diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/core/Common.php | 30 | ||||
-rwxr-xr-x | system/core/Lang.php | 4 | ||||
-rwxr-xr-x | system/core/Loader.php | 4 | ||||
-rwxr-xr-x | system/core/Security.php | 26 | ||||
-rwxr-xr-x | system/core/URI.php | 4 | ||||
-rw-r--r-- | system/database/DB_active_rec.php | 2 | ||||
-rw-r--r-- | system/database/drivers/mysql/mysql_driver.php | 2 | ||||
-rw-r--r-- | system/database/drivers/mysql/mysql_result.php | 17 | ||||
-rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 2 | ||||
-rw-r--r-- | system/database/drivers/mysqli/mysqli_result.php | 19 | ||||
-rw-r--r-- | system/database/drivers/odbc/odbc_driver.php | 2 | ||||
-rw-r--r-- | system/helpers/date_helper.php | 66 | ||||
-rwxr-xr-x | system/helpers/url_helper.php | 2 | ||||
-rw-r--r-- | system/libraries/Cache/drivers/Cache_memcached.php | 83 | ||||
-rw-r--r-- | system/libraries/Email.php | 6 | ||||
-rw-r--r-- | system/libraries/Log.php | 21 | ||||
-rw-r--r-- | system/libraries/Profiler.php | 4 | ||||
-rw-r--r-- | system/libraries/Upload.php | 54 |
18 files changed, 252 insertions, 96 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index db9fbeb9f..d79375475 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -132,9 +132,9 @@ if ( ! function_exists('load_class')) $name = FALSE; - // Look for the class first in the native system/libraries folder - // thenin the local application/libraries folder - foreach (array(BASEPATH, APPPATH) as $path) + // Look for the class first in the local application/libraries folder + // then in the native system/libraries folder + foreach (array(APPPATH, BASEPATH) as $path) { if (file_exists($path.$directory.'/'.$class.'.php')) { @@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters')) } } +// ------------------------------------------------------------------------ + +/** +* Returns HTML escaped variable +* +* @access public +* @param mixed +* @return mixed +*/ +if ( ! function_exists('html_escape')) +{ + function html_escape($var) + { + if (is_array($var)) + { + return array_map('html_escape', $var); + } + else + { + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + } + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */
\ No newline at end of file diff --git a/system/core/Lang.php b/system/core/Lang.php index 5ac671838..d61d1029a 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -112,7 +112,7 @@ class CI_Lang { } - if ( ! isset($lang)) + if ( ! isset($lang) OR ! is_array($lang)) { log_message('error', 'Language file contains no data: language/'.$idiom.'/'.$langfile); return; @@ -124,7 +124,7 @@ class CI_Lang { } $this->is_loaded[] = $langfile; - $this->language = array_merge($this->language, $lang); + $this->language = $this->language + $lang; unset($lang); log_message('debug', 'Language file loaded: language/'.$idiom.'/'.$langfile); diff --git a/system/core/Loader.php b/system/core/Loader.php index e7fa3d3f6..de0fc06d2 100755 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -127,7 +127,7 @@ class CI_Loader { $this->_ci_library_paths = array(APPPATH, BASEPATH); $this->_ci_helper_paths = array(APPPATH, BASEPATH); $this->_ci_model_paths = array(APPPATH); - $this->_ci_view_paths = array(APPPATH.'views/' => TRUE); + $this->_ci_view_paths = array(VIEWPATH => TRUE); log_message('debug', "Loader Class Initialized"); } @@ -1106,7 +1106,7 @@ class CI_Loader { * @param array * @return void */ - private function _ci_autoloader() + protected function _ci_autoloader() { if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) { diff --git a/system/core/Security.php b/system/core/Security.php index dcc680a11..342455f27 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -33,6 +33,7 @@ class CI_Security { * @access protected */ protected $_xss_hash = ''; + /** * Random Hash for Cross Site Request Forgery Protection Cookie * @@ -40,6 +41,7 @@ class CI_Security { * @access protected */ protected $_csrf_hash = ''; + /** * Expiration time for Cross Site Request Forgery Protection Cookie * Defaults to two hours (in seconds) @@ -48,6 +50,7 @@ class CI_Security { * @access protected */ protected $_csrf_expire = 