summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/core/CodeIgniter.php41
-rw-r--r--system/core/Common.php174
-rw-r--r--system/core/Config.php38
-rw-r--r--system/core/Exceptions.php53
-rw-r--r--system/core/Input.php58
-rw-r--r--system/core/Loader.php130
-rw-r--r--system/core/Log.php3
-rw-r--r--system/core/Output.php181
-rw-r--r--system/core/Router.php41
-rw-r--r--system/core/Security.php53
-rw-r--r--system/core/URI.php19
-rw-r--r--system/database/DB.php5
-rw-r--r--system/database/DB_driver.php21
-rw-r--r--system/database/DB_forge.php21
-rw-r--r--system/database/DB_query_builder.php32
-rw-r--r--system/database/drivers/mysql/mysql_driver.php14
-rw-r--r--system/database/drivers/mysqli/mysqli_driver.php41
-rw-r--r--system/database/drivers/oci8/oci8_driver.php4
-rw-r--r--system/database/drivers/oci8/oci8_result.php2
-rw-r--r--system/database/drivers/pdo/pdo_driver.php4
-rw-r--r--system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php21
-rw-r--r--system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php4
-rw-r--r--system/database/drivers/postgre/postgre_driver.php12
-rw-r--r--system/helpers/captcha_helper.php24
-rw-r--r--system/helpers/form_helper.php194
-rw-r--r--system/helpers/url_helper.php18
-rw-r--r--system/libraries/Cache/Cache.php3
-rw-r--r--system/libraries/Cache/drivers/Cache_apc.php2
-rw-r--r--system/libraries/Cache/drivers/Cache_memcached.php2
-rw-r--r--system/libraries/Cache/drivers/Cache_redis.php26
-rw-r--r--system/libraries/Cache/drivers/Cache_wincache.php2
-rw-r--r--system/libraries/Email.php27
-rw-r--r--system/libraries/Form_validation.php26
-rw-r--r--system/libraries/Ftp.php2
-rw-r--r--system/libraries/Javascript.php4
-rw-r--r--system/libraries/Javascript/Jquery.php3
-rw-r--r--system/libraries/Pagination.php3
-rw-r--r--system/libraries/Profiler.php27
-rw-r--r--system/libraries/Session/Session.php43
-rw-r--r--system/libraries/Session/drivers/Session_cookie.php97
-rw-r--r--system/libraries/Upload.php14
-rw-r--r--system/libraries/Xmlrpc.php4
-rw-r--r--system/libraries/Zip.php38
43 files changed, 826 insertions, 705 deletions
diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index c68266408..45c3485bf 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -48,13 +48,6 @@ defined('BASEPATH') OR exit('No direct script access allowed');
/*
* ------------------------------------------------------
- * Load the global functions
- * ------------------------------------------------------
- */
- require_once(BASEPATH.'core/Common.php');
-
-/*
- * ------------------------------------------------------
* Load the framework constants
* ------------------------------------------------------
*/
@@ -62,10 +55,15 @@ defined('BASEPATH') OR exit('No direct script access allowed');
{
require(APPPATH.'config/'.ENVIRONMENT.'/constants.php');
}
- else
- {
- require(APPPATH.'config/constants.php');
- }
+
+ require(APPPATH.'config/constants.php');
+
+/*
+ * ------------------------------------------------------
+ * Load the global functions
+ * ------------------------------------------------------
+ */
+ require_once(BASEPATH.'core/Common.php');
/*
* ------------------------------------------------------
@@ -73,11 +71,10 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* ------------------------------------------------------
*/
set_error_handler('_exception_handler');
+ register_shutdown_function('_shutdown_handler');
- if ( ! is_php('5.4'))
- {
- @ini_set('magic_quotes_runtime', 0); // Kill magic quotes
- }
+ // Kill magic quotes
+ is_php('5.4') OR @ini_set('magic_quotes_runtime', 0);
/*
* ------------------------------------------------------
@@ -88,7 +85,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
* The subclass prefix allows CI to know if a core class is
* being extended via a library in the local application
* "libraries" folder. Since CI allows config items to be
- * overriden via data set in the main index. php file,
+ * overriden via data set in the main index.php file,
* before proceeding we need to know if a subclass_prefix
* override exists. If so, we will set this value now,
* before any classes are loaded
@@ -240,12 +237,13 @@ defined('BASEPATH') OR exit('No direct script access allowed');
// Load the local application controller
// Note: The Router class automatically validates the controller path using the router->_validate_request().
// If this include fails it means that the default controller in the Routes.php file is not resolving to something valid.
- if ( ! file_exists(APPPATH.'controllers/'.$RTR->directory.$RTR->class.'.php'))
+ $class = ucfirst($RTR->class);
+ if ( ! file_exists(APPPATH.'controllers/'.$RTR->directory.$class.'.php'))
{
show_error('Unable to load your default controller. Please make sure the controller specified in your Routes.php file is valid.');
}
- include(APPPATH.'controllers/'.$RTR->directory.$RTR->class.'.php');
+ include(APPPATH.'controllers/'.$RTR->directory.$class.'.php');
// Set a mark point for benchmarking
$BM->mark('loading_time:_base_classes_end');
@@ -257,9 +255,8 @@ defined('BASEPATH') OR exit('No direct script access allowed');
*
* None of the methods in the app controller or the
* loader class can be called via the URI, nor can
- * controller functions that begin with an underscore.
+ * controller methods that begin with an underscore.
*/
- $class = $RTR->class;
$method = $RTR->method;
if ( ! class_exists($class, FALSE) OR $method[0] === '_' OR method_exists('CI_Controller', $method))
@@ -271,6 +268,8 @@ defined('BASEPATH') OR exit('No direct script access allowed');
$method = 'index';
}
+ $class = ucfirst($class);
+
if ( ! class_exists($class, FALSE))
{
if ( ! file_exists(APPPATH.'controllers/'.$class.'.php'))
@@ -309,6 +308,8 @@ defined('BASEPATH') OR exit('No direct script access allowed');
$method = 'index';
}
+ $class = ucfirst($class);
+
if ( ! class_exists($class, FALSE))
{
if ( ! file_exists(APPPATH.'controllers/'.$class.'.php'))
diff --git a/system/core/Common.php b/system/core/Common.php
index b95a05db9..00e303098 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -82,7 +82,7 @@ if ( ! function_exists('is_really_writable'))
function is_really_writable($file)
{
// If we're on a Unix server with safe_mode off we call is_writable
- if (DIRECTORY_SEPARATOR === '/' && (bool) @ini_get('safe_mode') === FALSE)
+ if (DIRECTORY_SEPARATOR === '/' && (is_php('5.4') OR (bool) @ini_get('safe_mode') === FALSE))
{
return is_writable($file);
}
@@ -224,56 +224,51 @@ if ( ! function_exists('get_config'))
* @param array
* @return array
*/
- function &get_config($replace = array())
+ function &get_config(Array $replace = array())
{
static $_config;
- if (isset($_config))
+ if (empty($_config))
{
- return $_config[0];
- }
+ $file_path = APPPATH.'config/config.php';
+ $found = FALSE;
+ if (file_exists($file_path))
+ {
+ $found = TRUE;
+ require($file_path);
+ }
- $file_path = APPPATH.'config/config.php';
- $found = FALSE;
- if (file_exists($file_path))
- {
- $found = TRUE;
- require($file_path);
- }
+ // Is the config file in the environment folder?
+ if (file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php'))
+ {
+ require($file_path);
+ }
+ elseif ( ! $found)
+ {
+ set_status_header(503);
+ echo 'The configuration file does not exist.';
+ exit(EXIT_CONFIG);
+ }
- // Is the config file in the environment folder?
- if (file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php'))
- {
- require($file_path);
- }
- elseif ( ! $found)
- {
- set_status_header(503);
- echo 'The configuration file does not exist.';
- exit(EXIT_CONFIG);
- }
+ // Does the $config array exist in the file?
+ if ( ! isset($config) OR ! is_array($config))
+ {
+ set_status_header(503);
+ echo 'Your config file does not appear to be formatted correctly.';
+ exit(EXIT_CONFIG);
+ }
- // Does the $config array exist in the file?
- if ( ! isset($config) OR ! is_array($config))
- {
- set_status_header(503);
- echo 'Your config file does not appear to be formatted correctly.';
- exit(EXIT_CONFIG);
+ // references cannot be directly assigned to static variables, so we use an array
+ $_config[0] =& $config;
}
- // Are any values being dynamically replaced?
- if (count($replace) > 0)
+ // Are any values being dynamically added or replaced?
+ foreach ($replace as $key => $val)
{
- foreach ($replace as $key => $val)
- {
- if (isset($config[$key]))
- {
- $config[$key] = $val;
- }
- }
+ $_config[0][$key] = $val;
}
- return $_config[0] =& $config;
+ return $_config[0];
}
}
@@ -360,6 +355,24 @@ if ( ! function_exists('is_https'))
// ------------------------------------------------------------------------
+if ( ! function_exists('is_cli'))
+{
+
+ /**
+ * Is CLI?
+ *
+ * Test to see if a request was made from the command line.
+ *
+ * @return bool
+ */
+ function is_cli()
+ {
+ return (PHP_SAPI === 'cli' OR defined('STDIN'));
+ }
+}
+
+// ------------------------------------------------------------------------
+
if ( ! function_exists('show_error'))
{
/**
@@ -434,29 +447,19 @@ if ( ! function_exists('log_message'))
*
* @param string the error level: 'error', 'debug' or 'info'
* @param string the error message
- * @param bool whether the error is a native PHP error
* @return void
*/
- function log_message($level, $message, $php_error = FALSE)
+ function log_message($level, $message)
{
- static $_log, $_log_threshold;
-
- if ($_log_threshold === NULL)
- {
- $_log_threshold = config_item('log_threshold');
- }
-
- if ($_log_threshold === 0)
- {
- return;
- }
+ static $_log;
if ($_log === NULL)
{
- $_log =& load_class('Log', 'core');
+ // references cannot be directly assigned to static variables, so we use an array
+ $_log[0] =& load_class('Log', 'core');
}
- $_log->write_log($level, $message, $php_error);
+ $_log[0]->write_log($level, $message);
}
}
@@ -538,7 +541,7 @@ if ( ! function_exists('set_status_header'))
$server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : FALSE;
- if (strpos(php_sapi_name(), 'cgi') === 0)
+ if (strpos(PHP_SAPI, 'cgi') === 0)
{
header('Status: '.$code.' '.$text, TRUE);
}
@@ -556,22 +559,35 @@ if ( ! function_exists('_exception_handler'))
/**
* Exception Handler
*
- * This is the custom exception handler that is declaired at the top
- * of Codeigniter.php. The main reason we use this is to permit
+ * This is the custom exception handler that is declared at the top
+ * of CodeIgniter.php. The main reason we use this is to permit
* PHP errors to be logged in our own log files since the user may
* not have access to server logs. Since this function
* effectively intercepts PHP errors, however, we also need
* to display errors based on the current error_reporting level.
* We do that with the use of a PHP error template.
*
- * @param int
- * @param string
- * @param string
- * @param int
+ * @param int $severity
+ * @param string $message
+ * @param string $filepath
+ * @param int $line
* @return void
*/
function _exception_handler($severity, $message, $filepath, $line)
{
+ $is_error = (((E_ERROR | E_COMPILE_ERROR | E_CORE_ERROR | E_USER_ERROR) & $severity) === $severity);
+
+ // When an error occurred, set the status header to '500 Internal Server Error'
+ // to indicate to the client something went wrong.
+ // This can't be done within the $_error->show_php_error method because
+ // it is only called when the display_errors flag is set (which isn't usually
+ // the case in a production environment) or when errors are ignored because
+ // they are above the error_reporting threshold.
+ if ($is_error)
+ {
+ set_status_header(500);
+ }
+
$_error =& load_class('Exceptions', 'core');
// Should we ignore the error? We'll get the current error_reporting
@@ -588,6 +604,42 @@ if ( ! function_exists('_exception_handler'))
}
$_error->log_exception($severity, $message, $filepath, $line);
+
+ // If the error is fatal, the execution of the script should be stopped because
+ // errors can't be recovered from. Halting the script conforms with PHP's
+ // default error handling. See http://www.php.net/manual/en/errorfunc.constants.php
+ if ($is_error)
+ {
+ exit(EXIT_ERROR);
+ }
+ }
+}
+
+// ------------------------------------------------------------------------
+
+if ( ! function_exists('_shutdown_handler'))
+{
+ /**
+ * Shutdown Handler
+ *
+ * This is the shutdown handler that is declared at the top
+ * of CodeIgniter.php. The main reason we use this is to simulate
+ * a complete custom exception handler.
