diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/core/Common.php | 8 | ||||
-rw-r--r-- | system/core/Exceptions.php | 1 | ||||
-rw-r--r-- | system/database/DB_driver.php | 2 | ||||
-rw-r--r-- | system/database/DB_forge.php | 4 | ||||
-rw-r--r-- | system/database/drivers/ibase/ibase_forge.php | 2 | ||||
-rw-r--r-- | system/database/drivers/pdo/subdrivers/pdo_firebird_forge.php | 2 | ||||
-rw-r--r-- | system/database/drivers/pdo/subdrivers/pdo_sqlite_forge.php | 4 | ||||
-rw-r--r-- | system/database/drivers/sqlite/sqlite_forge.php | 4 | ||||
-rw-r--r-- | system/database/drivers/sqlite3/sqlite3_forge.php | 4 | ||||
-rw-r--r-- | system/helpers/captcha_helper.php | 3 | ||||
-rw-r--r-- | system/helpers/inflector_helper.php | 33 | ||||
-rw-r--r-- | system/libraries/Encryption.php | 2 | ||||
-rw-r--r-- | system/libraries/Session/Session.php | 36 | ||||
-rw-r--r-- | system/libraries/Session/drivers/Session_files_driver.php | 45 | ||||
-rw-r--r-- | system/libraries/Table.php | 1 | ||||
-rw-r--r-- | system/libraries/Xmlrpc.php | 5 |
16 files changed, 128 insertions, 28 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 2c7651943..91c585f7d 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -544,13 +544,18 @@ if ( ! function_exists('set_status_header')) 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', 422 => 'Unprocessable Entity', + 426 => 'Upgrade Required', + 428 => 'Precondition Required', + 429 => 'Too Many Requests', + 431 => 'Request Header Fields Too Large', 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Timeout', - 505 => 'HTTP Version Not Supported' + 505 => 'HTTP Version Not Supported', + 511 => 'Network Authentication Required', ); if (isset($stati[$code])) @@ -656,6 +661,7 @@ if ( ! function_exists('_exception_handler')) $_error =& load_class('Exceptions', 'core'); $_error->log_exception('error', 'Exception: '.$exception->getMessage(), $exception->getFile(), $exception->getLine()); + is_cli() OR set_status_header(500); // Should we display the error? if (str_ireplace(array('off', 'none', 'no', 'false', 'null'), '', ini_get('display_errors'))) { diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index a1c6a1970..4e10f2831 100644 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -207,7 +207,6 @@ class CI_Exceptions { } else { - set_status_header(500); $templates_path .= 'html'.DIRECTORY_SEPARATOR; } diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 848516adc..7ae52a307 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -980,7 +980,7 @@ abstract class CI_DB_driver { */ public function compile_binds($sql, $binds) { - if (empty($binds) OR empty($this->bind_marker) OR strpos($sql, $this->bind_marker) === FALSE) + if (empty($this->bind_marker) OR strpos($sql, $this->bind_marker) === FALSE) { return $sql; } diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php index 826aa1ebf..ed6f4b672 100644 --- a/system/database/DB_forge.php +++ b/system/database/DB_forge.php @@ -184,7 +184,7 @@ abstract class CI_DB_forge { { return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE; } - elseif ( ! $this->db->query(sprintf($this->_create_database, $db_name, $this->db->char_set, $this->db->dbcollat))) + elseif ( ! $this->db->query(sprintf($this->_create_database, $this->db->escape_identifiers($db_name), $this->db->char_set, $this->db->dbcollat))) { return ($this->db->db_debug) ? $this->db->display_error('db_unable_to_drop') : FALSE; } @@ -211,7 +211,7 @@ abstract class CI_DB_forge { { return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE; } - elseif ( ! $this->db->query(sprintf($this->_drop_database, $db_name))) + elseif ( ! $this->db->query(sprintf($this->_drop_database, $this->db->escape_identifiers($db_name)))) { return ($this->db->db_debug) ? $this->db->display_error('db_unable_to_drop') : FALSE; } diff --git a/system/database/drivers/ibase/ibase_forge.php b/system/database/drivers/ibase/ibase_forge.php index 9c358c365..b35cc3749 100644 --- a/system/database/drivers/ibase/ibase_forge.php +++ b/system/database/drivers/ibase/ibase_forge.php @@ -111,7 +111,7 @@ class CI_DB_ibase_forge extends CI_DB_forge { * @param string $db_name (ignored) * @return bool */ - public function drop_database($db_name = '') + public function drop_database($db_name) { if ( ! ibase_drop_db($this->conn_id)) { diff --git a/system/database/drivers/pdo/subdrivers/pdo_firebird_forge.php b/system/database/drivers/pdo/subdrivers/pdo_firebird_forge.php index 256fa1413..50df76905 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_firebird_forge.php +++ b/system/database/drivers/pdo/subdrivers/pdo_firebird_forge.php @@ -97,7 +97,7 @@ class CI_DB_pdo_firebird_forge extends CI_DB_pdo_forge { * @param string $db_name (ignored) * @return bool */ - public function