND @realpath($path) !== FALSE) + if (function_exists('realpath') && @realpath($path) !== FALSE) { $path = realpath($path); } - - // Add a trailing slash - $path = rtrim($path, DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR; - - // Make sure the path exists - if ($check_existance == TRUE && ! is_dir($path)) + elseif ($check_existance && ! is_dir($path) && ! is_file($path)) { show_error('Not a valid path: '.$path); } - return $path; + // Add a trailing slash, if this is a directory + return is_dir($path) ? rtrim($path, DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR : $path; } } diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index e05e947a5..8c7adea46 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Security Helpers * @@ -42,7 +40,6 @@ /** * XSS Filtering * - * @access public * @param string * @param bool whether or not the content is an image file * @return string @@ -61,7 +58,6 @@ if ( ! function_exists('xss_clean')) /** * Sanitize Filename * - * @access public * @param string * @return string */ @@ -79,7 +75,6 @@ if ( ! function_exists('sanitize_filename')) /** * Hash encode a string * - * @access public * @param string * @return string */ @@ -87,7 +82,12 @@ if ( ! function_exists('do_hash')) { function do_hash($str, $type = 'sha1') { - return ($type === 'sha1') ? sha1($str) : md5($str); + if ( ! in_array(strtolower($type), hash_algos())) + { + $type = 'md5'; + } + + return hash($type, $str); } } @@ -96,7 +96,6 @@ if ( ! function_exists('do_hash')) /** * Strip Image Tags * - * @access public * @param string * @return string */ @@ -104,7 +103,7 @@ if ( ! function_exists('strip_image_tags')) { function strip_image_tags($str) { - return preg_replace(array("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "#<img\s+.*?src\s*=\s*(.+?).*?\>#"), "\\1", $str); + return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); } } @@ -113,7 +112,6 @@ if ( ! function_exists('strip_image_tags')) /** * Convert PHP tags to entities * - * @access public * @param string * @return string */ diff --git a/system/language/english/upload_lang.php b/system/language/english/upload_lang.php index ec5de1e6b..4fa8394ec 100644 --- a/system/language/english/upload_lang.php +++ b/system/language/english/upload_lang.php @@ -35,7 +35,7 @@ $lang['upload_stopped_by_extension'] = "The file upload was stopped by extension $lang['upload_no_file_selected'] = "You did not select a file to upload."; $lang['upload_invalid_filetype'] = "The filetype you are attempting to upload is not allowed."; $lang['upload_invalid_filesize'] = "The file you are attempting to upload is larger than the permitted size."; -$lang['upload_invalid_dimensions'] = "The image you are attempting to upload exceedes the maximum height or width."; +$lang['upload_invalid_dimensions'] = "The image you are attempting to upload exceeds the maximum height or width."; $lang['upload_destination_error'] = "A problem was encountered while attempting to move the uploaded file to the final destination."; $lang['upload_no_filepath'] = "The upload path does not appear to be valid."; $lang['upload_no_file_types'] = "You have not specified any allowed file types."; diff --git a/system/libraries/Cache/Cache.php b/system/libraries/Cache/Cache.php index 60998e3b8..7642a5270 100644 --- a/system/libraries/Cache/Cache.php +++ b/system/libraries/Cache/Cache.php @@ -39,20 +39,17 @@ class CI_Cache extends CI_Driver_Library { protected $valid_drivers = array( - 'cache_apc', 'cache_file', 'cache_memcached', 'cache_dummy' - ); - - protected $_cache_path = NULL; // Path of cache files (if file-based cache) - protected $_adapter = 'dummy'; + 'cache_apc', + 'cache_file', + 'cache_memcached', + 'cache_dummy', + 'cache_wincache' + ); + + protected $_cache_path = NULL; // Path of cache files (if file-based cache) + protected $_adapter = 'dummy'; protected $_backup_driver; - // ------------------------------------------------------------------------ - - /** - * Constructor - * - * @param array - */ public function __construct($config = array()) { if ( ! empty($config)) diff --git a/system/libraries/Cache/drivers/Cache_wincache.php b/system/libraries/Cache/drivers/Cache_wincache.php new file mode 100644 index 000000000..df619d4e6 --- /dev/null +++ b/system/libraries/Cache/drivers/Cache_wincache.php @@ -0,0 +1,165 @@ +<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +/** + * CodeIgniter + * + * An open source application development framework for PHP 5.1.6 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * + * @package CodeIgniter + * @author EllisLab Dev Team + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) + * @link http://codeigniter.com + * @since Version 3.0 + * @filesource + */ + +// ------------------------------------------------------------------------ + +/** + * CodeIgniter Wincache Caching Class + * + * Read more about Wincache functions here: + * http://www.php.net/manual/en/ref.wincache.php + * + * @package CodeIgniter + * @subpackage Libraries + * @category Core + * @author Mike Murkovic + * @link + */ + +class CI_Cache_wincache extends CI_Driver { + + /** + * Get + * + * Look for a value in the cache. If it exists, return the data, + * if not, return FALSE + * + * @param string + * @return mixed value that is stored/FALSE on failure + */ + public function get($id) + { + $success = FALSE; + $data = wincache_ucache_get($id, $success); + + // Success returned by reference from wincache_ucache_get() + return ($success) ? $data : FALSE; + } + + // ------------------------------------------------------------------------ + + /** + * Cache Save + * + * @param string Unique Key + * @param mixed Data to store + * @param int Length of time (in seconds) to cache the data + * @return bool true on success/false on failure + */ + public function save($id, $data, $ttl = 60) + { + return wincache_ucache_set($id, $data, $ttl); + } + + // ------------------------------------------------------------------------ + + /** + * Delete from Cache + * + * @param mixed unique identifier of the item