+ *
+ * E_STRICT is purposivly neglected because such events may have
+ * been caught. Duplication or none? None is preferred for now.
+ *
+ * @link http://insomanic.me.uk/post/229851073/php-trick-catching-fatal-errors-e-error-with-a
+ * @return void
+ */
+ function _shutdown_handler()
+ {
+ $last_error = error_get_last();
+ if (isset($last_error) &&
+ ($last_error['type'] & (E_ERROR | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING)))
+ {
+ _exception_handler($last_error['type'], $last_error['message'], $last_error['file'], $last_error['line']);
+ }
}
}
diff --git a/system/core/Config.php b/system/core/Config.php
index 7e64444bc..a0e830abe 100644
--- a/system/core/Config.php
+++ b/system/core/Config.php
@@ -184,16 +184,16 @@ class CI_Config {
*
* @param string $item Config item name
* @param string $index Index name
- * @return string|bool The configuration item or FALSE on failure
+ * @return string|null The configuration item or NULL if the item doesn't exist
*/
public function item($item, $index = '')
{
if ($index == '')
{
- return isset($this->config[$item]) ? $this->config[$item] : FALSE;
+ return isset($this->config[$item]) ? $this->config[$item] : NULL;
}
- return isset($this->config[$index], $this->config[$index][$item]) ? $this->config[$index][$item] : FALSE;
+ return isset($this->config[$index], $this->config[$index][$item]) ? $this->config[$index][$item] : NULL;
}
// --------------------------------------------------------------------
@@ -202,13 +202,13 @@ class CI_Config {
* Fetch a config file item with slash appended (if not empty)
*
* @param string $item Config item name
- * @return string|bool The configuration item or FALSE on failure
+ * @return string|null The configuration item or NULL if the item doesn't exist
*/
public function slash_item($item)
{
if ( ! isset($this->config[$item]))
{
- return FALSE;
+ return NULL;
}
elseif (trim($this->config[$item]) === '')
{
@@ -228,13 +228,21 @@ class CI_Config {
* @uses CI_Config::_uri_string()
*
* @param string|string[] $uri URI string or an array of segments
+ * @param string $protocol
* @return string
*/
- public function site_url($uri = '')
+ public function site_url($uri = '', $protocol = NULL)
{
+ $base_url = $this->slash_item('base_url');
+
+ if (isset($protocol))
+ {
+ $base_url = $protocol.substr($base_url, strpos($base_url, '://'));
+ }
+
if (empty($uri))
{
- return $this->slash_item('base_url').$this->item('index_page');
+ return $base_url.$this->item('index_page');
}
$uri = $this->_uri_string($uri);
@@ -255,14 +263,14 @@ class CI_Config {
}
}
- return $this->slash_item('base_url').$this->slash_item('index_page').$uri;
+ return $base_url.$this->slash_item('index_page').$uri;
}
elseif (strpos($uri, '?') === FALSE)
{
$uri = '?'.$uri;
}
- return $this->slash_item('base_url').$this->item('index_page').$uri;
+ return $base_url.$this->item('index_page').$uri;
}
// -------------------------------------------------------------
@@ -275,11 +283,19 @@ class CI_Config {
* @uses CI_Config::_uri_string()
*
* @param string|string[] $uri URI string or an array of segments
+ * @param string $protocol
* @return string
*/
- public function base_url($uri = '')
+ public function base_url($uri = '', $protocol = NULL)
{
- return $this->slash_item('base_url').ltrim($this->_uri_string($uri), '/');
+ $base_url = $this->slash_item('base_url');
+
+ if (isset($protocol))
+ {
+ $base_url = $protocol.substr($base_url, strpos($base_url, '://'));
+ }
+
+ return $base_url.ltrim($this->_uri_string($uri), '/');
}
// -------------------------------------------------------------
diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php
index 9c68d06a5..809dc027a 100644
--- a/system/core/Exceptions.php
+++ b/system/core/Exceptions.php
@@ -91,7 +91,7 @@ class CI_Exceptions {
public function log_exception($severity, $message, $filepath, $line)
{
$severity = isset($this->levels[$severity]) ? $this->levels[$severity] : $severity;
- log_message('error', 'Severity: '.$severity.' --> '.$message. ' '.$filepath.' '.$line, TRUE);
+ log_message('error', 'Severity: '.$severity.' --> '.$message.' '.$filepath.' '.$line);
}
// --------------------------------------------------------------------
@@ -107,13 +107,21 @@ class CI_Exceptions {
*/
public function show_404($page = '', $log_error = TRUE)
{
- $heading = '404 Page Not Found';
- $message = 'The page you requested was not found.';
+ if (is_cli())
+ {
+ $heading = 'Not Found';
+ $message = 'The controller/method pair you requested was not found.';
+ }
+ else
+ {
+ $heading = '404 Page Not Found';
+ $message = 'The page you requested was not found.';
+ }
// By default we log this, but allow a dev to skip it
if ($log_error)
{
- log_message('error', '404 Page Not Found --> '.$page);
+ log_message('error', $heading.': '.$page);
}
echo $this->show_error($heading, $message, 'error_404', 404);
@@ -137,16 +145,24 @@ class CI_Exceptions {
*/
public function show_error($heading, $message, $template = 'error_general', $status_code = 500)
{
- set_status_header($status_code);
-
- $message = '<p>'.implode('</p><p>', is_array($message) ? $message : array($message)).'</p>';
+ if (is_cli())
+ {
+ $message = "\t".(is_array($message) ? implode("\n\t", $message) : $message);
+ $template = 'cli'.DIRECTORY_SEPARATOR.$template;
+ }
+ else
+ {
+ set_status_header($status_code);
+ $message = '<p>'.(is_array($message) ? implode('</p><p>', $message) : $message).'</p>';
+ $template = 'html'.DIRECTORY_SEPARATOR.$template;
+ }
if (ob_get_level() > $this->ob_level + 1)
{
ob_end_flush();
}
ob_start();
- include(VIEWPATH.'errors/'.$template.'.php');
+ include(VIEWPATH.'errors'.DIRECTORY_SEPARATOR.$template.'.php');
$buffer = ob_get_contents();
ob_end_clean();
return $buffer;
@@ -166,13 +182,22 @@ class CI_Exceptions {
public function show_php_error($severity, $message, $filepath, $line)
{
$severity = isset($this->levels[$severity]) ? $this->levels[$severity] : $severity;
- $filepath = str_replace('\\', '/', $filepath);
- // For safety reasons we do not show the full file path
- if (FALSE !== strpos($filepath, '/'))
+ // For safety reasons we don't show the full file path in non-CLI requests
+ if ( ! is_cli())
+ {
+ $filepath = str_replace('\\', '/', $filepath);
+ if (FALSE !== strpos($filepath, '/'))
+ {
+ $x = explode('/', $filepath);
+ $filepath = $x[count($x)-2].'/'.end($x);
+ }
+
+ $template = 'html'.DIRECTORY_SEPARATOR.'error_php';
+ }
+ else
{
- $x = explode('/', $filepath);
- $filepath = $x[count($x)-2].'/'.end($x);
+ $template = 'cli'.DIRECTORY_SEPARATOR.'error_php';
}
if (ob_get_level() > $this->ob_level + 1)
@@ -180,7 +205,7 @@ class CI_Exceptions {
ob_end_flush();
}
ob_start();
- include(VIEWPATH.'errors/error_php.php');
+ include(VIEWPATH.'errors'.DIRECTORY_SEPARATOR.$template.'.php');
$buffer = ob_get_contents();
ob_end_clean();
echo $buffer;
diff --git a/system/core/Input.php b/system/core/Input.php
index 0ef81128e..384e30d43 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -47,7 +47,7 @@ class CI_Input {
public $ip_address = FALSE;
/**
- * User agent strin
+ * User agent string
*
* @var string
*/
@@ -261,7 +261,7 @@ class CI_Input {
* @param bool $xss_clean Whether to apply XSS filtering
* @return mixed
*/
- public function get_post($index = '', $xss_clean = FALSE)
+ public function post_get($index = '', $xss_clean = FALSE)
{
return isset($_POST[$index])
? $this->post($index, $xss_clean)
@@ -271,6 +271,22 @@ class CI_Input {
// --------------------------------------------------------------------
/**
+ * Fetch an item from GET data with fallback to POST
+ *
+ * @param string $index Index for item to be fetched from $_GET or $_POST
+ * @param bool $xss_clean Whether to apply XSS filtering
+ * @return mixed
+ */
+ public function get_post($index = '', $xss_clean = FALSE)
+ {
+ return isset($_GET[$index])
+ ? $this->get($index, $xss_clean)
+ : $this->post($index, $xss_clean);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Fetch an item from the COOKIE array
*
* @param string $index Index for item to be fetched from $_COOKIE
@@ -677,7 +693,14 @@ class CI_Input {
foreach ($_COOKIE as $key => $val)
{
- $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
+ if (($cookie_key = $this->_clean_input_keys($key)) !== FALSE)
+ {
+ $_COOKIE[$cookie_key] = $this->_clean_input_data($val);
+ }
+ else
+ {
+ unset($_COOKIE[$key]);
+ }
}
}
@@ -685,12 +708,12 @@ class CI_Input {
$_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
// CSRF Protection check
- if ($this->_enable_csrf === TRUE && ! $this->is_cli_request())
+ if ($this->_enable_csrf === TRUE && ! is_cli())
{
$this->security->csrf_verify();
}
- log_message('debug', 'Global POST and COOKIE data sanitized');
+ log_message('debug', 'Global POST, GET and COOKIE data sanitized');
}
// --------------------------------------------------------------------
@@ -760,15 +783,25 @@ class CI_Input {
* only named with alpha-numeric text and a few other items.
*
* @param string $str Input string
- * @return string
+ * @param string $fatal Whether to terminate script exection
+ * or to return FALSE if an invalid
+ * key is encountered
+ * @return string|bool
*/
- protected function _clean_input_keys($str)
+ protected function _clean_input_keys($str, $fatal = TRUE)
{
if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str))
{
- set_status_header(503);
- echo 'Disallowed Key Characters.';
- exit(EXIT_USER_INPUT);
+ if ($fatal === TRUE)
+ {
+ return FALSE;
+ }
+ else
+ {
+ set_status_header(503);
+ echo 'Disallowed Key Characters.';
+ exit(EXIT_USER_INPUT);
+ }
}
// Clean UTF-8 if supported
@@ -868,11 +901,12 @@ class CI_Input {
*
* Test to see if a request was made from the command line.