drop_database($db_name = '') + public function drop_database($db_name) { if ( ! ibase_drop_db($this->conn_id)) { diff --git a/system/database/drivers/pdo/subdrivers/pdo_sqlite_forge.php b/system/database/drivers/pdo/subdrivers/pdo_sqlite_forge.php index f6f9bb481..b124bcad1 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_sqlite_forge.php +++ b/system/database/drivers/pdo/subdrivers/pdo_sqlite_forge.php @@ -101,7 +101,7 @@ class CI_DB_pdo_sqlite_forge extends CI_DB_pdo_forge { * @param string $db_name (ignored) * @return bool */ - public function create_database($db_name = '') + public function create_database($db_name) { // In SQLite, a database is created when you connect to the database. // We'll return TRUE so that an error isn't generated @@ -116,7 +116,7 @@ class CI_DB_pdo_sqlite_forge extends CI_DB_pdo_forge { * @param string $db_name (ignored) * @return bool */ - public function drop_database($db_name = '') + public function drop_database($db_name) { // In SQLite, a database is dropped when we delete a file if (file_exists($this->db->database)) diff --git a/system/database/drivers/sqlite/sqlite_forge.php b/system/database/drivers/sqlite/sqlite_forge.php index 8a1659430..3ad3477e4 100644 --- a/system/database/drivers/sqlite/sqlite_forge.php +++ b/system/database/drivers/sqlite/sqlite_forge.php @@ -75,7 +75,7 @@ class CI_DB_sqlite_forge extends CI_DB_forge { * @param string $db_name (ignored) * @return bool */ - public function create_database($db_name = '') + public function create_database($db_name) { // In SQLite, a database is created when you connect to the database. // We'll return TRUE so that an error isn't generated @@ -90,7 +90,7 @@ class CI_DB_sqlite_forge extends CI_DB_forge { * @param string $db_name (ignored) * @return bool */ - public function drop_database($db_name = '') + public function drop_database($db_name) { if ( ! file_exists($this->db->database) OR ! @unlink($this->db->database)) { diff --git a/system/database/drivers/sqlite3/sqlite3_forge.php b/system/database/drivers/sqlite3/sqlite3_forge.php index 43cbe33e5..c45472f54 100644 --- a/system/database/drivers/sqlite3/sqlite3_forge.php +++ b/system/database/drivers/sqlite3/sqlite3_forge.php @@ -87,7 +87,7 @@ class CI_DB_sqlite3_forge extends CI_DB_forge { * @param string $db_name * @return bool */ - public function create_database($db_name = '') + public function create_database($db_name) { // In SQLite, a database is created when you connect to the database. // We'll return TRUE so that an error isn't generated @@ -102,7 +102,7 @@ class CI_DB_sqlite3_forge extends CI_DB_forge { * @param string $db_name (ignored) * @return bool */ - public function drop_database($db_name = '') + public function drop_database($db_name) { // In SQLite, a database is dropped when we delete a file if (file_exists($this->db->database)) diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 3c1e006f8..f2ff4dccf 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -110,7 +110,8 @@ if ( ! function_exists('create_captcha')) $current_dir = @opendir($img_path); while ($filename = @readdir($current_dir)) { - if (substr($filename, -4) === '.jpg' && (str_replace('.jpg', '', $filename) + $expiration) < $now) + if (in_array(substr($filename, -4), array('.jpg', '.png')) + && (str_replace(array('.jpg', '.png'), '', $filename) + $expiration) < $now) { @unlink($img_path.$filename); } diff --git a/system/helpers/inflector_helper.php b/system/helpers/inflector_helper.php index c064d8de4..6dc3b5030 100644 --- a/system/helpers/inflector_helper.php +++ b/system/helpers/inflector_helper.php @@ -238,8 +238,37 @@ if ( ! function_exists('is_countable')) return ! in_array( strtolower($word), array( - 'equipment', 'information', 'rice', 'money', - 'species', 'series', 'fish', 'meta' + 'audio', + 'bison', + 'chassis', + 'compensation', + 'coreopsis', + 'data', + 'deer', + 'education', + 'emoji', + 'equipment', + 'fish', + 'furniture', + 'gold', + 'information', + 'knowledge', + 'love', + 'rain', + 'money', + 'moose', + 'nutrition', + 'offspring', + 'plankton', + 'pokemon', + 'police', + 'rice', + 'series', + 'sheep', + 'species', + 'swine', + 'traffic', + 'wheat', ) ); } diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index 06284c2ed..545081b3b 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -907,7 +907,7 @@ class CI_Encryption { * Byte-safe strlen() * * @param string $str - * @return integer + * @return int */ protected static function strlen($str) { diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 3b391a8ef..5aac12f36 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -57,6 +57,7 @@ class CI_Session { protected $_driver = 'files'; protected $_config; + protected $_sid_regexp; // ------------------------------------------------------------------------ @@ -99,6 +100,7 @@ class CI_Session { // Configuration ... $this->_configure($params); + $this->_config['_sid_regexp'] = $this->_sid_regexp; $class = new $class($this->_config); if ($class instanceof SessionHandlerInterface) @@ -131,7 +133,7 @@ class CI_Session { if (isset($_COOKIE[$this->_config['cookie_name']]) && ( ! is_string($_COOKIE[$this->_config['cookie_name']]) - OR ! preg_match('/^[0-9a-f]{40}$/', $_COOKIE[$this->_config['cookie_name']]) + OR ! preg_match('#\A'.