diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/core/Common.php | 20 | ||||
| -rw-r--r-- | system/core/Config.php | 34 | ||||
| -rw-r--r-- | system/core/Hooks.php | 4 | ||||
| -rw-r--r-- | system/core/Output.php | 183 | ||||
| -rw-r--r-- | system/core/URI.php | 8 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 2 | ||||
| -rw-r--r-- | system/database/DB_forge.php | 2 | ||||
| -rw-r--r-- | system/database/DB_query_builder.php | 86 | ||||
| -rw-r--r-- | system/database/drivers/mysql/mysql_forge.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/postgre/postgre_driver.php | 5 | ||||
| -rw-r--r-- | system/helpers/date_helper.php | 18 | ||||
| -rw-r--r-- | system/helpers/download_helper.php | 2 | ||||
| -rw-r--r-- | system/helpers/form_helper.php | 10 | ||||
| -rw-r--r-- | system/helpers/security_helper.php | 2 | ||||
| -rw-r--r-- | system/helpers/url_helper.php | 23 | ||||
| -rw-r--r-- | system/libraries/Calendar.php | 4 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 26 | ||||
| -rw-r--r-- | system/libraries/Profiler.php | 6 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 16 | ||||
| -rw-r--r-- | system/libraries/Zip.php | 2 |
20 files changed, 340 insertions, 115 deletions
diff --git a/system/core/Common.php b/system/core/Common.php index 1708653e7..c309d4192 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -431,6 +431,7 @@ if ( ! function_exists('set_status_header')) 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', + 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect', @@ -462,18 +463,23 @@ if ( ! function_exists('set_status_header')) 505 => 'HTTP Version Not Supported' ); - if ($code == '' OR ! is_numeric($code)) + if (empty($code) OR ! is_numeric($code)) { show_error('Status codes must be numeric', 500); } - elseif (isset($stati[$code]) && $text === '') - { - $text = $stati[$code]; - } - if ($text === '') + is_int($code) OR $code = (int) $code; + + if (empty($text)) { - show_error('No status text available. Please check your status code number or supply your own message text.', 500); + if (isset($stati[$code])) + { + $text = $stati[$code]; + } + else + { + show_error('No status text available. Please check your status code number or supply your own message text.', 500); + } } $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; diff --git a/system/core/Config.php b/system/core/Config.php index 3de1bcb96..4b4e5a7ba 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -225,25 +225,39 @@ class CI_Config { * Site URL * Returns base_url . index_page [. uri_string] * - * @param string the URI string + * @param mixed the URI string or an array of segments * @return string */ public function site_url($uri = '') { - if ($uri === '') + if (empty($uri)) { return $this->slash_item('base_url').$this->item('index_page'); } + $uri = $this->_uri_string($uri); + if ($this->item('enable_query_strings') === FALSE) { $suffix = ($this->item('url_suffix') === FALSE) ? '' : $this->item('url_suffix'); - return $this->slash_item('base_url').$this->slash_item('index_page').$this->_uri_string($uri).$suffix; + + if ($suffix !== '' && ($offset = strpos($uri, '?')) !== FALSE) + { + $uri = substr($uri, 0, $offset).$suffix.substr($uri, $offset); + } + else + { + $uri .= $suffix; + } + + return $this->slash_item('base_url').$this->slash_item('index_page').$uri; } - else + elseif (strpos($uri, '?') === FALSE) { - return $this->slash_item('base_url').$this->item('index_page').'?'.$this->_uri_string($uri); + $uri = '?'.$uri; } + + return $this->slash_item('base_url').$this->item('index_page').$uri; } // ------------------------------------------------------------- @@ -280,15 +294,7 @@ class CI_Config { } elseif (is_array($uri)) { - $i = 0; - $str = ''; - foreach ($uri as $key => $val) - { - $prefix = ($i === 0) ? '' : '&'; - $str .= $prefix.$key.'='.