*
- * @return bool
+ * @deprecated 3.0.0 Use is_cli() instead
+ * @return bool
*/
public function is_cli_request()
{
- return (php_sapi_name() === 'cli' OR defined('STDIN'));
+ return is_cli();
}
// --------------------------------------------------------------------
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 70a6b6fa6..70c1e4154 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -76,13 +76,6 @@ class CI_Loader {
protected $_ci_helper_paths = array(APPPATH, BASEPATH);
/**
- * List of loaded base classes
- *
- * @var array
- */
- protected $_base_classes = array(); // Set by the controller class
-
- /**
* List of cached variables
*
* @var array
@@ -120,6 +113,8 @@ class CI_Loader {
'user_agent' => 'agent'
);
+ // --------------------------------------------------------------------
+
/**
* Class constructor
*
@@ -129,7 +124,8 @@ class CI_Loader {
*/
public function __construct()
{
- $this->_ci_ob_level = ob_get_level();
+ $this->_ci_ob_level = ob_get_level();
+ $this->_ci_classes =& is_loaded();
log_message('debug', 'Loader Class Initialized');
}
@@ -147,7 +143,6 @@ class CI_Loader {
*/
public function initialize()
{
- $this->_base_classes =& is_loaded();
$this->_ci_autoloader();
}
@@ -165,7 +160,7 @@ class CI_Loader {
*/
public function is_loaded($class)
{
- return isset($this->_ci_classes[$class]) ? $this->_ci_classes[$class] : FALSE;
+ return array_search(ucfirst($class), $this->_ci_classes, TRUE);
}
// --------------------------------------------------------------------
@@ -183,7 +178,11 @@ class CI_Loader {
*/
public function library($library = '', $params = NULL, $object_name = NULL)
{
- if (is_array($library))
+ if (empty($library))
+ {
+ return;
+ }
+ elseif (is_array($library))
{
foreach ($library as $class)
{
@@ -193,11 +192,6 @@ class CI_Loader {
return;
}
- if ($library === '' OR isset($this->_base_classes[$library]))
- {
- return;
- }
-
if ($params !== NULL && ! is_array($params))
{
$params = NULL;
@@ -228,7 +222,7 @@ class CI_Loader {
{
foreach ($model as $key => $value)
{
- $this->model(is_int($key) ? $value : $key, $value);
+ is_int($key) ? $this->model($value, '', $db_conn) : $this->model($key, $value, $db_conn);
}
return;
}
@@ -261,33 +255,32 @@ class CI_Loader {
show_error('The model name you are loading is the name of a resource that is already being used: '.$name);
}
- $model = strtolower($model);
-
- foreach ($this->_ci_model_paths as $mod_path)
+ if ($db_conn !== FALSE && ! class_exists('CI_DB', FALSE))
{
- if ( ! file_exists($mod_path.'models/'.$path.$model.'.php'))
+ if ($db_conn === TRUE)
{
- continue;
+ $db_conn = '';
}
- if ($db_conn !== FALSE && ! class_exists('CI_DB', FALSE))
- {
- if ($db_conn === TRUE)
- {
- $db_conn = '';
- }
+ $CI->load->database($db_conn, FALSE, TRUE);
+ }
- $CI->load->database($db_conn, FALSE, TRUE);
- }
+ if ( ! class_exists('CI_Model', FALSE))
+ {
+ load_class('Model', 'core');
+ }
- if ( ! class_exists('CI_Model', FALSE))
+ $model = ucfirst(strtolower($model));
+
+ foreach ($this->_ci_model_paths as $mod_path)
+ {
+ if ( ! file_exists($mod_path.'models/'.$path.$model.'.php'))
{
- load_class('Model', 'core');
+ continue;
}
require_once($mod_path.'models/'.$path.$model.'.php');
- $model = ucfirst($model);
$CI->$name = new $model();
$this->_ci_models[] = $name;
return;
@@ -422,7 +415,7 @@ class CI_Loader {
* to be extracted for use in the view
* @param bool $return Whether to return the view output
* or leave it to the Output class
- * @return void
+ * @return void|string
*/
public function view($view, $vars = array(), $return = FALSE)
{
@@ -478,6 +471,20 @@ class CI_Loader {
// --------------------------------------------------------------------
/**
+ * Clear Cached Variables
+ *
+ * Clears the cached variables.
+ *
+ * @return void
+ */
+ public function clear_vars()
+ {
+ $this->_ci_cached_vars = array();
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
* Get Variable
*
* Check if a variable is set and retrieve it.
@@ -1118,30 +1125,35 @@ class CI_Loader {
// Set the variable name we will assign the class to
// Was a custom class name supplied? If so we'll use it
- $class = strtolower($class);
-
- if ($object_name === NULL)
+ if (empty($object_name))
{
- $classvar = isset($this->_ci_varmap[$class]) ? $this->_ci_varmap[$class] : $class;
+ $object_name = strtolower($class);
+ if (isset($this->_ci_varmap[$object_name]))
+ {
+ $object_name = $this->_ci_varmap[$object_name];
+ }
}
- else
+
+ // Don't overwrite existing properties
+ $CI =& get_instance();
+ if (isset($CI->$object_name))
{
- $classvar = $object_name;
+ if ($CI->$object_name instanceof $name)
+ {
+ log_message('debug', $class." has already been instantiated as '".$object_name."'. Second attempt aborted.");
+ return;
+ }
+
+ show_error("Resource '".$object_name."' already exists and is not a ".$class." instance.");
}
// Save the class name and object name
- $this->_ci_classes[$class] = $classvar;
+ $this->_ci_classes[$object_name] = $class;
// Instantiate the class
- $CI =& get_instance();
- if ($config !== NULL)
- {
- $CI->$classvar = new $name($config);
- }
- else
- {
- $CI->$classvar = new $name();
- }
+ $CI->$object_name = isset($config)
+ ? new $name($config)
+ : new $name();
}
// --------------------------------------------------------------------
@@ -1198,6 +1210,15 @@ class CI_Loader {
}
}
+ // Autoload drivers
+ if (isset($autoload['drivers']))
+ {
+ foreach ($autoload['drivers'] as $item)
+ {
+ $this->driver($item);
+ }
+ }
+
// Load libraries
if (isset($autoload['libraries']) && count($autoload['libraries']) > 0)
{
@@ -1215,15 +1236,6 @@ class CI_Loader {
}
}
- // Autoload drivers
- if (isset($autoload['drivers']))
- {
- foreach ($autoload['drivers'] as $item)
- {
- $this->driver($item);
- }
- }
-
// Autoload models
if (isset($autoload['model']))
{
diff --git a/system/core/Log.php b/system/core/Log.php
index e4d72b544..b2327b8f0 100644
--- a/system/core/Log.php
+++ b/system/core/Log.php
@@ -140,10 +140,9 @@ class CI_Log {
*
* @param string the error level: 'error', 'debug' or 'info'
* @param string the error message
- * @param bool whether the error is a native PHP error
* @return bool
*/
- public function write_log($level, $msg, $php_error = FALSE)
+ public function write_log($level, $msg)
{
if ($this->_enabled === FALSE)
{
diff --git a/system/core/Output.php b/system/core/Output.php
index 06d7a866b..10332f0d8 100644
--- a/system/core/Output.php
+++ b/system/core/Output.php
@@ -701,7 +701,7 @@ class CI_Output {
else
{
header('Pragma: public');
- header('Cache-Control: max-age=' . $max_age . ', public');
+ header('Cache-Control: max-age='.$max_age.', public');
header('Expires: '.gmdate('D, d M Y H:i:s', $expiration).' GMT');
header('Last-modified: '.gmdate('D, d M Y H:i:s', $last_modified).' GMT');
}
@@ -740,13 +740,13 @@ class CI_Output {
preg_match_all('{<style.+</style>}msU', $output, $style_clean);
foreach ($style_clean[0] as $s)
{
- $output = str_replace($s, $this->_minify_script_style($s, TRUE), $output);
+ $output = str_replace($s, $this->_minify_js_css($s, 'css', TRUE), $output);
}
// Minify the javascript in <script> tags.
foreach ($javascript_clean[0] as $s)
{
- $javascript_mini[] = $this->_minify_script_style($s, TRUE);
+ $javascript_mini[] = $this->_minify_js_css($s, 'js', TRUE);
}
// Replace multiple spaces with a single space.
@@ -792,13 +792,14 @@ class CI_Output {
break;
case 'text/css':
+
+ return $this->_minify_js_css($output, 'css');
+
case 'text/javascript':
case 'application/javascript':
case 'application/x-javascript':
- $output = $this->_minify_script_style($output);
-
- break;
+ return $this->_minify_js_css($output, 'js');
default: break;
}
@@ -809,134 +810,100 @@ class CI_Output {
// --------------------------------------------------------------------
/**
- * Minify Style and Script
- *
- * Reduce excessive size of CSS/JavaScript content. To remove spaces this
- * script walks the string as an array and determines if the pointer is inside
- * a string created by single quotes or double quotes. spaces inside those
- * strings are not stripped. Opening and closing tags are severed from
- * the string initially and saved without stripping whitespace to preserve
- * the tags and any associated properties if tags are present
+ * Minify JavaScript and CSS code
*
- * Minification logic/workflow is similar to methods used by Douglas Crockford
- * in JSMIN. http://www.crockford.com/javascript/jsmin.html
+ * Strips comments and excessive whitespace characters
*
- * KNOWN ISSUE: ending a line with a closing parenthesis ')' and no semicolon
- * where there should be one will break the Javascript. New lines after a
- * closing parenthesis are not recognized by the script. For best results
- * be sure to terminate lines with a semicolon when appropriate.
- *
- * @param string $output Output to minify
- * @param bool $has_tags Specify if the output has style or script tags
- * @return string Minified output
+ * @param string $output
+ * @param string $type 'js' or 'css'
+ * @param bool $tags Whether $output contains the 'script' or 'style' tag
+ * @return string
*/
- protected function _minify_script_style($output, $has_tags = FALSE)
+ protected function _minify_js_css($output, $type, $tags = FALSE)
{
- // We only need this if there are tags in the file
- if ($has_tags === TRUE)
+ if ($tags === TRUE)
{
- // Remove opening tag and save for later
- $pos = strpos($output, '>') + 1;
- $open_tag = substr($output, 0, $pos);
- $output = substr_replace($output, '', 0, $pos);
+ $tags = array('close' => strrchr($output, '<'));
- // Remove closing tag and save it for later
- $pos = strpos($output, '</');
- $closing_tag = substr($output, $pos, strlen($output));
- $output = substr_replace($output, '', $pos);
- }
+ $open_length = strpos($output, '>') + 1;
+ $tags['open'] = substr($output, 0, $open_length);
- // Remove CSS comments
- $output = preg_replace('!/\*[^*]*\*+([^/][^*]*\*+)*/!i', '', $output);
+ $output = substr($output, $open_length, -strlen($tags['close']));
- // Remove spaces around curly brackets, colons,
- // semi-colons, parenthesis, commas
- $chunks = preg_split('/([\'|"]).+(?![^\\\]\\1)\\1/iU', $output, -1, PREG_SPLIT_OFFSET_CAPTURE);
- for ($i = count($chunks) - 1; $i >= 0; $i--)
- {
- $output = substr_replace(
- $output,
- preg_replace('/\s*(:|;|,|}|{|\(|\))\s*/i', '$1', $chunks[$i][0]),
- $chunks[$i][1],
- strlen($chunks[$i][0])
- );
+ // Strip spaces from the tags
+ $tags = preg_replace('#\s{2,}#', ' ', $tags);
}
- // Replace tabs with spaces
- // Replace carriage returns & multiple new lines with single new line
- // and trim any leading or trailing whitespace
- $output = trim(preg_replace(array('/\t+/', '/\r/', '/\n+/'), array(' ', "\n", "\n"), $output));
+ $output = trim($output);
- // Remove spaces when safe to do so.