$this->_sid_regexp.'\z#', $_COOKIE[$this->_config['cookie_name']]) ) ) { @@ -315,8 +317,36 @@ class CI_Session { ini_set('session.use_strict_mode', 1); ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); - ini_set('session.hash_function', 1); - ini_set('session.hash_bits_per_character', 4); + + if (PHP_VERSION_ID < 70100) + { + if ((int) ini_get('session.hash_function') === 0) + { + ini_set('session.hash_function', 1); + ini_set('session.hash_bits_per_character', $bits_per_character = 4); + } + else + { + $bits_per_character = (int) ini_get('session.hash_bits_per_character'); + } + } + elseif ((int) ini_get('session.sid_length') < 40 && ($bits_per_character = (int) ini_get('session.sid_bits_per_character')) === 4) + { + ini_set('session.sid_length', 40); + } + + switch ($bits_per_character) + { + case 4: + $this->_sid_regexp = '[0-9a-f]{40,}'; + break; + case 5: + $this->_sid_regexp = '[0-9a-v]{40,}'; + break; + case 6: + $this->_sid_regexp = '[0-9a-zA-Z,-]{40,}'; + break; + } } // ------------------------------------------------------------------------ diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index bf4df8b20..37315d3cd 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -76,6 +76,20 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle */ protected $_file_new; + /** + * Validate SID regular expression + * + * @var string + */ + protected $_sid_regexp; + + /** + * mbstring.func_override flag + * + * @var bool + */ + protected static $func_override; + // ------------------------------------------------------------------------ /** @@ -98,6 +112,10 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle log_message('debug', 'Session: "sess_save_path" is empty; using "session.save_path" value from php.ini.'); $this->_config['save_path'] = rtrim(ini_get('session.save_path'), '/\\'); } + + $this->_sid_regexp = $this->_config['_sid_regexp']; + + isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override')); } // ------------------------------------------------------------------------ @@ -187,7 +205,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle } $session_data = ''; - for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += strlen($buffer)) + for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += self::strlen($buffer)) { if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE) { @@ -343,10 +361,13 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle $ts = time() - $maxlifetime; + $pattern = ($this->_config['match_ip'] === TRUE) + ? '[0-9a-f]{32}' + : ''; + $pattern = sprintf( - '/^%s[0-9a-f]{%d}$/', - preg_quote($this->_config['cookie_name'], '/'), - ($this->_config['match_ip'] === TRUE ? 72 : 40) + '#\A%s'.$pattern.$this->_sid_regexp.'\z#', + preg_quote($this->_config['cookie_name']) ); while (($file = readdir($directory)) !== FALSE) @@ -368,4 +389,18 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle return $this->_success; } -}
\ No newline at end of file + // -------------------------------------------------------------------- + + /** + * Byte-safe strlen() + * + * @param string $str + * @return int + */ + protected static function strlen($str) + { + return (self::$func_override) + ? mb_strlen($str, '8bit') + : strlen($str); + } +} diff --git a/system/libraries/Table.php b/system/libraries/Table.php index 3bce294d8..f2fa434d9 100644 --- a/system/libraries/Table.php +++ b/system/libraries/Table.php @@ -277,6 +277,7 @@ class CI_Table { public function set_caption($caption) { $this->caption = $caption; + return $this; } // -------------------------------------------------------------------- diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php index 181a104d0..7186646da 100644 --- a/system/libraries/Xmlrpc.php +++ b/system/libraries/Xmlrpc.php @@ -735,6 +735,8 @@ class XML_RPC_Client extends CI_Xmlrpc .'Content-Length: '.strlen($msg->payload).$r.$r .$msg->payload; + stream_set_timeout($fp, $this->timeout); // set timeout for subsequent operations + for ($written = $timestamp = 0, $length = strlen($op); $written < $length; $written += $result) { if (($result = fwrite($fp, substr($op, $written))) === FALSE) @@ -753,9 +755,6 @@ class XML_RPC_Client extends CI_Xmlrpc $result = FALSE; break; } - - usleep(250000); - continue; } else { |