7200; + /** * Token name for Cross Site Request Forgery Protection Cookie * @@ -55,6 +58,7 @@ class CI_Security { * @access protected */ protected $_csrf_token_name = 'ci_csrf_token'; + /** * Cookie name for Cross Site Request Forgery Protection Cookie * @@ -62,12 +66,14 @@ class CI_Security { * @access protected */ protected $_csrf_cookie_name = 'ci_csrf_token'; + /** * List of never allowed strings * * @var array * @access protected */ + protected $_never_allowed_str = array( 'document.cookie' => '[removed]', 'document.write' => '[removed]', @@ -80,7 +86,6 @@ class CI_Security { '<![CDATA[' => '<![CDATA[' ); - /* never allowed, regex replacement */ /** * List of never allowed regex replacement * @@ -134,6 +139,16 @@ class CI_Security { { return $this->csrf_set_cookie(); } + + // Check if URI has been whitelisted from CSRF checks + if ($exclude_uris = config_item('csrf_exclude_uris')) + { + $uri = load_class('URI', 'core'); + if (in_array($uri->uri_string(), $exclude_uris)) + { + return $this; + } + } // Do the tokens exist in both the _POST and _COOKIE arrays? if ( ! isset($_POST[$this->_csrf_token_name]) OR @@ -156,9 +171,9 @@ class CI_Security { unset($_COOKIE[$this->_csrf_cookie_name]); $this->_csrf_set_hash(); $this->csrf_set_cookie(); - - log_message('debug', "CSRF token verified "); - + + log_message('debug', "CSRF token verified"); + return $this; } @@ -869,7 +884,6 @@ class CI_Security { } } -// END Security Class /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */ +/* Location: ./system/libraries/Security.php */
\ No newline at end of file diff --git a/system/core/URI.php b/system/core/URI.php index a3ae20cc3..8946bc76b 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -175,7 +175,7 @@ class CI_URI { * @access private * @return string */ - private function _detect_uri() + protected function _detect_uri() { if ( ! isset($_SERVER['REQUEST_URI']) OR ! isset($_SERVER['SCRIPT_NAME'])) { @@ -232,7 +232,7 @@ class CI_URI { * @access private * @return string */ - private function _parse_cli_args() + protected function _parse_cli_args() { $args = array_slice($_SERVER['argv'], 1); diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 841ede28e..37d162bc1 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -196,7 +196,7 @@ class CI_DB_active_record extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$alias; + $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$this->_protect_identifiers(trim($alias)); $this->ar_select[] = $sql; diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 872504564..f87cfea4b 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -441,7 +441,7 @@ class CI_DB_mysql_driver extends CI_DB { */ function _field_data($table) { - return "SELECT * FROM ".$table." LIMIT 1"; + return "DESCRIBE ".$table; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysql/mysql_result.php b/system/database/drivers/mysql/mysql_result.php index 507389603..2d2905c98 100644 --- a/system/database/drivers/mysql/mysql_result.php +++ b/system/database/drivers/mysql/mysql_result.php @@ -84,14 +84,19 @@ class CI_DB_mysql_result extends CI_DB_result { function field_data() { $retval = array(); - while ($field = mysql_fetch_field($this->result_id)) + while ($field = mysql_fetch_object($this->result_id)) { + preg_match('/([a-zA-Z]+)\((\d+)\)/', $field->Type, $matches); + + $type = $matches[1]; + $length = (int)$matches[2]; + $F = new stdClass(); - $F->name = $field->name; - $F->type = $field->type; - $F->default = $field->def; - $F->max_length = $field->max_length; - $F->primary_key = $field->primary_key; + $F->name = $field->Field; + $F->type = $type; + $F->default = $field->Default; + $F->max_length = $length; + $F->primary_key = ( $field->Key == 'PRI' ? 1 : 0 ); $retval[] = $F; } diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index ddcaff323..ccd110f79 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -442,7 +442,7 @@ class CI_DB_mysqli_driver extends CI_DB { */ function _field_data($table) { - return "SELECT * FROM ".$table." LIMIT 1"; + return "DESCRIBE ".