$val; - $i++; - } - return $str; + return http_build_query($uri); } return $uri; diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 29fd88201..afbf4b453 100644 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -39,7 +39,7 @@ class CI_Hooks { /** - * Determines wether hooks are enabled + * Determines whether hooks are enabled * * @var bool */ @@ -53,7 +53,7 @@ class CI_Hooks { public $hooks = array(); /** - * Determines wether hook is in progress, used to prevent infinte loops + * Determines whether hook is in progress, used to prevent infinte loops * * @var bool */ diff --git a/system/core/Output.php b/system/core/Output.php index 5588ffe8e..ed294f116 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -67,7 +67,14 @@ class CI_Output { public $mimes = array(); /** - * Determines wether profiler is enabled + * Mime-type for the current page + * + * @var string + */ + protected $mime_type = 'text/html'; + + /** + * Determines whether profiler is enabled * * @var book */ @@ -78,7 +85,7 @@ class CI_Output { * * @var bool */ - protected $_zlib_oc = FALSE; + protected $_zlib_oc = FALSE; /** * List of profiler sections @@ -174,7 +181,7 @@ class CI_Output { * how to permit header data to be saved with the cache data... * * @param string - * @param bool + * @param bool * @return void */ public function set_header($header, $replace = TRUE) @@ -218,6 +225,8 @@ class CI_Output { } } + $this->mime_type = $mime_type; + if (empty($charset)) { $charset = config_item('charset'); @@ -292,6 +301,12 @@ class CI_Output { */ public function set_profiler_sections($sections) { + if (isset($sections['query_toggle_count'])) + { + $this->_profiler_sections['query_toggle_count'] = (int) $sections['query_toggle_count']; + unset($sections['query_toggle_count']); + } + foreach ($sections as $section => $enable) { $this->_profiler_sections[$section] = ($enable !== FALSE); @@ -327,7 +342,7 @@ class CI_Output { * with any server headers and profile data. It also stops the * benchmark timer so the page rendering speed and memory usage can be shown. * - * @param string + * @param string * @return mixed */ public function _display($output = '') @@ -353,6 +368,15 @@ class CI_Output { // -------------------------------------------------------------------- + // Is minify requested? + if ($CFG->item('minify_output') === TRUE) + { + $output = $this->minify($output, $this->mime_type); + } + + + // -------------------------------------------------------------------- + // Do we need to write a cache file? Only if the controller does not have its // own _output() method and we are not dealing with a cache file, which we // can determine by the existence of the $CI object above @@ -450,7 +474,7 @@ class CI_Output { /** * Write a Cache File * - * @param string + * @param string * @return void */ public function _write_cache($output) @@ -493,6 +517,9 @@ class CI_Output { @chmod($cache_path, FILE_WRITE_MODE); log_message('debug', 'Cache file written: '.$cache_path); + + // Send HTTP cache-control headers to browser to match file cache settings. + $this->set_cache_header($_SERVER['REQUEST_TIME'], $expire); } // -------------------------------------------------------------------- @@ -500,8 +527,8 @@ class CI_Output { /** * Update/serve a cached file * - * @param object config class - * @param object uri class + * @param object config class + * @param object uri class * @return bool */ public function _display_cache(&$CFG, &$URI) @@ -530,13 +557,22 @@ class CI_Output { return FALSE; } - // Has the file expired? If so we'll delete it. - if (time() >= trim(str_replace('TS--->', '', $match[1])) && is_really_writable($cache_path)) + $last_modified = filemtime($cache_path); + $expire = trim(str_replace('TS--->', '', $match[1])); + + // Has the file expired? + if ($_SERVER['REQUEST_TIME'] >= $expire && is_really_writable($cache_path)) { + // If so we'll delete it. @unlink($filepath); log_message('debug', 'Cache file has expired. File deleted.'); return FALSE; } + else + { + // Or else send the HTTP cache control headers. + $this->set_cache_header($last_modified, $expire); + } // Display the cache $this->_display(str_replace($match[0], '', $cache)); @@ -544,6 +580,135 @@ class CI_Output { return TRUE; } + // -------------------------------------------------------------------- + + /** + * Set the HTTP headers