summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rwxr-xr-xsystem/core/Security.php21
-rw-r--r--system/database/drivers/interbase/interbase_utility.php2
-rw-r--r--system/libraries/Form_validation.php4
-rw-r--r--system/libraries/Session.php45
-rw-r--r--system/libraries/Upload.php8
-rw-r--r--system/libraries/User_agent.php24
-rw-r--r--system/libraries/Xmlrpc.php6
7 files changed, 60 insertions, 50 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 974e2e428..c82b69ff9 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -95,13 +95,14 @@ class CI_Security {
*
* @var array
*/
- protected $_never_allowed_regex = array(
+ protected $_never_allowed_regex = array(
'javascript\s*:',
'expression\s*(\(|&\#40;)', // CSS and IE
'vbscript\s*:', // IE, surprise!
- 'Redirect\s+302'
+ 'Redirect\s+302',
+ "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
);
-
+
/**
* Initialize security class
*/
@@ -365,10 +366,11 @@ class CI_Security {
* These words are compacted back to their correct state.
*/
$words = array(
- 'javascript', 'expression', 'vbscript', 'script',
+ 'javascript', 'expression', 'vbscript', 'script', 'base64',
'applet', 'alert', 'document', 'write', 'cookie', 'window'
);
+
foreach ($words as $word)
{
$word = implode('\s*', str_split($word)).'\s*';
@@ -605,10 +607,11 @@ class CI_Security {
$attribs = array();
// find occurrences of illegal attribute strings without quotes
- preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s]*)/is', $str, $matches, PREG_SET_ORDER);
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
+
$attribs[] = preg_quote($attr[0], '/');
}
@@ -623,7 +626,7 @@ class CI_Security {
// replace illegal attribute strings that are inside an html tag
if (count($attribs) > 0)
{
- $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z\-])('.implode('|', $attribs).')([\s><])([><]*)/i', '<$1$2$4$5', $str, -1, $count);
+ $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count);
}
} while ($count);
@@ -664,7 +667,7 @@ class CI_Security {
protected function _js_link_removal($match)
{
return str_replace($match[1],
- preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+ preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
'',
$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
),
@@ -804,7 +807,7 @@ class CI_Security {
foreach ($this->_never_allowed_regex as $regex)
{
- $str = preg_replace('#'.$regex.'#i', '[removed]', $str);
+ $str = preg_replace('#'.$regex.'#is', '[removed]', $str);
}
return $str;
@@ -841,4 +844,4 @@ class CI_Security {
}
/* End of file Security.php */
-/* Location: ./system/core/Security.php */ \ No newline at end of file
+/* Location: ./system/core/Security.php */
diff --git a/system/database/drivers/interbase/interbase_utility.php b/system/database/drivers/interbase/interbase_utility.php
index 1b92af9b6..164211836 100644
--- a/system/database/drivers/interbase/interbase_utility.php
+++ b/system/database/drivers/interbase/interbase_utility.php
@@ -42,7 +42,7 @@ class CI_DB_interbase_utility extends CI_DB_utility {
* @param string $filename
* @return mixed
*/
- protected function backup($filename)
+ protected function _backup($filename)
{
if ($service = ibase_service_attach($this->db->hostname, $this->db->username, $this->db->password))
{
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index a52cad5ff..c396580be 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -448,7 +448,7 @@ class CI_Form_validation {
{
$this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']);
}
- elseif ( ! empty($validation_array[$field]))
+ elseif (isset($validation_array[$field]) && $validation_array[$field] !== '')
{
$this->_field_data[$field]['postdata'] = $validation_array[$field];
}
@@ -1005,7 +1005,7 @@ class CI_Form_validation {
return (MB_ENABLED === TRUE)
? ($val <= mb_strlen($str))
- : ($val <= strlen(str));
+ : ($val <= strlen($str));
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 3fa446d84..3195f0a91 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -36,146 +36,146 @@
*/
class CI_Session {
- /**
+ /**
* Whether to encrypt the session cookie
*
* @var bool
*/
public $sess_encrypt_cookie = FALSE;
-
+
/**
* Whether to use to the database for session storage
*
* @var bool
*/
public $sess_use_database = FALSE;
-
+
/**
* Name of the database table in which to store sessions
*
* @var string
*/
public $sess_table_name = '';
-
+
/**
* Length of time (in seconds) for sessions to expire
*
* @var int
*/
public $sess_expiration = 7200;
-
+
/**
* Whether to kill session on close of browser window
*
* @var bool
*/
public $sess_expire_on_close = FALSE;
-
+
/**
* Whether to match session on ip address
*
* @var bool
*/
public $sess_match_ip = FALSE;
-
+
/**
* Whether to match session on user-agent
*
* @var bool
*/
public $sess_match_useragent = TRUE;
-
+
/**
* Name of session cookie
*
* @var string
*/
public $sess_cookie_name = 'ci_session';
-
+
/**
* Session cookie prefix
*