in the cache + * @param bool true on success/false on failure + */ + public function delete($id) + { + return wincache_ucache_delete($id); + } + + // ------------------------------------------------------------------------ + + /** + * Clean the cache + * + * @return bool false on failure/true on success + */ + public function clean() + { + return wincache_ucache_clear(); + } + + // ------------------------------------------------------------------------ + + /** + * Cache Info + * + * @return mixed array on success, false on failure + */ + public function cache_info() + { + return wincache_ucache_info(TRUE); + } + + // ------------------------------------------------------------------------ + + /** + * Get Cache Metadata + * + * @param mixed key to get cache metadata on + * @return mixed array on success/false on failure + */ + public function get_metadata($id) + { + if ($stored = wincache_ucache_info(FALSE, $id)) + { + $age = $stored['ucache_entries'][1]['age_seconds']; + $ttl = $stored['ucache_entries'][1]['ttl_seconds']; + $hitcount = $stored['ucache_entries'][1]['hitcount']; + + return array( + 'expire' => $ttl - $age, + 'hitcount' => $hitcount, + 'age' => $age, + 'ttl' => $ttl + ); + } + + return FALSE; + } + + // ------------------------------------------------------------------------ + + /** + * is_supported() + * + * Check to see if WinCache is available on this system, bail if it isn't. + * + * @return bool + */ + public function is_supported() + { + if ( ! extension_loaded('wincache')) + { + log_message('error', 'The Wincache PHP extension must be loaded to use Wincache Cache.'); + return FALSE; + } + + return TRUE; + } + +} + +/* End of file Cache_wincache.php */ +/* Location: ./system/libraries/Cache/drivers/Cache_wincache.php */ diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 826d94fb0..3e0c72e84 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -72,7 +72,7 @@ class CI_Form_validation { $this->CI->load->helper('form'); // Set the character encoding in MB. - if (function_exists('mb_internal_encoding')) + if (MB_ENABLED === TRUE) { mb_internal_encoding($this->CI->config->item('charset')); } @@ -101,7 +101,7 @@ class CI_Form_validation { return $this; } - // If an array was passed via the first parameter instead of indidual string + // If an array was passed via the first parameter instead of individual string // values we cycle through it and recursively call this function. if (is_array($field)) { @@ -950,7 +950,7 @@ class CI_Form_validation { return FALSE; } - if (function_exists('mb_strlen')) + if (MB_ENABLED === TRUE) { return ! (mb_strlen($str) < $val); } @@ -974,7 +974,7 @@ class CI_Form_validation { return FALSE; } - if (function_exists('mb_strlen')) + if (MB_ENABLED === TRUE) { return ! (mb_strlen($str) > $val); } @@ -998,7 +998,7 @@ class CI_Form_validation { return FALSE; } - if (function_exists('mb_strlen')) + if (MB_ENABLED === TRUE) { return (mb_strlen($str) == $val); } diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 6cba2cb82..3a80c1626 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -48,6 +48,7 @@ class CI_Session { public $cookie_path = ''; public $cookie_domain = ''; public $cookie_secure = FALSE; + public $cookie_httponly = FALSE; public $sess_time_to_update = 300; public $encryption_key = ''; public $flashdata_key = 'flash'; @@ -72,7 +73,7 @@ class CI_Session { // Set all the session preferences, which can either be set // manually via the $params array above or via the config file - foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'cookie_secure', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key) + foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key) { $this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key); } @@ -689,13 +690,14 @@ class CI_Session { // Set the cookie setcookie( - $this->sess_cookie_name, - $cookie_data, - $expire, - $this->cookie_path, - $this->cookie_domain, - $this->cookie_secure - ); + $this->sess_cookie_name, + $cookie_data, + $expire, + $this->cookie_path, + $this->cookie_domain, + $this->cookie_secure, + $this->cookie_httponly + ); } // -------------------------------------------------------------------- diff --git a/system/libraries/Table.php b/system/libraries/Table.php index 8651b9e69..11a4858a9 100644 --- a/system/libraries/Table.php +++ b/system/libraries/Table.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * HTML Table Generating Class * @@ -49,9 +47,21 @@ class CI_Table { public $empty_cells = ''; public $function = FALSE; - public function __construct() + /** + * Set the template from the table config file if it exists + * + * @param array $config (default: array()) + * @return void + */ + public function __construct($config = array()) { - log_message('debug', "Table Class Initialized"); + log_message('debug', 'Table Class Initialized'); + + // initialize config + foreach ($config as $key => $val) + { + $this->template[$key] = $val; + } } // -------------------------------------------------------------------- @@ -102,7 +112,7 @@ class CI_Table { */ public function make_columns($array = array(), $col_limit = 0) { - if ( ! is_array($array) OR count($array) === 0) + if ( ! is_array($array) OR count($array) === 0 OR ! is_int($col_limit)) { return FALSE; } @@ -395,7 +405,7 @@ class CI_Table { // First generate the headings from the table column names if (count($this->heading) === 0) { - if ( ! method_exists($query, 'list_fields')) + if ( ! is_callable(array($query, 'list_fields'))) { return FALSE; } diff --git a/system/libraries/Trackback.php b/system/libraries/Trackback.php index 3bea5f9b8..be1de6f3f 100644 --- a/system/libraries/Trackback.php +++ b/system/libraries/Trackback.php @@ -141,7 +141,7 @@ class CI_Trackback { $this->data['charset'] = ( ! isset($_POST['charset'])) ? 'auto' : strtoupper(trim($_POST['charset'])); - if ($val != 'url' && function_exists('mb_convert_encoding')) + if ($val != 'url' && MB_ENABLED === TRUE) { $_POST[$val] = mb_convert_encoding($_POST[$val], $this->charset, $this->data['charset']); } |