- $in_string = $in_dstring = $prev = FALSE;
- $array_output = str_split($output);
- foreach ($array_output as $key => $value)
+ if ($type === 'js')
{
- if ($in_string === FALSE && $in_dstring === FALSE)
+ // Catch all string literals and comment blocks
+ if (preg_match_all('#((?:((?<!\\\)\'|")|(/\*)|(//)).*(?(2)(?<!\\\)\2|(?(3)\*/|\n)))#msuUS', $output, $match, PREG_OFFSET_CAPTURE))
{
- if ($value === ' ')
+ $js_literals = $js_code = array();
+ for ($match = $match[0], $c = count($match), $i = $pos = $offset = 0; $i < $c; $i++)
{
- // Get the next element in the array for comparisons
- $next = $array_output[$key + 1];
-
- // Strip spaces preceded/followed by a non-ASCII character
- // or not preceded/followed by an alphanumeric
- // or not preceded/followed \ $ and _
- if ((preg_match('/^[\x20-\x7f]*$/D', $next) OR preg_match('/^[\x20-\x7f]*$/D', $prev))
- && ( ! ctype_alnum($next) OR ! ctype_alnum($prev))
- && ! in_array($next, array('\\', '_', '$'), TRUE)
- && ! in_array($prev, array('\\', '_', '$'), TRUE)
- )
+ $js_code[$pos++] = trim(substr($output, $offset, $match[$i][1] - $offset));
+ $offset = $match[$i][1] + strlen($match[$i][0]);
+
+ // Save only if we haven't matched a comment block
+ if ($match[$i][0][0] !== '/')
{
- unset($array_output[$key]);
+ $js_literals[$pos++] = array_shift($match[$i]);
}
}
- else
- {
- // Save this value as previous for the next iteration
- // if it is not a blank space
- $prev = $value;
- }
- }
+ $js_code[$pos] = substr($output, $offset);
- if ($value === "'")
- {
- $in_string = ! $in_string;
+ // $match might be quite large, so free it up together with other vars that we no longer need
+ unset($match, $offset, $pos);
}
- elseif ($value === '"')
+ else
{
- $in_dstring = ! $in_dstring;
+ $js_code = array($output);
+ $js_literals = array();
}
+
+ $varname = 'js_code';
+ }
+ else
+ {
+ $varname = 'output';
}
- // Put the string back together after spaces have been stripped
- $output = implode($array_output);
+ // Standartize new lines
+ $$varname = str_replace(array("\r\n", "\r"), "\n", $$varname);
- // Remove new line characters unless previous or next character is
- // printable or Non-ASCII
- preg_match_all('/[\n]/', $output, $lf, PREG_OFFSET_CAPTURE);
- $removed_lf = 0;
- foreach ($lf as $feed_position)
+ if ($type === 'js')
{
- foreach ($feed_position as $position)
- {
- $position = $position[1] - $removed_lf;
- $next = $output[$position + 1];
- $prev = $output[$position - 1];
- if ( ! ctype_print($next) && ! ctype_print($prev)
- && ! preg_match('/^[\x20-\x7f]*$/D', $next)
- && ! preg_match('/^[\x20-\x7f]*$/D', $prev)
- )
- {
- $output = substr_replace($output, '', $position, 1);
- $removed_lf++;
- }
- }
+ $patterns = array(
+ '#\s*([!\#%&()*+,\-./:;<=>?@\[\]^`{|}~])\s*#' => '$1', // Remove spaces following and preceeding JS-wise non-special & non-word characters
+ '#\s{2,}#' => ' ' // Reduce the remaining multiple whitespace characters to a single space
+ );
+ }
+ else
+ {
+ $patterns = array(
+ '#/\*.*(?=\*/)\*/#s' => '', // Remove /* block comments */
+ '#\n?//[^\n]*#' => '', // Remove // line comments
+ '#\s*([^\w.\#%])\s*#U' => '$1', // Remove spaces following and preceeding non-word characters, excluding dots, hashes and the percent sign
+ '#\s{2,}#' => ' ' // Reduce the remaining multiple space characters to a single space
+ );
+ }
+
+ $$varname = preg_replace(array_keys($patterns), array_values($patterns), $$varname);
+
+ // Glue back JS quoted strings
+ if ($type === 'js')
+ {
+ $js_code += $js_literals;
+ ksort($js_code);
+ $output = implode($js_code);
+ unset($js_code, $js_literals, $varname, $patterns);
}
- // Put the opening and closing tags back if applicable
- return isset($open_tag)
- ? $open_tag.$output.$closing_tag
+ return is_array($tags)
+ ? $tags['open'].$output.$tags['close']
: $output;
}
diff --git a/system/core/Router.php b/system/core/Router.php
index cc3916f86..d467d60fd 100644
--- a/system/core/Router.php
+++ b/system/core/Router.php
@@ -270,8 +270,7 @@ class CI_Router {
return $segments;
}
- $test = ($this->translate_uri_dashes === TRUE)
- ? str_replace('-', '_', $segments[0]) : $segments[0];
+ $test = ucfirst($this->translate_uri_dashes === TRUE ? str_replace('-', '_', $segments[0]) : $segments[0]);
// Does the requested controller exist in the root folder?
if (file_exists(APPPATH.'controllers/'.$test.'.php'))
@@ -286,8 +285,7 @@ class CI_Router {
$this->set_directory(array_shift($segments));
if (count($segments) > 0)
{
- $test = ($this->translate_uri_dashes === TRUE)
- ? str_replace('-', '_', $segments[0]) : $segments[0];
+ $test = ucfirst($this->translate_uri_dashes === TRUE ? str_replace('-', '_', $segments[0]) : $segments[0]);
// Does the requested controller exist in the sub-directory?
if ( ! file_exists(APPPATH.'controllers/'.$this->directory.$test.'.php'))
@@ -307,7 +305,7 @@ class CI_Router {
{
// Is the method being specified in the route?
$segments = explode('/', $this->default_controller);
- if ( ! file_exists(APPPATH.'controllers/'.$this->directory.$segments[0].'.php'))
+ if ( ! file_exists(APPPATH.'controllers/'.$this->directory.ucfirst($segments[0]).'.php'))
{
$this->directory = '';
}
@@ -347,16 +345,41 @@ class CI_Router {
// Turn the segment array into a URI string
$uri = implode('/', $this->uri->segments);
+ // Get HTTP verb
+ $http_verb = isset($_SERVER['REQUEST_METHOD']) ? strtolower($_SERVER['REQUEST_METHOD']) : 'cli';
+
// Is there a literal match? If so we're done
- if (isset($this->routes[$uri]) && is_string($this->routes[$uri]))
+ if (isset($this->routes[$uri]))
{
- return $this->_set_request(explode('/', $this->routes[$uri]));
+ // Check default routes format
+ if (is_string($this->routes[$uri]))
+ {
+ return $this->_set_request(explode('/', $this->routes[$uri]));
+ }
+ // Is there a matching http verb?
+ elseif (is_array($this->routes[$uri]) && isset($this->routes[$uri][$http_verb]))
+ {
+ return $this->_set_request(explode('/', $this->routes[$uri][$http_verb]));
+ }
}
- // Loop through the route array looking for wild-cards
+ // Loop through the route array looking for wildcards
foreach ($this->routes as $key => $val)
{
- // Convert wild-cards to RegEx
+ // Check if route format is using http verb
+ if (is_array($val))
+ {
+ if (isset($val[$http_verb]))
+ {
+ $val = $val[$http_verb];
+ }
+ else
+ {
+ continue;
+ }
+ }
+
+ // Convert wildcards to RegEx
$key = str_replace(array(':any', ':num'), array('[^/]+', '[0-9]+'), $key);
// Does the RegEx match?
diff --git a/system/core/Security.php b/system/core/Security.php
index 196d61144..9423f825c 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -38,6 +38,30 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class CI_Security {
/**
+ * List of sanitize filename strings
+ *
+ * @var array
+ */
+ public $filename_bad_chars = array(
+ '../', '<!--', '-->', '<', '>',
+ "'", '"', '&', '$', '#',
+ '{', '}', '[', ']', '=',
+ ';', '?', '%20', '%22',
+ '%3c', // <
+ '%253c', // <
+ '%3e', // >
+ '%0e', // >
+ '%28', // (
+ '%29', // )
+ '%2528', // (
+ '%26', // &
+ '%24', // $
+ '%3f', // ?
+ '%3b', // ;
+ '%3d' // =
+ );
+
+ /**
* XSS Hash
*
* Random Hash for protecting URLs.
@@ -529,9 +553,9 @@ class CI_Security {
{
$matches = $matches1 = 0;
+ $str = preg_replace('~(&#x0*[0-9a-f]{2,5});?~iS', '$1;', $str, -1, $matches);
+ $str = preg_replace('~(&#\d{2,4});?~S', '$1;', $str, -1, $matches1);
$str = html_entity_decode($str, ENT_COMPAT, $charset);
- $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches);
- $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1);
}
while ($matches OR $matches1);
@@ -549,24 +573,7 @@ class CI_Security {
*/
public function sanitize_filename($str, $relative_path = FALSE)
{
- $bad = array(
- '../', '<!--', '-->', '<', '>',
- "'", '"', '&', '$', '#',
- '{', '}', '[', ']', '=',
- ';', '?', '%20', '%22',
- '%3c', // <
- '%253c', // <
- '%3e', // >
- '%0e', // >
- '%28', // (
- '%29', // )
- '%2528', // (
- '%26', // &
- '%24', // $
- '%3f', // ?
- '%3b', // ;
- '%3d' // =
- );
+ $bad = $this->filename_bad_chars;
if ( ! $relative_path)
{
@@ -596,7 +603,7 @@ class CI_Security {
*/
public function strip_image_tags($str)
{
- return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+ return preg_replace(array('#<img[\s/]+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img[\s/]+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
}
// ----------------------------------------------------------------
@@ -877,7 +884,7 @@ class CI_Security {
{
if ($this->_csrf_hash === '')
{
- // If the cookie exists we will use it's value.
+ // If the cookie exists we will use its value.
// We don't necessarily want to regenerate it with
// each page load since a page could contain embedded
// sub-pages causing this feature to fail
@@ -887,7 +894,7 @@ class CI_Security {
return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
}
- $this->_csrf_hash = md5(uniqid(rand(), TRUE));
+ $this->_csrf_hash = md5(uniqid(mt_rand(), TRUE));
$this->csrf_set_cookie();
}
diff --git a/system/core/URI.php b/system/core/URI.php
index bc086d223..bad9985d7 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -99,7 +99,7 @@ class CI_URI {
if ($protocol === 'AUTO')
{
// Is the request coming from the command line?
- if ($this->_is_cli_request())
+ if (is_cli())
{
$this->_set_uri_string($this->_parse_argv());
return;
@@ -280,23 +280,6 @@ class CI_URI {
// --------------------------------------------------------------------
/**
- * Is CLI Request?
- *
- * Duplicate of method from the Input class to test to see if
- * a request was made from the command line.
- *
- * @see CI_Input::is_cli_request()
- * @used-by CI_URI::_fetch_uri_string()
- * @return bool
- */
- protected function _is_cli_request()
- {
- return (PHP_SAPI === 'cli') OR defined('STDIN');
- }
-
- // --------------------------------------------------------------------
-
- /**
* Parse CLI arguments
*
* Take each command line argument and assume it is a URI segment.
diff --git a/system/database/DB.php b/system/database/DB.php
index 8742800c8..96da87c6d 100644
--- a/system/database/DB.php
+++ b/system/database/DB.php
@@ -206,11 +206,6 @@ function &DB($params = '', $query_builder_override = NULL)
$DB->initialize();
}
- if ( ! empty($params['stricton']))
- {
- $DB->query('SET SESSION sql_mode="STRICT_ALL_TABLES"');
- }
-
return $DB;
}
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 425657e17..4791c3b89 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -624,7 +624,14 @@ abstract class CI_DB_driver {
// if transactions are enabled. If we don't call this here
// the error message will trigger an exit, causing the
// transactions to remain in limbo.
- $this->_trans_depth > 0 && $this->trans_complete();
+ if ($this->_trans_depth !== 0)
+ {
+ do
+ {
+ $this->trans_complete();
+ }
+ while ($this->_trans_depth !== 0);
+ }
// Display errors
return $this->display_error(array('Error Number: '.$error['code'], $error['message'], $sql));
@@ -1135,7 +1142,7 @@ abstract class CI_DB_driver {
else
{
/* We have no other choice but to just get the first element's key.
- * Due to array_shift() accepting it's argument by reference, if
+ * Due to array_shift() accepting its argument by reference, if
* E_STRICT is on, this would trigger a warning. So we'll have to
* assign it first.