to match the server-side file cache settings + * in order to reduce bandwidth. + * + * @param int timestamp of when the page was last modified + * @param int timestamp of when should the requested page expire from cache + * @return void + */ + public function set_cache_header($last_modified, $expiration) + { + $max_age = $expiration - $_SERVER['REQUEST_TIME']; + + if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && $last_modified <= strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) + { + $this->set_status_header(304); + exit; + } + else + { + header('Pragma: public'); + header('Cache-Control: max-age=' . $max_age . ', public'); + header('Expires: '.gmdate('D, d M Y H:i:s', $expiration).' GMT'); + header('Last-modified: '.gmdate('D, d M Y H:i:s', $last_modified).' GMT'); + } + } + + // -------------------------------------------------------------------- + + /** + * Reduce excessive size of HTML content. + * + * @param string + * @param string + * @return string + */ + public function minify($output, $type = 'text/html') + { + switch ($type) + { + case 'text/html': + + $size_before = strlen($output); + + // Find all the <pre>,<code>,<textarea>, and <javascript> tags + // We'll want to return them to this unprocessed state later. + preg_match_all('{<pre.+</pre>}msU', $output, $pres_clean); + preg_match_all('{<code.+</code>}msU', $output, $codes_clean); + preg_match_all('{<textarea.+</textarea>}msU', $output, $textareas_clean); + preg_match_all('{<script.+</script>}msU', $output, $javascript_clean); + + // Minify the CSS in all the <style> tags. + preg_match_all('{<style.+</style>}msU', $output, $style_clean); + foreach ($style_clean[0] as $s) + { + $output = str_replace($s, $this->minify($s, 'text/css'), $output); + } + + // Minify the javascript in <script> tags. + foreach ($javascript_clean[0] as $s) + { + $javascript_mini[] = $this->minify($s, 'text/javascript'); + } + + // Replace multiple spaces with a single space. + $output = preg_replace('!\s{2,}!', ' ', $output); + + // Remove comments (non-MSIE conditionals) + $output = preg_replace('{\s*<!--[^\[].*-->\s*}msU', '', $output); + + // Remove spaces around block-level elements. + $output = preg_replace('{\s*(</?(html|head|title|meta|script|link|style|body|h[1-6]|div|p|br).*>)\s+}msU', '$1', $output); + + // Replace mangled <pre> etc. tags with unprocessed ones. + + if ( ! empty($pres_clean)) + { + preg_match_all('{<pre.+</pre>}msU', $output, $pres_messed); + $output = str_replace($pres_messed[0], $pres_clean[0], $output); + } + + if ( ! empty($codes_clean)) + { + preg_match_all('{<code.+</code>}msU', $output, $codes_messed); + $output = str_replace($codes_messed[0], $codes_clean[0], $output); + } + + if ( ! empty($codes_clean)) + { + preg_match_all('{<textarea.+</textarea>}msU', $output, $textareas_messed); + $output = str_replace($textareas_messed[0], $textareas_clean[0], $output); + } + + if (isset($javascript_mini)) + { + preg_match_all('{<script.+</script>}msU', $output, $javascript_messed); + $output = str_replace($javascript_messed[0], $javascript_mini, $output); + } + + $size_removed = $size_before - strlen($output); + $savings_percent = round(($size_removed / $size_before * 100)); + + log_message('debug', 'Minifier shaved '.($size_removed / 1000).'KB ('.$savings_percent.'%) off final HTML output.'); + + break; + + case 'text/css': + + //Remove CSS comments + $output = preg_replace('!/\*[^*]*\*+([^/][^*]*\*+)*/!', '', $output); + + // Remove spaces around curly brackets, colons, + // semi-colons, parenthesis, commas + $output = preg_replace('!\s*(:|;|,|}|{|\(|\))\s*!', '$1', $output); + + break; + + case 'text/javascript': + + // Currently leaves JavaScript untouched. + break; + + default: break; + } + + return $output; + } + } /* End of file Output.php */ diff --git a/system/core/URI.php b/system/core/URI.php index a997525ee..6a8b1a5ac 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -278,7 +278,7 @@ class CI_URI { { // preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards // compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern - if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-')).']