* @var string
*/
public $cookie_prefix = '';
-
+
/**
* Session cookie path
*
* @var string
*/
public $cookie_path = '';
-
+
/**
* Session cookie domain
*
* @var string
*/
public $cookie_domain = '';
-
+
/**
* Whether to set the cookie only on HTTPS connections
*
* @var bool
*/
public $cookie_secure = FALSE;
-
+
/**
* Whether cookie should be allowed only to be sent by the server
*
* @var bool
*/
public $cookie_httponly = FALSE;
-
+
/**
* Interval at which to update session
*
* @var int
*/
public $sess_time_to_update = 300;
-
+
/**
* Key with which to encrypt the session cookie
*
* @var string
*/
public $encryption_key = '';
-
+
/**
* String to indicate flash data cookies
*
* @var string
*/
public $flashdata_key = 'flash';
-
+
/**
* Function to use to get the current time
*
* @var string
*/
public $time_reference = 'time';
-
+
/**
* Probablity level of garbage collection of old sessions
*
* @var int
*/
public $gc_probability = 5;
-
+
/**
* Session data
*
* @var array
*/
public $userdata = array();
-
+
/**
* Reference to CodeIgniter instance
*
* @var object
*/
public $CI;
-
+
/**
* Current time
*
@@ -570,6 +570,9 @@ class CI_Session {
$this->cookie_domain,
0
);
+
+ // Kill session data
+ $this->userdata = array();
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 8ad67050d..24d4bd4d0 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -725,7 +725,7 @@ class CI_Upload {
public function get_extension($filename)
{
$x = explode('.', $filename);
- return '.'.end($x);
+ return (count($x) !== 1) ? '.'.end($x) : '';
}
// --------------------------------------------------------------------
@@ -850,6 +850,10 @@ class CI_Upload {
{
return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
}
+ else
+ {
+ return FALSE;
+ }
}
if (($data = @file_get_contents($file)) === FALSE)
@@ -1099,4 +1103,4 @@ class CI_Upload {
}
/* End of file Upload.php */
-/* Location: ./system/libraries/Upload.php */ \ No newline at end of file
+/* Location: ./system/libraries/Upload.php */
diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php
index 0ac605fa4..ff596f04b 100644
--- a/system/libraries/User_agent.php
+++ b/system/libraries/User_agent.php
@@ -51,14 +51,14 @@ class CI_User_agent {
* @var bool
*/
public $is_browser = FALSE;
-
+
/**
* Flag for if the user-agent is a robot
*
* @var bool
*/
public $is_robot = FALSE;
-
+
/**
* Flag for if the user-agent is a mobile browser
*
@@ -72,7 +72,7 @@ class CI_User_agent {
* @var array
*/
public $languages = array();
-
+
/**
* Character sets accepted by the current user agent
*
@@ -86,21 +86,21 @@ class CI_User_agent {
* @var array
*/
public $platforms = array();
-
+
/**
* List of browsers to compare against current user agent
*
* @var array
*/
public $browsers = array();
-
+
/**
* List of mobile browsers to compare against current user agent
*
* @var array
*/
public $mobiles = array();
-
+
/**
* List of robots to compare against current user agent
*
@@ -114,28 +114,28 @@ class CI_User_agent {
* @var string
*/
public $platform = '';
-
+
/**
* Current user-agent browser
*
* @var string
*/
public $browser = '';
-
+
/**
* Current user-agent version
*
* @var string
*/
public $version = '';
-
+
/**
* Current user-agent mobile name
*
* @var string
*/
public $mobile = '';
-
+
/**
* Current user-agent robot name
*
@@ -330,7 +330,7 @@ class CI_User_agent {
{
foreach ($this->mobiles as $key => $val)
{
- if (FALSE !== (strpos(strtolower($this->agent), $key)))
+ if (FALSE !== (stripos($this->agent, $key)))
{
$this->is_mobile = TRUE;
$this->mobile = $val;
@@ -604,7 +604,7 @@ class CI_User_agent {
/**
* Test for a particular character set
*
- * @param string $charset
+ * @param string $charset
* @return bool
*/
public function accept_charset($charset = 'utf-8')
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index 7009deacc..0d2533855 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -436,7 +436,7 @@ class XML_RPC_Client extends CI_Xmlrpc
*/
public function sendPayload($msg)
{
- $fp = @fsockopen($this->server, $this->port,$this->errno, $this->errstr, $this->timeout);
+ $fp = @fsockopen($this->server, $this->port,$this->errno, $this->errstring, $this->timeout);
if ( ! is_resource($fp))
{
@@ -458,7 +458,7 @@ class XML_RPC_Client extends CI_Xmlrpc
.'Content-Length: '.strlen($msg->payload).$r.$r
.$msg->payload;
- if ( ! fputs($fp, $op, strlen($op)))
+ if ( ! fwrite($fp, $op, strlen($op)))
{
error_log($this->xmlrpcstr['http_error']);
return new XML_RPC_Response(0, $this->xmlrpcerr['http_error'], $this->xmlrpcstr['http_error']);
@@ -1076,7 +1076,7 @@ class XML_RPC_Message extends CI_Xmlrpc
// we have an I4/INT
// we must check that only 0123456789-<space> are characters here
$this->xh[$the_parser]['value'] = preg_match('/^[+-]?[0-9\t ]+$/', $this->xh[$the_parser]['ac'])
- ? (int) $this->xh[$the_parset]['ac']
+ ? (int) $this->xh[$the_parser]['ac']
: 'ERROR_NON_NUMERIC_FOUND';
}
$this->xh[$the_parser]['ac'] = '';