*/
@@ -1375,7 +1382,9 @@ abstract class CI_DB_driver {
$fields[$this->protect_identifiers($key)] = $this->escape($val);
}
- return $this->_update($this->protect_identifiers($table, TRUE, NULL, FALSE), $fields);
+ $sql = $this->_update($this->protect_identifiers($table, TRUE, NULL, FALSE), $fields);
+ $this->_reset_write();
+ return $sql;
}
// --------------------------------------------------------------------
@@ -1412,7 +1421,7 @@ abstract class CI_DB_driver {
*/
protected function _has_operator($str)
{
- return (bool) preg_match('/(<|>|!|=|\sIS NULL|\sIS NOT NULL|\sBETWEEN|\sLIKE|\sIN\s*\(|\s)/i', trim($str));
+ return (bool) preg_match('/(<|>|!|=|\sIS NULL|\sIS NOT NULL|\sEXISTS|\sBETWEEN|\sLIKE|\sIN\s*\(|\s)/i', trim($str));
}
// --------------------------------------------------------------------
@@ -1438,6 +1447,8 @@ abstract class CI_DB_driver {
'\s*>\s*', // >
'\s+IS NULL', // IS NULL
'\s+IS NOT NULL', // IS NOT NULL
+ '\s+EXISTS\s*\([^\)]+\)', // EXISTS(sql)
+ '\s+NOT EXISTS\s*\([^\)]+\)', // NOT EXISTS(sql)
'\s+BETWEEN\s+\S+\s+AND\s+\S+', // BETWEEN value AND value
'\s+IN\s*\([^\)]+\)', // IN(list)
'\s+NOT IN\s*\([^\)]+\)', // NOT IN (list)
@@ -1474,7 +1485,7 @@ abstract class CI_DB_driver {
}
return (func_num_args() > 1)
- ? call_user_func_array($function, array_splice(func_get_args(), 1))
+ ? call_user_func_array($function, array_slice(func_get_args(), 1))
: call_user_func($function);
}
diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php
index d52029ecd..1cebb189c 100644
--- a/system/database/DB_forge.php
+++ b/system/database/DB_forge.php
@@ -740,6 +740,18 @@ abstract class CI_DB_forge {
'_literal' => FALSE
);
+ if ($create_table === FALSE)
+ {
+ if (isset($attributes['AFTER']))
+ {
+ $field['after'] = $attributes['AFTER'];
+ }
+ elseif (isset($attributes['FIRST']))
+ {
+ $field['first'] = (bool) $attributes['FIRST'];
+ }
+ }
+
$this->_attr_default($attributes, $field);
if (isset($attributes['NULL']))
@@ -748,11 +760,15 @@ abstract class CI_DB_forge {
{
$field['null'] = empty($this->_null) ? '' : ' '.$this->_null;
}
- elseif ($create_table === TRUE)
+ else
{
$field['null'] = ' NOT NULL';
}
}
+ elseif ($create_table === TRUE)
+ {
+ $field['null'] = ' NOT NULL';
+ }
$this->_attr_auto_increment($attributes, $field);
$this->_attr_unique($attributes, $field);
@@ -968,7 +984,6 @@ abstract class CI_DB_forge {
*/
protected function _process_indexes($table)
{
- $table = $this->db->escape_identifiers($table);
$sqls = array();
for ($i = 0, $c = count($this->keys); $i < $c; $i++)
@@ -992,7 +1007,7 @@ abstract class CI_DB_forge {
is_array($this->keys[$i]) OR $this->keys[$i] = array($this->keys[$i]);
- $sqls[] = 'CREATE INDEX '.$this->db->escape_identifiers(implode('_', $this->keys[$i]))
+ $sqls[] = 'CREATE INDEX '.$this->db->escape_identifiers($table.'_'.implode('_', $this->keys[$i]))
.' ON '.$this->db->escape_identifiers($table)
.' ('.implode(', ', $this->db->escape_identifiers($this->keys[$i])).');';
}
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 292621b66..1d41a19ba 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -385,7 +385,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
$alias = $this->_create_alias_from_table(trim($select));
}
- $sql = $this->protect_identifiers($type.'('.trim($select).')').' AS '.$this->escape_identifiers(trim($alias));
+ $sql = $type.'('.$this->protect_identifiers(trim($select)).') AS '.$this->escape_identifiers(trim($alias));
$this->qb_select[] = $sql;
$this->qb_no_escape[] = NULL;
@@ -1138,7 +1138,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
* ORDER BY
*
* @param string $orderby
- * @param string $direction ASC or DESC
+ * @param string $direction ASC, DESC or RANDOM
* @param bool $escape
* @return CI_DB_query_builder
*/
@@ -1152,7 +1152,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
// Do we have a seed value?
$orderby = ctype_digit((string) $orderby)
- ? $orderby = sprintf($this->_random_keyword[1], $orderby)
+ ? sprintf($this->_random_keyword[1], $orderby)
: $this->_random_keyword[0];
}
elseif (empty($orderby))
@@ -1338,7 +1338,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
* returned by an Query Builder query.
*
* @param string
- * @return string
+ * @return int
*/
public function count_all_results($table = '')
{
@@ -1846,6 +1846,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
{
$this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, 100), $this->protect_identifiers($index)));
$affected_rows += $this->affected_rows();
+ $this->qb_where = array();
}
$this->_reset_write();
@@ -2290,7 +2291,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
{
for ($i = 0, $c = count($this->$qb_key); $i < $c; $i++)
{
- if ($this->{$qb_key}[$i]['escape'] === FALSE)
+ // Is this condition already compiled?
+ if (is_string($this->{$qb_key}[$i]))
+ {
+ continue;
+ }
+ elseif ($this->{$qb_key}[$i]['escape'] === FALSE)
{
$this->{$qb_key}[$i] = $this->{$qb_key}[$i]['condition'];
continue;
@@ -2360,6 +2366,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
{
for ($i = 0, $c = count($this->qb_groupby); $i < $c; $i++)
{
+ // Is it already compiled?
+ if (is_string($this->qb_groupby))
+ {
+ continue;
+ }
+
$this->qb_groupby[$i] = ($this->qb_groupby[$i]['escape'] === FALSE OR $this->_is_literal($this->qb_groupby[$i]['field']))
? $this->qb_groupby[$i]['field']
: $this->protect_identifiers($this->qb_groupby[$i]['field']);
@@ -2545,16 +2557,18 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
return;
}
- foreach ($this->qb_cache_exists as $val)
+ foreach (array_unique($this->qb_cache_exists) as $val) // select, from, etc.
{
$qb_variable = 'qb_'.$val;
$qb_cache_var = 'qb_cache_'.$val;
+ $qb_new = $this->$qb_cache_var;
- if (count($this->$qb_cache_var) === 0)
+ foreach ($this->$qb_variable as &$qb_var)
{
- continue;
+ in_array($qb_var, $qb_new, TRUE) OR $qb_new[] = $qb_var;
}
- $this->$qb_variable = array_merge($this->$qb_variable, array_diff($this->$qb_cache_var, $this->$qb_variable));
+
+ $this->$qb_variable = $qb_new;
}
// If we are "protecting identifiers" we need to examine the "from"
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index b94642b35..16b2f6f53 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -66,6 +66,15 @@ class CI_DB_mysql_driver extends CI_DB {
*/
public $delete_hack = TRUE;
+ /**
+ * Strict ON flag
+ *
+ * Whether we're running in strict SQL mode.
+ *
+ * @var bool
+ */
+ public $stricton = FALSE;
+
// --------------------------------------------------------------------
/**
@@ -126,6 +135,11 @@ class CI_DB_mysql_driver extends CI_DB {
: FALSE;
}
+ if ($this->stricton && is_resource($this->conn_id))
+ {
+ $this->simple_query('SET SESSION sql_mode="STRICT_ALL_TABLES"');
+ }
+
return $this->conn_id;
}
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index ef2cb8a8d..62ba2c50d 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -66,6 +66,15 @@ class CI_DB_mysqli_driver extends CI_DB {
*/
public $delete_hack = TRUE;
+ /**
+ * Strict ON flag
+ *
+ * Whether we're running in strict SQL mode.
+ *
+ * @var bool
+ */
+ public $stricton = FALSE;
+
// --------------------------------------------------------------------
/**
@@ -93,6 +102,11 @@ class CI_DB_mysqli_driver extends CI_DB {
$client_flags = ($this->compress === TRUE) ? MYSQLI_CLIENT_COMPRESS : 0;
$mysqli = mysqli_init();
+ if ($this->stricton)
+ {
+ $mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"');
+ }
+
return @$mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, NULL, $client_flags)
? $mysqli : FALSE;
}
@@ -241,9 +255,10 @@ class CI_DB_mysqli_driver extends CI_DB {
// even if the queries produce a successful result.
$this->_trans_failure = ($test_mode === TRUE);
- $this->simple_query('SET AUTOCOMMIT=0');
- $this->simple_query('START TRANSACTION'); // can also be BEGIN or BEGIN WORK
- return TRUE;
+ $this->conn_id->autocommit(FALSE);
+ return is_php('5.5')
+ ? $this->conn_id->begin_transaction()
+ : $this->simple_query('START TRANSACTION'); // can also be BEGIN or BEGIN WORK
}
// --------------------------------------------------------------------
@@ -261,9 +276,13 @@ class CI_DB_mysqli_driver extends CI_DB {
return TRUE;
}
- $this->simple_query('COMMIT');
- $this->simple_query('SET AUTOCOMMIT=1');
- return TRUE;
+ if ($this->conn_id->commit())
+ {
+ $this->conn_id->autocommit(TRUE);
+ return TRUE;
+ }
+
+ return FALSE;
}
// --------------------------------------------------------------------
@@ -281,9 +300,13 @@ class CI_DB_mysqli_driver extends CI_DB {
return TRUE;
}
- $this->simple_query('ROLLBACK');
- $this->simple_query('SET AUTOCOMMIT=1');
- return TRUE;
+ if ($this->conn_id->rollback())
+ {
+ $this->conn_id->autocommit(TRUE);
+ return TRUE;
+ }
+
+ return FALSE;
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 93e62b4dd..d75ed28cc 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -18,7 +18,7 @@
*
* @package CodeIgniter
* @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/)
+ * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/)
* @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
* @link http://codeigniter.com
* @since Version 1.0
@@ -344,7 +344,7 @@ class CI_DB_oci8_driver extends CI_DB {
$have_cursor = TRUE;
}
}
- $sql = trim($sql, ',') . '); END;';
+ $sql = trim($sql, ',').'); END;';
$this->stmt_id = FALSE;
$this->_set_stmt_id($sql);
diff --git a/system/database/drivers/oci8/oci8_result.php b/system/database/drivers/oci8/oci8_result.php
index fd1d28787..ce09b62bc 100644
--- a/system/database/drivers/oci8/oci8_result.php
+++ b/system/database/drivers/oci8/oci8_result.php
@@ -18,7 +18,7 @@
*
* @package CodeIgniter
* @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/)
+ * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/)
* @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
* @link http://codeigniter.com
* @since Version 1.0
diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php
index fa89661b1..184a8df33 100644
--- a/system/database/drivers/pdo/pdo_driver.php
+++ b/system/database/drivers/pdo/pdo_driver.php
@@ -69,7 +69,7 @@ class CI_DB_pdo_driver extends CI_DB {
{
parent::__construct($params);
- if (preg_match('/([^;]+):/', $this->dsn, $match) && count($match) === 2)
+ if (preg_match('/([^:]+):/', $this->dsn, $match) && count($match) === 2)
{
// If there is a minimum valid dsn string pattern found, we're done
// This is for general PDO users, who tend to have a full DSN string.
@@ -77,7 +77,7 @@ class CI_DB_pdo_driver extends CI_DB {
return;
}
// Legacy support for DSN specified in the hostname field
- elseif (preg_match('/([^;]+):/', $this->hostname, $match) && count($match) === 2)
+ elseif (preg_match('/([^:]+):/', $this->hostname, $match) && count($match) === 2)
{
$this->dsn = $this->hostname;
$this->hostname = NULL;
diff --git a/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php b/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php
index ff486fc5a..bc92cab83 100644
--- a/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php
+++ b/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php
@@ -55,6 +55,15 @@ class CI_DB_pdo_mysql_driver extends CI_DB_pdo_driver {
*/
public $compress = FALSE;
+ /**
+ * Strict ON flag
+ *
+ * Whether we're running in strict SQL mode.