+$|i', $str)) + if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-')).']+$|i', urldecode($str))) { show_error('The URI you submitted has disallowed characters.', 400); } @@ -302,9 +302,11 @@ class CI_URI { */ public function _remove_url_suffix() { - if ($this->config->item('url_suffix') !== '') + $suffix = (string) $this->config->item('url_suffix'); + + if ($suffix !== '' && ($offset = strrpos($this->uri_string, $suffix)) !== FALSE) { - $this->uri_string = preg_replace('|'.preg_quote($this->config->item('url_suffix')).'$|', '', $this->uri_string); + $this->uri_string = substr_replace($this->uri_string, '', $offset, strlen($suffix)); } } diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index d056bdb90..28d665fdf 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -352,7 +352,7 @@ abstract class CI_DB_driver { $error = $this->error(); // Log errors - log_message('error', 'Query error: '.$error['message']); + log_message('error', 'Query error: '.$error['message'] . ' - Invalid query: ' . $sql); if ($this->db_debug) { diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php index 9b7639289..91f9d560c 100644 --- a/system/database/DB_forge.php +++ b/system/database/DB_forge.php @@ -231,7 +231,7 @@ abstract class CI_DB_forge { if (($result = $this->db->query($sql)) !== FALSE && ! empty($this->db->data_cache['table_names'])) { - $this->db->data_cache['table_names'][] = $$this->db->dbprefix.$table; + $this->db->data_cache['table_names'][] = $this->db->dbprefix.$table; } return $result; diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 488b294e4..531ca9eb7 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -324,10 +324,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param string * @param string the join condition * @param string the type of join - * @param string wether not to try to escape identifiers + * @param string whether not to try to escape identifiers * @return object */ - public function join($table, $cond, $type = '', $escape = TRUE) + public function join($table, $cond, $type = '', $escape = NULL) { if ($type !== '') { @@ -347,6 +347,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // in the protect_identifiers to know whether to add a table prefix $this->_track_aliases($table); + is_bool($escape) OR $escape = $this->_protect_identifiers; + // Split multiple conditions if ($escape === TRUE && preg_match_all('/\sAND\s|\sOR\s/i', $cond, $m, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) { @@ -381,7 +383,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } // Assemble the JOIN statement - $this->qb_join[] = $join = $type.'JOIN '.$this->protect_identifiers($table, TRUE, NULL, FALSE).' ON '.$cond; + $this->qb_join[] = $join = $type.'JOIN '.$table.' ON '.$cond; if ($this->qb_caching === TRUE) { @@ -405,7 +407,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - public function where($key, $value = NULL, $escape = TRUE) + public function where($key, $value = NULL, $escape = NULL) { return $this->_where($key, $value, 'AND ', $escape); } @@ -423,7 +425,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - public function or_where($key, $value = NULL, $escape = TRUE) + public function or_where($key, $value = NULL, $escape = NULL) { return $this->_where($key, $value, 'OR ', $escape); } @@ -451,7 +453,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } // If the escape value was not set will will base it on the global setting - $escape = $this->_protect_identifiers; + is_bool($escape) OR $escape = $this->_protect_identifiers; foreach ($key as $k => $v) { @@ -504,9 +506,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param array The values searched on * @return object */ - public function where_in($key = NULL, $values = NULL) + public function where_in($key = NULL, $values = NULL, $escape = NULL) { - return $this->_where_in($key, $values); + return $this->_where_in($key, $values, FALSE, 'AND ', $escape); } // -------------------------------------------------------------------- @@ -521,9 +523,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param array The values searched on * @return object */ - public function or_where_in($key = NULL, $values = NULL) + public function or_where_in($key = NULL, $values = NULL, $escape = NULL) { - return $this->_where_in($key, $values, FALSE, 'OR '); + return $this->_where_in($key, $values, FALSE, 'OR ', $escape); } // -------------------------------------------------------------------- @@ -538,9 +540,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param array The values searched on * @return object */ - public function where_not_in($key = NULL, $values = NULL) + public function where_not_in($key = NULL, $values = NULL, $escape = NULL) { - return $this->_where_in($key, $values, TRUE); + return $this->_where_in($key, $values, TRUE, 'AND ', $escape); } // -------------------------------------------------------------------- @@ -555,9 +557,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param array The values searched on * @return object */ - public function or_where_not_in($key = NULL, $values = NULL) + public function or_where_not_in($key = NULL, $values = NULL, $escape = NULL) { - return $this->_where_in($key, $values, TRUE, 'OR '); + return $this->_where_in($key, $values, TRUE, 'OR ', $escape); } // -------------------------------------------------------------------- @@ -573,7 +575,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param string * @return object */ - protected function _where_in($key = NULL, $values = NULL, $not = FALSE, $type = 'AND ') + protected function _where_in($key = NULL, $values = NULL, $not = FALSE, $type = 'AND ', $escape = NULL) { if ($key === NULL OR $values === NULL) { @@ -587,6 +589,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $values = array($values); } + is_bool($escape) OR $escape = $this->_protect_identifiers; + $not = ($not) ? ' NOT' : ''; foreach ($values as $value) @@ -595,7 +599,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } $prefix = (count($this->qb_where) === 0) ? '' : $type; - $this->qb_where[] = $where_in = $prefix.$this->protect_identifiers($key).$not.' IN ('.implode(', ', $this->qb_wherein).') '; + $this->qb_where[] = $where_in = $prefix.$this->protect_identifiers($key, FALSE, $escape).$not.' IN ('.implode(', ', $this->qb_wherein).') '; if ($this->qb_caching === TRUE) { @@ -886,7 +890,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - public function having($key, $value = '', $escape = TRUE) + public function having($key, $value = '', $escape = NULL) { return $this->_having($key, $value, 'AND ', $escape); } @@ -903,7 +907,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - public function or_having($key, $value = '', $escape = TRUE) + public function or_having($key, $value = '', $escape = NULL) { return $this->_having($key, $value, 'OR ', $escape); } @@ -921,21 +925,22 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - protected function _having($key, $value = '', $type = 'AND ', $escape = TRUE) + protected function _having($key, $value = '', $type = 'AND ', $escape = NULL) { if ( ! is_array($key)) { $key = array($key => $value); } + is_bool($escape) OR $escape = $this->_protect_identifiers; + foreach ($key as $k => $v) { $prefix = (count($this->qb_having) === 0) ? '' : $type; - if ($escape === TRUE) - { - $k = $this->protect_identifiers($k); - } + $k = $this->_has_operator($k) + ? $this->protect_identifiers(substr($k, 0, strpos(rtrim($k), ' ')), FALSE, $escape).strchr(rtrim($k), ' ') + : $this->protect_identifiers($k, FALSE, $escape); if ( ! $this->_has_operator($k)) { @@ -968,7 +973,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool enable field name escaping * @return object */ - public function order_by($orderby, $direction = '', $escape = TRUE) + public function order_by($orderby, $direction = '', $escape = NULL) { if (strtolower($direction) === 'random') { @@ -980,8 +985,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $direction = in_array(strtoupper(trim($direction)), array('ASC', 'DESC'), TRUE) ? ' '.$direction : ' ASC'; } + is_bool($escape) OR $escape = $this->_protect_identifiers; - if ((strpos($orderby, ',') !