summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/database/DB_driver.php8
-rw-r--r--system/database/DB_query_builder.php21
-rw-r--r--system/helpers/captcha_helper.php45
-rw-r--r--system/helpers/form_helper.php4
-rw-r--r--system/helpers/inflector_helper.php2
-rw-r--r--system/helpers/text_helper.php21
-rw-r--r--system/libraries/Form_validation.php8
-rw-r--r--system/libraries/Upload.php6
8 files changed, 72 insertions, 43 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 1b52bf3b8..43e8eeac6 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1504,11 +1504,11 @@ abstract class CI_DB_driver {
'\s*>\s*', // >
'\s+IS NULL', // IS NULL
'\s+IS NOT NULL', // IS NOT NULL
- '\s+EXISTS\s*\([^\)]+\)', // EXISTS(sql)
- '\s+NOT EXISTS\s*\([^\)]+\)', // NOT EXISTS(sql)
+ '\s+EXISTS\s*\(.*\)', // EXISTS(sql)
+ '\s+NOT EXISTS\s*\(.*\)', // NOT EXISTS(sql)
'\s+BETWEEN\s+', // BETWEEN value AND value
- '\s+IN\s*\([^\)]+\)', // IN(list)
- '\s+NOT IN\s*\([^\)]+\)', // NOT IN (list)
+ '\s+IN\s*\(.*\)', // IN(list)
+ '\s+NOT IN\s*\(.*\)', // NOT IN (list)
'\s+LIKE\s+\S.*('.$_les.')?', // LIKE 'expr'[ ESCAPE '%s']
'\s+NOT LIKE\s+\S.*('.$_les.')?' // NOT LIKE 'expr'[ ESCAPE '%s']
);
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 00c5394e2..d6f35e0df 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -542,9 +542,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$s = $m[0][$i][1] + strlen($m[0][$i][0]), $i++)
{
$temp = substr($cond, $s, ($m[0][$i][1] - $s));
-
- $newcond .= preg_match("/([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match)
- ? $this->protect_identifiers($match[1]).$match[2].$this->protect_identifiers($match[3])
+ $newcond .= preg_match("/(\(*)?([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $temp, $match)
+ ? $match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4])
: $temp;
$newcond .= $m[0][$i][0];
@@ -553,9 +552,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$cond = ' ON '.$newcond;
}
// Split apart the condition and protect the identifiers
- elseif ($escape === TRUE && preg_match("/([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match))
+ elseif ($escape === TRUE && preg_match("/(\(*)?([\[\]\w\.'-]+)(\s*[^\"\[`'\w]+\s*)(.+)/i", $cond, $match))
{
- $cond = ' ON '.$this->protect_identifiers($match[1]).$match[2].$this->protect_identifiers($match[3]);
+ $cond = ' ON '.$match[1].$this->protect_identifiers($match[2]).$match[3].$this->protect_identifiers($match[4]);
}
elseif ( ! $this->_has_operator($cond))
{
@@ -1458,7 +1457,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
* @param bool $escape Whether to escape values and identifiers
* @return int Number of rows inserted or FALSE on failure
*/
- public function insert_batch($table, $set = NULL, $escape = NULL)
+ public function insert_batch($table, $set = NULL, $escape = NULL, $batch_size = 100)
{
if ($set === NULL)
{
@@ -1489,9 +1488,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
// Batch this baby
$affected_rows = 0;
- for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100)
+ for ($i = 0, $total = count($this->qb_set); $i < $total; $i += $batch_size)
{
- $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, $escape, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100)));
+ $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, $escape, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, $batch_size)));
$affected_rows += $this->affected_rows();
}
@@ -1865,7 +1864,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
* @param string the where key
* @return int number of rows affected or FALSE on failure
*/
- public function update_batch($table, $set = NULL, $index = NULL)
+ public function update_batch($table, $set = NULL, $index = NULL, $batch_size = 100)
{
// Combine any cached components with the current statements
$this->_merge_cache();
@@ -1904,9 +1903,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
// Batch this baby
$affected_rows = 0;
- for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100)
+ for ($i = 0, $total = count($this->qb_set); $i < $total; $i += $batch_size)
{
- $this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, 100), $this->protect_identifiers($index)));
+ $this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, $batch_size), $this->protect_identifiers($index)));
$affected_rows += $this->affected_rows();
$this->qb_where = array();
}
diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php
index fd1b8f1ed..3c1e006f8 100644
--- a/system/helpers/captcha_helper.php
+++ b/system/helpers/captcha_helper.php
@@ -171,35 +171,36 @@ if ( ! function_exists('create_captcha'))
$byte_index = $word_index = 0;
while ($word_index < $word_length)
{
- list(, $rand_index) = unpack('C', $bytes[$byte_index++]);
- if ($rand_index > $rand_max)
+ // Do we have more random data to use?
+ // It could be exhausted by previous iterations
+ // ignoring bytes higher than $rand_max.
+ if ($byte_index === $pool_length)
{
- // Was this the last byte we have?
- // If so, try to fetch more.
- if ($byte_index === $pool_length)
+ // No failures should be possible if the
+ // first get_random_bytes() call didn't
+ // return FALSE, but still ...