+ *
+ * @var bool
+ */
+ public $stricton = FALSE;
+
// --------------------------------------------------------------------
/**
@@ -114,6 +123,18 @@ class CI_DB_pdo_mysql_driver extends CI_DB_pdo_driver {
.(empty($this->dbcollat) ? '' : ' COLLATE '.$this->dbcollat);
}
+ if ($this->stricton)
+ {
+ if (empty($this->options[PDO::MYSQL_ATTR_INIT_COMMAND]))
+ {
+ $this->options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET SESSION sql_mode="STRICT_ALL_TABLES"';
+ }
+ else
+ {
+ $this->options[PDO::MYSQL_ATTR_INIT_COMMAND] .= ', @@session.sql_mode = "STRICT_ALL_TABLES"';
+ }
+ }
+
if ($this->compress === TRUE)
{
$this->options[PDO::MYSQL_ATTR_COMPRESS] = TRUE;
diff --git a/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php b/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php
index d0cdde2e2..fda3f238b 100644
--- a/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php
+++ b/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php
@@ -137,7 +137,7 @@ class CI_DB_pdo_pgsql_driver extends CI_DB_pdo_driver {
*/
public function is_write_type($sql)
{
- return (bool) preg_match('/^\s*"?(SET|INSERT(?![^\)]+\)\s+RETURNING)|UPDATE|DELETE|REPLACE|CREATE|DROP|TRUNCATE|LOAD|COPY|ALTER|RENAME|GRANT|REVOKE|LOCK|UNLOCK|REINDEX)\s+/i', $sql);
+ return (bool) preg_match('/^\s*"?(SET|INSERT(?![^\)]+\)\s+RETURNING)|UPDATE(?!.*\sRETURNING)|DELETE|CREATE|DROP|TRUNCATE|LOAD|COPY|ALTER|RENAME|GRANT|REVOKE|LOCK|UNLOCK|REINDEX)\s+/i', str_replace(array("\r\n", "\r", "\n"), ' ', $sql));
}
// --------------------------------------------------------------------
@@ -166,7 +166,7 @@ class CI_DB_pdo_pgsql_driver extends CI_DB_pdo_driver {
* ORDER BY
*
* @param string $orderby
- * @param string $direction ASC or DESC
+ * @param string $direction ASC, DESC or RANDOM
* @param bool $escape
* @return object
*/
diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php
index ac7345ad6..b72fb873a 100644
--- a/system/database/drivers/postgre/postgre_driver.php
+++ b/system/database/drivers/postgre/postgre_driver.php
@@ -318,7 +318,7 @@ class CI_DB_postgre_driver extends CI_DB {
*/
public function is_write_type($sql)
{
- return (bool) preg_match('/^\s*"?(SET|INSERT(?![^\)]+\)\s+RETURNING)|UPDATE|DELETE|REPLACE|CREATE|DROP|TRUNCATE|LOAD|COPY|ALTER|RENAME|GRANT|REVOKE|LOCK|UNLOCK|REINDEX)\s+/i', $sql);
+ return (bool) preg_match('/^\s*"?(SET|INSERT(?![^\)]+\)\s+RETURNING)|UPDATE(?!.*\sRETURNING)|DELETE|CREATE|DROP|TRUNCATE|LOAD|COPY|ALTER|RENAME|GRANT|REVOKE|LOCK|UNLOCK|REINDEX)\s+/i', str_replace(array("\r\n", "\r", "\n"), ' ', $sql));
}
// --------------------------------------------------------------------
@@ -331,7 +331,7 @@ class CI_DB_postgre_driver extends CI_DB {
*/
protected function _escape_str($str)
{
- return pg_escape_string($str);
+ return pg_escape_string($this->conn_id, $str);
}
// --------------------------------------------------------------------
@@ -346,7 +346,11 @@ class CI_DB_postgre_driver extends CI_DB {
*/
public function escape($str)
{
- if (is_bool($str))
+ if (is_php('5.4.4') && (is_string($str) OR (is_object($str) && method_exists($str, '__toString'))))
+ {
+ return pg_escape_literal($this->conn_id, $str);
+ }
+ elseif (is_bool($str))
{
return ($str) ? 'TRUE' : 'FALSE';
}
@@ -512,7 +516,7 @@ class CI_DB_postgre_driver extends CI_DB {
* ORDER BY
*
* @param string $orderby
- * @param string $direction ASC or DESC
+ * @param string $direction ASC, DESC or RANDOM
* @param bool $escape
* @return object
*/
diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php
index 2d2ae7751..24cd53568 100644
--- a/system/helpers/captcha_helper.php
+++ b/system/helpers/captcha_helper.php
@@ -126,9 +126,9 @@ if ( ! function_exists('create_captcha'))
// Determine angle and position
// -----------------------------------
$length = strlen($word);
- $angle = ($length >= 6) ? rand(-($length-6), ($length-6)) : 0;
- $x_axis = rand(6, (360/$length)-16);
- $y_axis = ($angle >= 0) ? rand($img_height, $img_width) : rand(6, $img_height);
+ $angle = ($length >= 6) ? mt_rand(-($length-6), ($length-6)) : 0;
+ $x_axis = mt_rand(6, (360/$length)-16);
+ $y_axis = ($angle >= 0) ? mt_rand($img_height, $img_width) : mt_rand(6, $img_height);
// Create image
// PHP.net recommends imagecreatetruecolor(), but it isn't always available
@@ -142,7 +142,7 @@ if ( ! function_exists('create_captcha'))
is_array($colors) OR $colors = $defaults['colors'];
- foreach (array_keys($default['colors']) as $key)
+ foreach (array_keys($defaults['colors']) as $key)
{
// Check for a possible missing value
is_array($colors[$key]) OR $colors[$key] = $defaults['colors'][$key];
@@ -183,13 +183,13 @@ if ( ! function_exists('create_captcha'))
if ($use_font === FALSE)
{
$font_size = 5;
- $x = rand(0, $img_width / ($length / 3));
+ $x = mt_rand(0, $img_width / ($length / 3));
$y = 0;
}
else
{
$font_size = 16;
- $x = rand(0, $img_width / ($length / 1.5));
+ $x = mt_rand(0, $img_width / ($length / 1.5));
$y = $font_size + 2;
}
@@ -197,13 +197,13 @@ if ( ! function_exists('create_captcha'))
{
if ($use_font === FALSE)
{
- $y = rand(0 , $img_height / 2);
+ $y = mt_rand(0 , $img_height / 2);
imagestring($im, $font_size, $x, $y, $word[$i], $colors['text']);
$x += ($font_size * 2);
}
else
{
- $y = rand($img_height / 2, $img_height - 3);
+ $y = mt_rand($img_height / 2, $img_height - 3);
imagettftext($im, $font_size, $angle, $x, $y, $colors['text'], $font_path, $word[$i]);
$x += $font_size;
}
@@ -215,12 +215,12 @@ if ( ! function_exists('create_captcha'))
// -----------------------------------
// Generate the image
// -----------------------------------
- $img_name = $now.'.jpg';
- ImageJPEG($im, $img_path.$img_name);
- $img = '<img src="'.$img_url.$img_name.'" style="width: '.$img_width.'; height: '.$img_height .'; border: 0;" alt=" " />';
+ $img_filename = $now.'.jpg';
+ ImageJPEG($im, $img_path.$img_filename);
+ $img = '<img src="'.$img_url.$img_filename.'" style="width: '.$img_width.'; height: '.$img_height .'; border: 0;" alt=" " />';
ImageDestroy($im);
- return array('word' => $word, 'time' => $now, 'image' => $img);
+ return array('word' => $word, 'time' => $now, 'image' => $img, 'filename' => $img_filename);
}
}
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 2002d4269..a3d299b0d 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -50,15 +50,10 @@ if ( ! function_exists('form_open'))
* @param array a key/value pair hidden data
* @return string
*/
- function form_open($action = '', $attributes = '', $hidden = array())
+ function form_open($action = '', $attributes = array(), $hidden = array())
{
$CI =& get_instance();
- if ($attributes === '')
- {
- $attributes = 'method="post"';
- }
-
// If an action is not a full URL then turn it into one
if ($action && strpos($action, '://') === FALSE)
{
@@ -70,10 +65,22 @@ if ( ! function_exists('form_open'))
$action = $CI->config->site_url($CI->uri->uri_string());
}
- $form = '<form action="'.$action.'"'._attributes_to_string($attributes, TRUE).">\n";
+ $attributes = _attributes_to_string($attributes);
+
+ if (stripos($attributes, 'method=') === FALSE)
+ {
+ $attributes .= ' method="post"';
+ }
+
+ if (stripos($attributes, 'accept-charset=') === FALSE)
+ {
+ $attributes .= ' accept-charset="'.strtolower(config_item('charset')).'"';
+ }
+
+ $form = '<form action="'.$action.'"'.$attributes.">\n";
// Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
- if ($CI->config->item('csrf_protection') === TRUE && ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"')))
+ if ($CI->config->item('csrf_protection') === TRUE && ! (strpos($action, $CI->config->base_url()) === FALSE OR stripos($form, 'method="get"')))
{
$hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash();
}
@@ -309,7 +316,7 @@ if ( ! function_exists('form_dropdown'))
{
isset($name['options']) OR $name['options'] = array();
isset($name['selected']) OR $name['selected'] = array();
- isset($name['extra']) OR $name['extra'] = array();
+ isset($name['extra']) OR $name['extra'] = '';
return form_dropdown($name['name'], $name['options'], $name['selected'], $name['extra']);
}
@@ -322,10 +329,7 @@ if ( ! function_exists('form_dropdown'))
$selected = array($_POST[$name]);
}
- if ($extra != '')
- {
- $extra = ' '.$extra;
- }
+ $extra = _attributes_to_string($extra);
$multiple = (count($selected) > 1 && strpos($extra, 'multiple') === FALSE) ? ' multiple="multiple"' : '';
@@ -542,12 +546,12 @@ if ( ! function_exists('form_fieldset'))
* use form_fieldset_close()
*
* @param string The legend text
- * @param string Additional attributes
+ * @param array Additional attributes
* @return string
*/
function form_fieldset($legend_text = '', $attributes = array())
{
- $fieldset = '<fieldset'._attributes_to_string($attributes, FALSE).">\n";
+ $fieldset = '<fieldset'._attributes_to_string($attributes).">\n";
if ($legend_text !== '')
{
return $fieldset.'<legend>'.$legend_text."</legend>\n";
@@ -668,37 +672,33 @@ if ( ! function_exists('set_select'))
*/
function set_select($field = '', $value = '', $default = FALSE)
{
- $OBJ =& _get_validation_object();
+ $CI =& get_instance();
- if ($OBJ === FALSE)
+ if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
- if ( ! isset($_POST[$field]))
- {
- if (count($_POST) === 0 && $default === TRUE)
- {
- return ' selected="selected"';
- }
- return '';
- }
-
- $field = $_POST[$field];
+ return $CI->form_validation->set_select($field, $value, $default);
+ }
+ elseif (($input = $CI->input->post($field, FALSE)) === NULL)
+ {
+ return ($default === TRUE) ? ' selected="selected"' : '';
+ }
- if (is_array($field))
+ $value = (string) $value;
+ if (is_array($input))
+ {
+ // Note: in_array('', array(0)) returns TRUE, do not use it
+ foreach ($input as &$v)
{
- if ( ! in_array($value, $field))
+ if ($value === $v)
{
- return '';
+ return ' selected="selected"';
}
}
- elseif (($field == '' OR $value == '') OR $field !== $value)
- {
- return '';
- }
- return ' selected="selected"';
+ return '';
}
- return $OBJ->set_select($field, $value, $default);
+ return ($input === $value) ? ' selected="selected"' : '';
}
}
@@ -719,37 +719,33 @@ if ( ! function_exists('set_checkbox'))
*/
function set_checkbox($field = '', $value = '', $default = FALSE)
{
- $OBJ =& _get_validation_object();
+ $CI =& get_instance();
- if ($OBJ === FALSE)
+ if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
- if ( ! isset($_POST[$field]))
- {
- if (count($_POST) === 0 && $default === TRUE)
- {
- return ' checked="checked"';
- }
- return '';
- }
-
- $field = $_POST[$field];
+ return $CI->form_validation->set_checkbox($field, $value, $default);
+ }
+ elseif (($input = $CI->input->post($field, FALSE)) === NULL)
+ {
+ return ($default === TRUE) ? ' checked="checked"' : '';
+ }
- if (is_array($field))
+ $value = (string) $value;
+ if (is_array($input))
+ {
+ // Note: in_array('', array(0)) returns TRUE, do not use it
+ foreach ($input as &$v)
{
- if ( ! in_array($value, $field))
+ if ($value === $v)
{
- return '';
+ return ' checked="checked"';
}
}
- elseif (($field == '' OR $value == '') OR $field !== $value)
- {
- return '';
- }
- return ' checked="checked"';
+ return '';
}
- return $OBJ->set_checkbox($field, $value, $default);
+ return ($input === $value) ? ' checked="checked"' : '';
}
}
@@ -763,47 +759,25 @@ if ( ! function_exists('set_radio'))
* Let's you set the selected value of a radio field via info in the POST array.