== FALSE) && $escape === TRUE) + if ($escape === TRUE && strpos($orderby, ',') !== FALSE) { $temp = array(); foreach (explode(',', $orderby) as $part) @@ -1055,14 +1061,16 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- /** - * The "set" function. Allows key/value pairs to be set for inserting or updating + * The "set" function. + * + * Allows key/value pairs to be set for inserting or updating * * @param mixed * @param string * @param bool * @return object */ - public function set($key, $value = '', $escape = TRUE) + public function set($key, $value = '', $escape = NULL) { $key = $this->_object_to_array($key); @@ -1071,16 +1079,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $key = array($key => $value); } + is_bool($escape) OR $escape = $this->_protect_identifiers; + foreach ($key as $k => $v) { - if ($escape === FALSE) - { - $this->qb_set[$this->protect_identifiers($k)] = $v; - } - else - { - $this->qb_set[$this->protect_identifiers($k, FALSE, TRUE)] = $this->escape($v); - } + $this->qb_set[$this->protect_identifiers($k, FALSE, $escape)] = ($escape) + ? $this->escape($v) : $v; } return $this; @@ -1286,7 +1290,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - public function set_insert_batch($key, $value = '', $escape = TRUE) + public function set_insert_batch($key, $value = '', $escape = NULL) { $key = $this->_object_to_array_batch($key); @@ -1295,6 +1299,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $key = array($key => $value); } + is_bool($escape) OR $escape = $this->_protect_identifiers; + $keys = array_keys($this->_object_to_array(current($key))); sort($keys); @@ -1326,7 +1332,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { foreach ($keys as $k) { - $this->qb_keys[] = $this->protect_identifiers($k); + $this->qb_keys[] = $this->protect_identifiers($k, FALSE, $escape); } return $this; @@ -1725,7 +1731,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - public function set_update_batch($key, $index = '', $escape = TRUE) + public function set_update_batch($key, $index = '', $escape = NULL) { $key = $this->_object_to_array_batch($key); @@ -1734,6 +1740,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // @todo error } + is_bool($escape) OR $escape = $this->_protect_identifiers; + foreach ($key as $k => $v) { $index_set = FALSE; @@ -1745,7 +1753,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $index_set = TRUE; } - $clean[$this->protect_identifiers($k2)] = ($escape === FALSE) ? $v2 : $this->escape($v2); + $clean[$this->protect_identifiers($k2, FALSE, $escape)] = ($escape === FALSE) ? $v2 : $this->escape($v2); } if ($index_set === FALSE) diff --git a/system/database/drivers/mysql/mysql_forge.php b/system/database/drivers/mysql/mysql_forge.php index d22454d84..2ac75bad2 100644 --- a/system/database/drivers/mysql/mysql_forge.php +++ b/system/database/drivers/mysql/mysql_forge.php @@ -62,7 +62,7 @@ class CI_DB_mysql_forge extends CI_DB_forge { $sql .= "\n\t".$this->db->escape_identifiers($field); - empty($attributes['NAME']) OR ' '.$this->db->escape_identifiers($attributes['NAME']).' '; + empty($attributes['NAME']) OR $sql .= ' '.$this->db->escape_identifiers($attributes['NAME']).' '; if ( ! empty($attributes['TYPE'])) { diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index ad9ac9000..3d25b25ee 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -606,10 +606,7 @@ class CI_DB_postgre_driver extends CI_DB { } // If the escape value was not set will will base it on the global setting - if ( ! is_bool($escape)) - { - $escape = $this->_protect_identifiers; - } + is_bool($escape) OR $escape = $this->_protect_identifiers; foreach ($key as $k => $v) { diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php index 077a6712c..cafb6ba95 100644 --- a/system/helpers/date_helper.php +++ b/system/helpers/date_helper.php @@ -304,13 +304,13 @@ if ( ! function_exists('local_to_gmt')) $time = time(); } - return gmmktime( - date('G', $time), - date('i', $time), - date('s', $time), - date('n', $time), - date('j', $time), - date('Y', $time) + return