$table; } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_result.php b/system/database/drivers/mysqli/mysqli_result.php index c4d8f5d58..ac863056a 100644 --- a/system/database/drivers/mysqli/mysqli_result.php +++ b/system/database/drivers/mysqli/mysqli_result.php @@ -84,21 +84,26 @@ class CI_DB_mysqli_result extends CI_DB_result { function field_data() { $retval = array(); - while ($field = mysqli_fetch_field($this->result_id)) + while ($field = mysqli_fetch_object($this->result_id)) { + preg_match('/([a-zA-Z]+)\((\d+)\)/', $field->Type, $matches); + + $type = $matches[1]; + $length = (int)$matches[2]; + $F = new stdClass(); - $F->name = $field->name; - $F->type = $field->type; - $F->default = $field->def; - $F->max_length = $field->max_length; - $F->primary_key = ($field->flags & MYSQLI_PRI_KEY_FLAG) ? 1 : 0; + $F->name = $field->Field; + $F->type = $type; + $F->default = $field->Default; + $F->max_length = $length; + $F->primary_key = ( $field->Key == 'PRI' ? 1 : 0 ); $retval[] = $F; } return $retval; } - + // -------------------------------------------------------------------- /** diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 5e764e071..08cd27b6c 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -50,7 +50,7 @@ class CI_DB_odbc_driver extends CI_DB { function CI_DB_odbc_driver($params) { - parent::CI_DB($params); + parent::CI_DB_driver($params); $this->_random_keyword = ' RND('.time().')'; // database specific random keyword } diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 553e8d7ee..6c559bb25 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -491,6 +491,72 @@ if ( ! function_exists('human_to_unix')) // ------------------------------------------------------------------------ /** + * Turns many "reasonably-date-like" strings into something + * that is actually useful. This only works for dates after unix epoch. + * + * @access public + * @param string The terribly formatted date-like string + * @param string Date format to return (same as php date function) + * @return string + */ +if ( ! function_exists('nice_date')) +{ + function nice_date($bad_date='', $format=false) + { + if (empty($bad_date)) + { + return 'Unknown'; + } + // Date like: YYYYMM + if (preg_match('/^\d{6}$/',$bad_date)) + { + //echo $bad_date." "; + if (in_array(substr($bad_date, 0, 2),array('19', '20'))) + { + $year = substr($bad_date, 0, 4); + $month = substr($bad_date, 4, 2); + } + else + { + $month = substr($bad_date, 0, 2); + $year = substr($bad_date, 2, 4); + } + return date($format, strtotime($year . '-' . $month . '-01')); + + } + + // Date Like: YYYYMMDD + if (preg_match('/^\d{8}$/',$bad_date)) + { + $month = substr($bad_date, 0, 2); + $day = substr($bad_date, 2, 2); + $year = substr($bad_date, 4, 4); + return date($format, strtotime($month . '/01/' . $year)); + } + + // Date Like: MM-DD-YYYY __or__ M-D-YYYY (or anything in between) + if (preg_match('/^\d{1,2}-\d{1,2}-\d{4}$/',$bad_date)) + { + list($m, $d, $y) = explode('-', $bad_date); + return date($format, strtotime("{$y}-{$m}-{$d}")); + } + + // Any other kind of string, when converted into UNIX time, + // produces "0 seconds after epoc..." is probably bad... + // return "Invalid Date". + if (date('U', strtotime($bad_date)) == '0') + { + return "Invalid Date"; + } + + // It's probably a valid-ish date format already + return date($format, strtotime($bad_date)); + } +} + +// ------------------------------------------------------------------------ + +/** * Timezone Menu * * Generates a drop-down menu of timezones. diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index b565cbf55..c524dddd1 100755 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -527,7 +527,7 @@ if ( ! function_exists('url_title')) * * @access public * @param string the URL - * @param string the method: location or redirect + * @param string the method: location or refresh * @return string */ if ( ! function_exists('redirect')) diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php index ec2fd216a..04aa81a5a 100644 --- a/system/libraries/Cache/drivers/Cache_memcached.php +++ b/system/libraries/Cache/drivers/Cache_memcached.php @@ -10,19 +10,19 @@ * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 - * @filesource + * @filesource */ // ------------------------------------------------------------------------ /** - * CodeIgniter Memcached Caching Class + * CodeIgniter Memcached Caching Class * * @package CodeIgniter * @subpackage Libraries * @category Core * @author ExpressionEngine Dev Team - * @link + * @link */ class CI_Cache_memcached extends CI_Driver { @@ -37,18 +37,18 @@ class CI_Cache_memcached extends CI_Driver { ) ); - // ------------------------------------------------------------------------ + // ------------------------------------------------------------------------ /** * Fetch from cache * * @param mixed unique key id * @return mixed data on success/false on failure - */ + */ public function get($id) - { + { $data = $this->_memcached->get($id); - + return (is_array($data)) ? $data[0] : FALSE; } @@ -64,11 +64,11 @@ class CI_Cache_memcached extends CI_Driver { */ public function save($id, $data, $ttl = 60) { - return $this->_memcached->add($id, array($data, time(), $ttl), $ttl); + return $this->_memcached->set($id, array($data, time(), $ttl), $ttl); } // ------------------------------------------------------------------------ - + /** * Delete from Cache * @@ -81,7 +81,7 @@ class CI_Cache_memcached extends CI_Driver { } // ------------------------------------------------------------------------ - + /** * Clean the Cache * @@ -106,7 +106,7 @@ class CI_Cache_memcached extends CI_Driver { } // ------------------------------------------------------------------------ - + /** * Get Cache Metadata * @@ -140,6 +140,7 @@ class CI_Cache_memcached extends CI_Driver { { // Try to load memcached server info from the config file. $CI =& get_instance(); + if ($CI->config->load('memcached', TRUE, TRUE)) { if (is_array($CI->config->config['memcached'])) @@ -149,11 +150,24 @@ class CI_Cache_memcached extends CI_Driver { foreach ($CI->config->config['memcached'] as $name => $conf) { $this->_memcache_conf[$name] = $conf; - } - } + } + } + } + + if (class_exists('Memcached')) + { + $this->_memcached = new Memcached(); + } + else if (class_exists('Memcache')) + { + $this->_memcached = new Memcache(); + } + else + { + log_message('error', 'Failed to create object for Memcached Cache; extension not loaded?'); + + return FALSE; } - - $this->_memcached = new Memcached(); foreach ($this->_memcache_conf as $name => $cache_server) { @@ -161,26 +175,42 @@ class CI_Cache_memcached extends CI_Driver { { $cache_server['hostname'] = $this->_default_options['default_host']; } - + if ( ! array_key_exists('port', $cache_server)) { $cache_server['port'] = $this->_default_options['default_port']; } - + if ( ! array_key_exists('weight', $cache_server)) { $cache_server['weight'] = $this->_default_options['default_weight']; } - - $this->_memcached->addServer( - $cache_server['hostname'], $cache_server['port'], $cache_server['weight'] - ); + + if (get_class($this->_memcached) == 'Memcache') + { + // Third parameter is persistance and defaults to TRUE. + $this->_memcached->addServer( + $cache_server['hostname'], + $cache_server['port'], + TRUE, + $cache_server['weight'] + ); + } + else + { + $this->_memcached->addServer( + $cache_server['hostname'], + $cache_server['port'], + $cache_server['weight'] + ); + } } + + return TRUE; } // ------------------------------------------------------------------------ - /** * Is supported * @@ -189,15 +219,14 @@ class CI_Cache_memcached extends CI_Driver { */ public function is_supported() { - if ( ! extension_loaded('memcached')) + if ( ! extension_loaded('memcached') && ! extension_loaded('memcache')) { log_message('error', 'The Memcached Extension must be loaded to use Memcached Cache.'); - + return FALSE; } - - $this->_setup_memcached(); - return TRUE; + + return $this->_setup_memcached(); } // ------------------------------------------------------------------------ diff --git a/system/libraries/Email.php b/system/libraries/Email.php index e28c23a04..28a3d17b4 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -452,7 +452,7 @@ class CI_Email { */ public function set_alt_message($str = '') { - $this->alt_message = $str; + $this->alt_message = (string) $str; return $this; } @@ -477,12 +477,12 @@ class CI_Email { * Set Wordwrap * * @access public - * @param string + * @param bool * @return void */ public function set_wordwrap($wordwrap = TRUE) { - $this->wordwrap = ($wordwrap === FALSE) ? FALSE : TRUE; + $this->wordwrap = (bool) $wordwrap; return $this; } diff --git a/system/libraries/Log.php b/system/libraries/Log.php index 9f1db76ba..bf10d4727 100644 --- a/system/libraries/Log.php +++ b/system/libraries/Log.php @@ -27,10 +27,12 @@ class CI_Log { protected $_log_path; - protected $_threshold = 1; - protected $_date_fmt = 'Y-m-d H:i:s'; - protected $_enabled = TRUE; - protected $_levels = array('ERROR' => '1', 'DEBUG' => '2', 'INFO' => '3', 'ALL' => '4'); + protected $_threshold = 1; + protected $_threshold_max = 0; + protected $_threshold_array = array(); + protected $_date_fmt = 'Y-m-d H:i:s'; + protected $_enabled = TRUE; + protected $_levels = array('ERROR' => '1', 'DEBUG' => '2', 'INFO' => '3', 'ALL' => '4'); /** * Constructor @@ -50,6 +52,11 @@ class CI_Log { { $this->_threshold = $config['log_threshold']; } + elseif (is_array($config['log_threshold'])) + { + $this->_threshold = $this->_threshold_max; + $this->_threshold_array = array_flip($config['log_threshold']); + } if ($config['log_date_format'] != '') { @@ -80,9 +87,13 @@ class CI_Log { if ( ! isset($this->_levels[$level]) OR ($this->_levels[$level] > $this->_threshold)) { - return FALSE; + if (empty($this->_threshold_array) OR ! isset($this->_threshold_array[$this->_levels[$level]])) + { + return FALSE; + } } + $filepath = $this->_log_path.'log-'.date('Y-m-d').'.php'; $message = ''; diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index 082a5ee1d..330acce73 100644 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -493,7 +493,7 @@ class CI_Profiler { * * @return string */ - private function _compile_session_data() + protected function _compile_session_data() { if ( ! isset($this->CI->session)) { @@ -555,4 +555,4 @@ class CI_Profiler { // END CI_Profiler class /* End of file Profiler.php */ -/* Location: ./system/libraries/Profiler.php */
\ No newline at end of file +/* Location: ./system/libraries/Profiler.php */ diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 3177424c4..8f324de79 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -30,6 +30,7 @@ class CI_Upload { public $max_width = 0; public $max_height = 0; public $max_filename = 0; + public $max_filename_increment = 100; public $allowed_types = ""; public $file_temp = ""; public $file_name = ""; @@ -80,31 +81,32 @@ class CI_Upload { public function initialize($config = array()) { $defaults = array( - 'max_size' => 0, - 'max_width' => 0, - 'max_height' => 0, - 'max_filename' => 0, - 'allowed_types' => "", - 'file_temp' => "", - 'file_name' => "", - 'orig_name' => "", - 'file_type' => "", - 'file_size' => "", - 'file_ext' => "", - 'upload_path' => "", - 'overwrite' => FALSE, - 'encrypt_name' => FALSE, - 'is_image' => FALSE, - 'image_width' => '', - 'image_height' => '', - 'image_type' => '', - 'image_size_str' => '', - 'error_msg' => array(), - 'mimes' => array(), - 'remove_spaces' => TRUE, - 'xss_clean' => FALSE, - 'temp_prefix' => "temp_file_", - 'client_name' => '' + 'max_size' => 0, + 'max_width' => 0, + 'max_height' => 0, + 'max_filename' => 0, + 'max_filename_increment' => 100, + 'allowed_types' => "", + 'file_temp' => "", + 'file_name' => "", + 'orig_name' => "", + 'file_type' => "", + 'file_size' => "", + 'file_ext' => "", + 'upload_path' => "", + 'overwrite' => FALSE, + 'encrypt_name' => FALSE, + 'is_image' => FALSE, + 'image_width' => '', + 'image_height' => '', + 'image_type' => '', + 'image_size_str' => '', + 'error_msg' => array(), + 'mimes' => array(), + 'remove_spaces' => TRUE, + 'xss_clean' => FALSE, + 'temp_prefix' => "temp_file_", + 'client_name' => '' ); @@ -402,7 +404,7 @@ class CI_Upload { $filename = str_replace($this->file_ext, '', $filename); $new_filename = ''; - for ($i = 1; $i < 100; $i++) + for ($i = 1; $i < $this->max_filename_increment; $i++) { if ( ! file_exists($path.$filename.$i.$this->file_ext)) { |