* If Form Validation is active it retrieves the info from the validation class
*
- * @param string
- * @param string
- * @param bool
+ * @param string $field
+ * @param string $value
+ * @param bool $default
* @return string
*/
function set_radio($field = '', $value = '', $default = FALSE)
{
- $OBJ =& _get_validation_object();
+ $CI =& get_instance();
- if ($OBJ === FALSE)
+ if (isset($CI->form_validation) && is_object($CI->form_validation) && $CI->form_validation->has_rule($field))
{
- if ( ! isset($_POST[$field]))
- {
- if (count($_POST) === 0 && $default === TRUE)
- {
- return ' checked="checked"';
- }
- return '';
- }
-
- $field = $_POST[$field];
-
- if (is_array($field))
- {
- if ( ! in_array($value, $field))
- {
- return '';
- }
- }
- else
- {
- if (($field == '' OR $value == '') OR $field !== $value)
- {
- return '';
- }
- }
-
- return ' checked="checked"';
+ return $CI->form_validation->set_radio($field, $value, $default);
+ }
+ elseif (($input = $CI->input->post($field, FALSE)) === NULL)
+ {
+ return ($default === TRUE) ? ' checked="checked"' : '';
}
- return $OBJ->set_radio($field, $value, $default);
+ return ($input === (string) $value) ? ' checked="checked"' : '';
}
}
@@ -920,45 +894,24 @@ if ( ! function_exists('_attributes_to_string'))
* Helper function used by some of the form helpers
*
* @param mixed
- * @param bool
* @return string
*/
- function _attributes_to_string($attributes, $formtag = FALSE)
+ function _attributes_to_string($attributes)
{
- if (is_string($attributes) && strlen($attributes) > 0)
+ if (empty($attributes))
{
- if ($formtag === TRUE && strpos($attributes, 'method=') === FALSE)
- {
- $attributes .= ' method="post"';
- }
-
- if ($formtag === TRUE && strpos($attributes, 'accept-charset=') === FALSE)
- {
- $attributes .= ' accept-charset="'.strtolower(config_item('charset')).'"';
- }
-
- return ' '.$attributes;
+ return '';
}
- if (is_object($attributes) && count($attributes) > 0)
+ if (is_object($attributes))
{
$attributes = (array) $attributes;
}
- if (is_array($attributes) && ($formtag === TRUE OR count($attributes) > 0))
+ if (is_array($attributes))
{
$atts = '';
- if ( ! isset($attributes['method']) && $formtag === TRUE)
- {
- $atts .= ' method="post"';
- }
-
- if ( ! isset($attributes['accept-charset']) && $formtag === TRUE)
- {
- $atts .= ' accept-charset="'.strtolower(config_item('charset')).'"';
- }
-
foreach ($attributes as $key => $val)
{
$atts .= ' '.$key.'="'.$val.'"';
@@ -966,6 +919,13 @@ if ( ! function_exists('_attributes_to_string'))
return $atts;
}
+
+ if (is_string($attributes))
+ {
+ return ' '.$attributes;
+ }
+
+ return FALSE;
}
}
@@ -988,7 +948,7 @@ if ( ! function_exists('_get_validation_object'))
// We set this as a variable since we're returning by reference.
$return = FALSE;
- if (FALSE !== ($object = $CI->load->is_loaded('form_validation')))
+ if (FALSE !== ($object = $CI->load->is_loaded('Form_validation')))
{
if ( ! isset($CI->$object) OR ! is_object($CI->$object))
{
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index fbb4a1b24..b0f436840 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -52,14 +52,7 @@ if ( ! function_exists('site_url'))
*/
function site_url($uri = '', $protocol = NULL)
{
- $uri = get_instance()->config->site_url($uri);
-
- if (isset($protocol))
- {
- return $protocol.substr($uri, strpos($uri, '://'));
- }
-
- return $uri;
+ return get_instance()->config->site_url($uri, $protocol);
}
}
@@ -80,14 +73,7 @@ if ( ! function_exists('base_url'))
*/
function base_url($uri = '', $protocol = NULL)
{
- $uri = get_instance()->config->base_url($uri);
-
- if (isset($protocol))
- {
- return $protocol.substr($uri, strpos($uri, '://'));
- }
-
- return $uri;
+ return get_instance()->config->base_url($uri, $protocol);
}
}
diff --git a/system/libraries/Cache/Cache.php b/system/libraries/Cache/Cache.php
index e1089f755..537897eaf 100644
--- a/system/libraries/Cache/Cache.php
+++ b/system/libraries/Cache/Cache.php
@@ -106,7 +106,7 @@ class CI_Cache extends CI_Driver_Library {
isset($config['key_prefix']) && $this->key_prefix = $config['key_prefix'];
- if (isset($config['backup']) && in_array('cache_'.$config['backup'], $this->valid_drivers))
+ if (isset($config['backup']) && in_array($config['backup'], $this->valid_drivers))
{
$this->_backup_driver = $config['backup'];
}
@@ -123,6 +123,7 @@ class CI_Cache extends CI_Driver_Library {
else
{
// Backup is supported. Set it to primary.
+ log_message('debug', 'Cache adapter "'.$this->_adapter.'" is unavailable. Falling back to "'.$this->_backup_driver.'" backup adapter.');
$this->_adapter = $this->_backup_driver;
}
}
diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php
index 127a220a7..a84e7d2d3 100644
--- a/system/libraries/Cache/drivers/Cache_apc.php
+++ b/system/libraries/Cache/drivers/Cache_apc.php
@@ -150,7 +150,7 @@ class CI_Cache_apc extends CI_Driver {
{
if ( ! extension_loaded('apc') OR ! (bool) @ini_get('apc.enabled'))
{
- log_message('error', 'The APC PHP extension must be loaded to use APC Cache.');
+ log_message('debug', 'The APC PHP extension must be loaded to use APC Cache.');
return FALSE;
}
diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php
index 35d91049a..d2a3a489d 100644
--- a/system/libraries/Cache/drivers/Cache_memcached.php
+++ b/system/libraries/Cache/drivers/Cache_memcached.php
@@ -240,7 +240,7 @@ class CI_Cache_memcached extends CI_Driver {
{
if ( ! extension_loaded('memcached') && ! extension_loaded('memcache'))
{
- log_message('error', 'The Memcached Extension must be loaded to use Memcached Cache.');
+ log_message('debug', 'The Memcached Extension must be loaded to use Memcached Cache.');
return FALSE;
}
diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php
index 484f284f1..f13e4479f 100644
--- a/system/libraries/Cache/drivers/Cache_redis.php
+++ b/system/libraries/Cache/drivers/Cache_redis.php
@@ -44,6 +44,7 @@ class CI_Cache_redis extends CI_Driver
* @var array
*/
protected static $_default_config = array(
+ 'socket_type' => 'tcp',
'host' => '127.0.0.1',
'password' => NULL,
'port' => 6379,
@@ -163,12 +164,11 @@ class CI_Cache_redis extends CI_Driver
{
if (extension_loaded('redis'))
{
- $this->_setup_redis();
- return TRUE;
+ return $this->_setup_redis();
}
else
{
- log_message('error', 'The Redis extension must be loaded to use Redis cache.');
+ log_message('debug', 'The Redis extension must be loaded to use Redis cache.');
return FALSE;
}
}
@@ -200,17 +200,33 @@ class CI_Cache_redis extends CI_Driver
try
{
- $this->_redis->connect($config['host'], $config['port'], $config['timeout']);
+ if ($config['socket_type'] === 'unix')
+ {
+ $success = $this->_redis->connect($config['socket']);
+ }
+ else // tcp socket
+ {
+ $success = $this->_redis->connect($config['host'], $config['port'], $config['timeout']);
+ }
+
+ if ( ! $success)
+ {
+ log_message('debug', 'Cache: Redis connection refused. Check the config.');
+ return FALSE;
+ }
}
catch (RedisException $e)
{
- show_error('Redis connection refused. ' . $e->getMessage());
+ log_message('debug', 'Cache: Redis connection refused ('.$e->getMessage().')');
+ return FALSE;
}
if (isset($config['password']))
{
$this->_redis->auth($config['password']);
}
+
+ return TRUE;
}
// ------------------------------------------------------------------------
diff --git a/system/libraries/Cache/drivers/Cache_wincache.php b/system/libraries/Cache/drivers/Cache_wincache.php
index d749978f5..80d3ac13d 100644
--- a/system/libraries/Cache/drivers/Cache_wincache.php
+++ b/system/libraries/Cache/drivers/Cache_wincache.php
@@ -150,7 +150,7 @@ class CI_Cache_wincache extends CI_Driver {
{
if ( ! extension_loaded('wincache'))
{
- log_message('error', 'The Wincache PHP extension must be loaded to use Wincache Cache.');
+ log_message('debug', 'The Wincache PHP extension must be loaded to use Wincache Cache.');
return FALSE;
}
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 46ffaa1d4..efdbfd7c1 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -399,9 +399,9 @@ class CI_Email {
else
{
$this->_smtp_auth = ! ($this->smtp_user === '' && $this->smtp_pass === '');
- $this->_safe_mode = (bool) @ini_get('safe_mode');
}
+ $this->_safe_mode = ( ! is_php('5.4') && (bool) @ini_get('safe_mode'));
$this->charset = strtoupper($this->charset);
log_message('debug', 'Email Class Initialized');
@@ -451,7 +451,6 @@ class CI_Email {
$this->clear();
$this->_smtp_auth = ! ($this->smtp_user === '' && $this->smtp_pass === '');
- $this->_safe_mode = (bool) @ini_get('safe_mode');
return $this;
}
@@ -1265,7 +1264,7 @@ class CI_Email {
}
else
{
- $this->_finalbody = $hdr . $this->newline . $this->newline . $this->_body;
+ $this->_finalbody = $hdr.$this->newline.$this->newline.$this->_body;
}
return;
@@ -1275,11 +1274,11 @@ class CI_Email {
if ($this->send_multipart === FALSE)
{
$hdr .= 'Content-Type: text/html; charset='.$this->charset.$this->newline
- .'Content-Transfer-Encoding: quoted-printable'.$this->newline.$this->newline;
+ .'Content-Transfer-Encoding: quoted-printable';
}
else
{
- $hdr .= 'Content-Type: multipart/alternative; boundary="'.$this->_alt_boundary.'"'.$this->newline.$this->newline;
+ $hdr .= 'Content-Type: multipart/alternative; boundary="'.$this->_alt_boundary.'"';
$body .= $this->_get_mime_message().$this->newline.$this->newline
.'--'.$this->_alt_boundary.$this->newline
@@ -1300,7 +1299,7 @@ class CI_Email {
}
else
{
- $this->_finalbody = $hdr.$this->_finalbody;
+ $this->_finalbody = $hdr.$this->newline.$this->newline.$this->_finalbody;
}
if ($this->send_multipart !== FALSE)
@@ -1312,25 +1311,25 @@ class CI_Email {
case 'plain-attach' :
- $hdr .= 'Content-Type: multipart/'.$this->multipart.'; boundary="'.$this->_atc_boundary.'"'.$this->newline.$this->newline;
+ $hdr .= 'Content-Type: multipart/'.$this->multipart.'; boundary="'.$this->_atc_boundary.'"';
if ($this->_get_protocol() === 'mail')
{
$this->_header_str .= $hdr;
}
- $body .= $this->_get_mime_message().$this->newline.$this->newline
+ $body .= $this->_get_mime_message().$this->newline
+ .$this->newline
.'--'.$this->_atc_boundary.$this->newline
-
.'Content-Type: text/plain; charset='.$this->charset.$this->newline
- .'Content-Transfer-Encoding: '.$this->_get_encoding().$this->newline.$this->newline
-
+ .'Content-Transfer-Encoding: '.$this->_get_encoding().$this->newline
+ .$this->newline
.$this->_body.$this->newline.$this->newline;
break;
case 'html-attach' :
- $hdr .= 'Content-Type: multipart/'.$this->multipart.'; boundary="'.$this->_atc_boundary.'"'.$this->newline.$this->newline;
+ $hdr .= 'Content-Type: multipart/'.$this->multipart.'; boundary="'.$this->_atc_boundary.'"';
if ($this->_get_protocol() === 'mail')
{
@@ -1400,7 +1399,9 @@ class CI_Email {
}
$body .= implode($this->newline, $attachment).$this->newline.'--'.$this->_atc_boundary.'--';
- $this->_finalbody = ($this->_get_protocol() === 'mail') ? $body : $hdr.$body;
+ $this->_finalbody = ($this->_get_protocol() === 'mail')
+ ? $body
+ : $hdr.$this->newline.$this->newline.$body;
return TRUE;
}
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 40ba01202..5ea2f81af 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -583,7 +583,7 @@ class CI_Form_validation {
// If the field is blank, but NOT required, no further tests are necessary
$callback = FALSE;
- if ( ! in_array('required', $rules) && $postdata === NULL)
+ if ( ! in_array('required', $rules) && ($postdata === NULL OR $postdata === ''))
{
// Before we bail out, does the rule contain a callback?
if (preg_match('/(callback_\w+(\[.*?\])?)/', implode(' ', $rules), $match))
@@ -598,7 +598,7 @@ class CI_Form_validation {
}
// Isset Test. Typically this rule will only apply to checkboxes.