mktime( + gmdate('G', $time), + gmdate('i', $time), + gmdate('s', $time), + gmdate('n', $time), + gmdate('j', $time), + gmdate('Y', $time) ); } } @@ -488,6 +488,10 @@ if ( ! function_exists('nice_date')) { return 'Unknown'; } + elseif (empty($format)) + { + $format = 'U'; + } // Date like: YYYYMM if (preg_match('/^\d{6}$/i', $bad_date)) diff --git a/system/helpers/download_helper.php b/system/helpers/download_helper.php index 5efbc4930..09c4de578 100644 --- a/system/helpers/download_helper.php +++ b/system/helpers/download_helper.php @@ -46,7 +46,7 @@ if ( ! function_exists('force_download')) * * @param string filename * @param mixed the data to be downloaded - * @param bool wether to try and send the actual file MIME type + * @param bool whether to try and send the actual file MIME type * @return void */ function force_download($filename = '', $data = '', $set_mime = FALSE) diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php index 984634315..0c5d55037 100644 --- a/system/helpers/form_helper.php +++ b/system/helpers/form_helper.php @@ -62,9 +62,11 @@ if ( ! function_exists('form_open')) { $action = $CI->config->site_url($action); } - - // If no action is provided then set to the current url - $action OR $action = $CI->config->site_url($CI->uri->uri_string()); + elseif ( ! $action) + { + // If no action is provided then set to the current url + $action = $CI->config->site_url($CI->uri->uri_string()); + } $form = '<form action="'.$action.'"'._attributes_to_string($attributes, TRUE).">\n"; @@ -76,7 +78,7 @@ if ( ! function_exists('form_open')) if (is_array($hidden) && count($hidden) > 0) { - $form .= sprintf('<div style="display:none;">%s</div>', form_hidden($hidden)); + $form .= '<div style="display:none;">'.form_hidden($hidden).'</div>'; } return $form; diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 3e6e91435..7fcb18437 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -123,7 +123,7 @@ if ( ! function_exists('encode_php_tags')) */ function encode_php_tags($str) { - return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); + return str_replace(array('<?', '?>'), array('<?', '?>'), $str); } } diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 2bd41b04d..40ce807df 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -199,26 +199,33 @@ if ( ! function_exists('anchor_popup')) if ($attributes === FALSE) { - return '<a href="javascript:void(0);" onclick="window.open(\''.$site_url."', '_blank');\">".$title.'</a>'; + return '<a href="'.$site_url.'" onclick="window.open(\''.$site_url."', '_blank'); return false;\">".$title.'</a>'; } if ( ! is_array($attributes)) { - $attributes = array(); + $attributes = array($attributes); + + // Ref: http://www.w3schools.com/jsref/met_win_open.asp + $window_name = '_blank'; + } + elseif ( ! empty($attributes['window_name'])) + { + $window_name = $attributes['window_name']; + unset($attributes['window_name']); } - foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0', ) as $key => $val) + foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val) { $atts[$key] = isset($attributes[$key]) ? $attributes[$key] : $val; unset($attributes[$key]); } - if ($attributes !== '') - { - $attributes = _parse_attributes($attributes); - } + $attributes = empty($attributes) ? '' : _parse_attributes($attributes); - return '<a href="javascript:void(0);" onclick="window.open(\''.$site_url."', '_blank', '"._parse_attributes($atts, TRUE)."');\"".$attributes.'>'.$title.'</a>'; + return '<a href="'.$site_url + .'" onclick="window.open(\''.$site_url."', '".$window_name."', '"._parse_attributes($atts, TRUE)."'); return false;\"" + .$attributes.'>'.$title.'</a>'; } } diff --git a/system/libraries/Calendar.php b/system/libraries/Calendar.php index 969a7610a..a49f171b9 100644 --- a/system/libraries/Calendar.php +++ b/system/libraries/Calendar.php @@ -155,7 +155,7 @@ class CI_Calendar { public function generate($year = '', $month = '', $data = array()) { // Set and validate the supplied month/year - if ($year === '') + if (empty($year)) { $year = date('Y', $this->local_time); } @@ -168,7 +168,7 @@ class CI_Calendar { $year = '20'.