+ for ($i = 0; $i < 5; $i++)
{
- // No failures should be possible if
- // the first get_random_bytes() call
- // didn't return FALSE, but still ...
- for ($i = 0; $i < 5; $i++)
+ if (($bytes = $security->get_random_bytes($pool_length)) === FALSE)
{
- if (($bytes = $security->get_random_bytes($pool_length)) === FALSE)
- {
- continue;
- }
-
- $byte_index = 0;
- break;
+ continue;
}
- if ($bytes === FALSE)
- {
- // Sadly, this means fallback to mt_rand()
- $word = '';
- break;
- }
+ $byte_index = 0;
+ break;
+ }
+
+ if ($bytes === FALSE)
+ {
+ // Sadly, this means fallback to mt_rand()
+ $word = '';
+ break;
}
+ }
+ list(, $rand_index) = unpack('C', $bytes[$byte_index++]);
+ if ($rand_index > $rand_max)
+ {
continue;
}
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 04778b084..3e1039525 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -791,7 +791,7 @@ if ( ! function_exists('set_checkbox'))
// Unchecked checkbox and radio inputs are not even submitted by browsers ...
if ($CI->input->method() === 'post')
{
- return ($input === 'value') ? ' checked="checked"' : '';
+ return ($input === $value) ? ' checked="checked"' : '';
}
return ($default === TRUE) ? ' checked="checked"' : '';
@@ -843,7 +843,7 @@ if ( ! function_exists('set_radio'))
// Unchecked checkbox and radio inputs are not even submitted by browsers ...
if ($CI->input->method() === 'post')
{
- return ($input === 'value') ? ' checked="checked"' : '';
+ return ($input === $value) ? ' checked="checked"' : '';
}
return ($default === TRUE) ? ' checked="checked"' : '';
diff --git a/system/helpers/inflector_helper.php b/system/helpers/inflector_helper.php
index 96b723c8d..c064d8de4 100644
--- a/system/helpers/inflector_helper.php
+++ b/system/helpers/inflector_helper.php
@@ -219,7 +219,7 @@ if ( ! function_exists('humanize'))
*/
function humanize($str, $separator = '_')
{
- return ucwords(preg_replace('/['.$separator.']+/', ' ', trim(MB_ENABLED ? mb_strtolower($str) : strtolower($str))));
+ return ucwords(preg_replace('/['.preg_quote($separator).']+/', ' ', trim(MB_ENABLED ? mb_strtolower($str) : strtolower($str))));
}
}
diff --git a/system/helpers/text_helper.php b/system/helpers/text_helper.php
index 1fdbedda5..4f9210f2d 100644
--- a/system/helpers/text_helper.php
+++ b/system/helpers/text_helper.php
@@ -275,13 +275,28 @@ if ( ! function_exists('word_censor'))
foreach ($censored as $badword)
{
+ $badword = str_replace('\*', '\w*?', preg_quote($badword, '/'));
if ($replacement !== '')
{
- $str = preg_replace("/({$delim})(".str_replace('\*', '\w*?', preg_quote($badword, '/')).")({$delim})/i", "\\1{$replacement}\\3", $str);
+ $str = preg_replace(
+ "/({$delim})(".$badword.")({$delim})/i",
+ "\\1{$replacement}\\3",
+ $str
+ );
}
- else
+ elseif (preg_match_all("/{$delim}(".$badword."){$delim}/i", $str, $matches, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE))
{
- $str = preg_replace("/({$delim})(".str_replace('\*', '\w*?', preg_quote($badword, '/')).")({$delim})/ie", "'\\1'.str_repeat('#', strlen('\\2')).'\\3'", $str);
+ $matches = $matches[1];
+ for ($i = count($matches) - 1; $i >= 0; $i--)
+ {
+ $length = strlen($matches[$i][0]);
+ $str = substr_replace(
+ $str,
+ str_repeat('#', $length),
+ $matches[$i][1],
+ $length
+ );
+ }
}
}
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 31632762d..ea3bc6de7 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1214,6 +1214,14 @@ class CI_Form_validation {
$str = $matches[2];
}
+ // PHP 7 accepts IPv6 addresses within square brackets as hostnames,
+ // but it appears that the PR that came in with https://bugs.php.net/bug.php?id=68039
+ // was never merged into a PHP 5 branch ... https://3v4l.org/8PsSN
+ if (preg_match('/^\[([^\]]+)\]/', $str, $matches) && ! is_php('7') && filter_var($matches[1], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== FALSE)
+ {
+ $str = 'ipv6.host'.substr($str, strlen($matches[1]) + 2);
+ }
+
$str = 'http://'.$str;
// There's a bug affecting PHP 5.2.13, 5.3.2 that considers the
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 15caebebe..f2418378b 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -526,6 +526,12 @@ class CI_Upload {
$this->file_name = preg_replace('/\s+/', '_', $this->file_name);
}
+ if ($this->file_ext_tolower && ($ext_length = strlen($this->file_ext)))
+ {
+ // file_ext was previously lower-cased by a get_extension() call
+ $this->file_name = substr($this->file_name, 0, -$ext_length).$this->file_ext;
+ }
+
/*
* Validate the file name
* This function appends an number onto the end of