$year; } - if ($month === '') + if (empty($month)) { $month = date('m', $this->local_time); } diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 6cbe032c7..fb1c69caf 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -993,15 +993,19 @@ class CI_Form_validation { * Minimum Length * * @param string - * @param int + * @param string * @return bool */ public function min_length($str, $val) { - if (preg_match('/[^0-9]/', $val)) + if ( ! is_numeric($val)) { return FALSE; } + else + { + $val = (int) $val; + } return (MB_ENABLED === TRUE) ? ($val <= mb_strlen($str)) @@ -1014,15 +1018,19 @@ class CI_Form_validation { * Max Length * * @param string - * @param int + * @param string * @return bool */ public function max_length($str, $val) { - if (preg_match('/[^0-9]/', $val)) + if ( ! is_numeric($val)) { return FALSE; } + else + { + $val = (int) $val; + } return (MB_ENABLED === TRUE) ? ($val >= mb_strlen($str)) @@ -1035,15 +1043,19 @@ class CI_Form_validation { * Exact Length * * @param string - * @param int + * @param string * @return bool */ public function exact_length($str, $val) { - if (preg_match('/[^0-9]/', $val)) + if ( ! is_numeric($val)) { return FALSE; } + else + { + $val = (int) $val; + } return (MB_ENABLED === TRUE) ? (mb_strlen($str) === $val) @@ -1370,7 +1382,7 @@ class CI_Form_validation { */ public function encode_php_tags($str) { - return str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $str); + return str_replace(array('<?', '?>'), array('<?', '?>'), $str); } // -------------------------------------------------------------------- diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index d96088c14..1e961f6df 100644 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -116,6 +116,12 @@ class CI_Profiler { */ public function set_sections($config) { + if (isset($config['query_toggle_count'])) + { + $this->_query_toggle_count = (int) $config['query_toggle_count']; + unset($config['query_toggle_count']); + } + foreach ($config as $method => $enable) { if (in_array($method, $this->_available_sections)) diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index c96daaf15..d381440cd 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -59,6 +59,7 @@ class CI_Upload { public $error_msg = array(); public $mimes = array(); public $remove_spaces = TRUE; + public $detect_mime = TRUE; public $xss_clean = FALSE; public $temp_prefix = 'temp_file_'; public $client_name = ''; @@ -116,6 +117,7 @@ class CI_Upload { 'image_size_str' => '', 'error_msg' => array(), 'remove_spaces' => TRUE, + 'detect_mime' => TRUE, 'xss_clean' => FALSE, 'temp_prefix' => 'temp_file_', 'client_name' => '' @@ -209,7 +211,13 @@ class CI_Upload { // Set the uploaded data as class variables $this->file_temp = $_FILES[$field]['tmp_name']; $this->file_size = $_FILES[$field]['size']; - $this->_file_mime_type($_FILES[$field]); + + // Skip MIME type detection? + if ($this->detect_mime !== FALSE) + { + $this->_file_mime_type($_FILES[$field]); + } + $this->file_type = preg_replace('/^(.+?);.*$/', '\\1', $this->file_type); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); @@ -990,7 +998,7 @@ class CI_Upload { */ if (function_exists('finfo_file')) { - $finfo = finfo_open(FILEINFO_MIME); + $finfo = @finfo_open(FILEINFO_MIME); if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system { $mime = @finfo_file($finfo, $file['tmp_name']); @@ -1021,7 +1029,9 @@ class CI_Upload { */ if (DIRECTORY_SEPARATOR !== '\\') { - $cmd = 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1'; + $cmd = function_exists('escapeshellarg') + ? 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1' + : 'file --brief --mime '.$file['tmp_name'].' 2>&1'; if (function_exists('exec')) { diff --git a/system/libraries/Zip.php b/system/libraries/Zip.php index e0dc637ad..5c4c257f8 100644 --- a/system/libraries/Zip.php +++ b/system/libraries/Zip.php @@ -40,7 +40,7 @@ * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/zip.html */ -class CI_Zip { +class CI_Zip { /** * Zip data in string form |