- if ($postdata === NULL && $callback === FALSE)
+ if (($postdata === NULL OR $postdata === '') && $callback === FALSE)
{
if (in_array('isset', $rules, TRUE) OR in_array('required', $rules))
{
@@ -898,12 +898,19 @@ class CI_Form_validation {
}
$field = $this->_field_data[$field]['postdata'];
+ $value = (string) $value;
if (is_array($field))
{
- if ( ! in_array($value, $field))
+ // Note: in_array('', array(0)) returns TRUE, do not use it
+ foreach ($field as &$v)
{
- return '';
+ if ($value === $v)
+ {
+ return ' selected="selected"';
+ }
}
+
+ return '';
}
elseif (($field === '' OR $value === '') OR ($field !== $value))
{
@@ -934,12 +941,19 @@ class CI_Form_validation {
}
$field = $this->_field_data[$field]['postdata'];
+ $value = (string) $value;
if (is_array($field))
{
- if ( ! in_array($value, $field))
+ // Note: in_array('', array(0)) returns TRUE, do not use it
+ foreach ($field as &$v)
{
- return '';
+ if ($value === $v)
+ {
+ return ' checked="checked"';
+ }
}
+
+ return '';
}
elseif (($field === '' OR $value === '') OR ($field !== $value))
{
diff --git a/system/libraries/Ftp.php b/system/libraries/Ftp.php
index dc6bbd226..2489f490f 100644
--- a/system/libraries/Ftp.php
+++ b/system/libraries/Ftp.php
@@ -392,7 +392,7 @@ class CI_FTP {
{
if ($this->debug === TRUE)
{
- $this->_error('ftp_unable_to_' . ($move === FALSE ? 'rename' : 'move'));
+ $this->_error('ftp_unable_to_'.($move === FALSE ? 'rename' : 'move'));
}
return FALSE;
}
diff --git a/system/libraries/Javascript.php b/system/libraries/Javascript.php
index 090f4c90e..26a16850c 100644
--- a/system/libraries/Javascript.php
+++ b/system/libraries/Javascript.php
@@ -172,7 +172,7 @@ class CI_Javascript {
*/
public function focus($element = 'this', $js = '')
{
- return $this->js->__add_event($element, $js);
+ return $this->js->_focus($element, $js);
}
// --------------------------------------------------------------------
@@ -189,7 +189,7 @@ class CI_Javascript {
*/
public function hover($element = 'this', $over = '', $out = '')
{
- return $this->js->__hover($element, $over, $out);
+ return $this->js->_hover($element, $over, $out);
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Javascript/Jquery.php b/system/libraries/Javascript/Jquery.php
index f5fa72d30..ab78e8b2e 100644
--- a/system/libraries/Javascript/Jquery.php
+++ b/system/libraries/Javascript/Jquery.php
@@ -923,7 +923,6 @@ class CI_Jquery extends CI_Javascript {
if (is_array($js))
{
$js = implode("\n\t\t", $js);
-
}
$event = "\n\t$(".$this->_prep_element($element).').'.$event."(function(){\n\t\t{$js}\n\t});\n";
@@ -937,7 +936,7 @@ class CI_Jquery extends CI_Javascript {
* Compile
*
* As events are specified, they are stored in an array
- * This funciton compiles them all for output on a page
+ * This function compiles them all for output on a page
*
* @param string $view_var
* @param bool $script_tags
diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php
index 10fb29dbd..c6ffd03d4 100644
--- a/system/libraries/Pagination.php
+++ b/system/libraries/Pagination.php
@@ -354,7 +354,8 @@ class CI_Pagination {
public function create_links()
{
// If our item count or per-page total is zero there is no need to continue.
- if ($this->total_rows === 0 OR $this->per_page === 0)
+ // Note: DO NOT change the operator to === here!
+ if ($this->total_rows == 0 OR $this->per_page == 0)
{
return '';
}
diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index 9e9e7d08d..50ba1673f 100644
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -307,10 +307,7 @@ class CI_Profiler {
foreach ($_GET as $key => $val)
{
- if ( ! is_numeric($key))
- {
- $key = "'".$key."'";
- }
+ is_int($key) OR $key = "'".$key."'";
$output .= '<tr><td style="width:50%;color:#000;background-color:#ddd;padding:5px;">&#36;_GET['
.$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#cd6e00;font-weight:normal;background-color:#ddd;">'
@@ -338,7 +335,7 @@ class CI_Profiler {
."\n"
.'<legend style="color:#009900;">&nbsp;&nbsp;'.$this->CI->lang->line('profiler_post_data')."&nbsp;&nbsp;</legend>\n";
- if (count($_POST) === 0)
+ if (count($_POST) === 0 && count($_FILES) === 0)
{
$output .= '<div style="color:#009900;font-weight:normal;padding:4px 0 4px 0;">'.$this->CI->lang->line('profiler_no_post').'</div>';
}
@@ -348,10 +345,7 @@ class CI_Profiler {
foreach ($_POST as $key => $val)
{
- if ( ! is_numeric($key))
- {
- $key = "'".$key."'";
- }
+ is_int($key) OR $key = "'".$key."'";
$output .= '<tr><td style="width:50%;padding:5px;color:#000;background-color:#ddd;">&#36;_POST['
.$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">';
@@ -368,6 +362,21 @@ class CI_Profiler {
$output .= "</td></tr>\n";
}
+ foreach ($_FILES as $key => $val)
+ {
+ is_int($key) OR $key = "'".$key."'";
+
+ $output .= '<tr><td style="width:50%;padding:5px;color:#000;background-color:#ddd;">&#36;_FILES['
+ .$key.']&nbsp;&nbsp; </td><td style="width:50%;padding:5px;color:#009900;font-weight:normal;background-color:#ddd;">';
+
+ if (is_array($val) OR is_object($val))
+ {
+ $output .= '<pre>'.htmlspecialchars(stripslashes(print_r($val, TRUE))).'</pre>';
+ }
+
+ $output .= "</td></tr>\n";
+ }
+
$output .= "</table>\n";
}
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index c7f6f828c..19de97994 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -60,11 +60,18 @@ class CI_Session extends CI_Driver_Library {
public $params = array();
/**
+ * Valid drivers list
+ *
+ * @var array
+ */
+ public $valid_drivers = array('native', 'cookie');
+
+ /**
* Current driver in use
*
* @var string
*/
- protected $current = NULL;
+ public $current = NULL;
/**
* User data
@@ -95,46 +102,36 @@ class CI_Session extends CI_Driver_Library {
*/
public function __construct(array $params = array())
{
- $CI =& get_instance();
+ $_config =& get_instance()->config;
// No sessions under CLI
- if ($CI->input->is_cli_request())
+ if (is_cli())
{
return;
}
log_message('debug', 'CI_Session Class Initialized');
- // Get valid drivers list
- $this->valid_drivers = array(
- 'native',
- 'cookie'
- );
- $key = 'sess_valid_drivers';
- $drivers = isset($params[$key]) ? $params[$key] : $CI->config->item($key);
- if ($drivers)
+ // Add possible extra entries to our valid drivers list
+ $drivers = isset($params['sess_valid_drivers']) ? $params['sess_valid_drivers'] : $_config->item('sess_valid_drivers');
+ if ( ! empty($drivers))
{
- // Add driver names to valid list
- foreach ((array) $drivers as $driver)
- {
- if ( ! in_array(strtolower($driver), array_map('strtolower', $this->valid_drivers)))
- {
- $this->valid_drivers[] = $driver;
- }
- }
+ $drivers = array_map('strtolower', (array) $drivers);
+ $this->valid_drivers = array_merge($this->valid_drivers, array_diff($drivers, $this->valid_drivers));
}
// Get driver to load
- $key = 'sess_driver';
- $driver = isset($params[$key]) ? $params[$key] : $CI->config->item($key);
+ $driver = isset($params['sess_driver']) ? $params['sess_driver'] : $_config->item('sess_driver');
if ( ! $driver)
{
+ log_message('debug', "Session: No driver name is configured, defaulting to 'cookie'.");
$driver = 'cookie';
}
- if ( ! in_array(strtolower($driver), array_map('strtolower', $this->valid_drivers)))
+ if ( ! in_array($driver, $this->valid_drivers))
{
- $this->valid_drivers[] = $driver;
+ log_message('error', 'Session: Configured driver name is not valid, aborting.');
+ return;
}
// Save a copy of parameters in case drivers need access
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index d3d22d03a..dc75d8e8e 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -397,7 +397,7 @@ class CI_Session_cookie extends CI_Session_driver {
}
// Unserialize the session array
- $session = $this->_unserialize($session);
+ $session = @unserialize($session);
// Is the session data we unserialized an array with the correct format?
if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
@@ -472,7 +472,7 @@ class CI_Session_cookie extends CI_Session_driver {
$row = $query->row();
if ( ! empty($row->user_data))
{
- $custom_data = $this->_unserialize($row->user_data);
+ $custom_data = unserialize(trim($row->user_data));
if (is_array($custom_data))
{
@@ -608,7 +608,7 @@ class CI_Session_cookie extends CI_Session_driver {
if ( ! empty($userdata))
{
// Serialize the custom data array so we can store it
- $set['user_data'] = $this->_serialize($userdata);
+ $set['user_data'] = serialize($userdata);
}
// Reset query builder values.
@@ -696,7 +696,7 @@ class CI_Session_cookie extends CI_Session_driver {
: $this->userdata;
// Serialize the userdata for the cookie
- $cookie_data = $this->_serialize($cookie_data);
+ $cookie_data = serialize($cookie_data);
if ($this->sess_encrypt_cookie === TRUE)
{
@@ -737,93 +737,6 @@ class CI_Session_cookie extends CI_Session_driver {
// ------------------------------------------------------------------------
/**
- * Serialize an array
- *
- * This function first converts any slashes found in the array to a temporary
- * marker, so when it gets unserialized the slashes will be preserved
- *
- * @param mixed Data to serialize
- * @return string Serialized data
- */
- protected function _serialize($data)
- {
- if (is_array($data))
- {
- array_walk_recursive($data, array(&$this, '_escape_slashes'));
- }
- elseif (is_string($data))
- {
- $data = str_replace('\\', '{{slash}}', $data);
- }
-
- return serialize($data);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Escape slashes
- *
- * This function converts any slashes found into a temporary marker
- *
- * @param string Value
- * @param string Key
- * @return void
- */
- protected function _escape_slashes(&$val, $key)
- {
- if (is_string($val))
- {
- $val = str_replace('\\', '{{slash}}', $val);
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Unserialize
- *
- * This function unserializes a data string, then converts any
- * temporary slash markers back to actual slashes
- *
- * @param mixed Data to unserialize
- * @return mixed Unserialized data
- */
- protected function _unserialize($data)
- {
- $data = @unserialize(trim($data));
-
- if (is_array($data))
- {
- array_walk_recursive($data, array(&$this, '_unescape_slashes'));
- return $data;
- }
-
- return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data;
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Unescape slashes
- *
- * This function converts any slash markers back into actual slashes
- *
- * @param string Value
- * @param string Key
- * @return void
- */
- protected function _unescape_slashes(&$val, $key)
- {
- if (is_string($val))
- {
- $val = str_replace('{{slash}}', '\\', $val);
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
* Garbage collection
*
* This deletes expired session rows from database
@@ -841,7 +754,7 @@ class CI_Session_cookie extends CI_Session_driver {
$probability = ini_get('session.gc_probability');
$divisor = ini_get('session.gc_divisor');
- if ((mt_rand(0, $divisor) / $divisor) < $probability)
+ if (mt_rand(1, $divisor) <= $probability)
{
$expire = $this->now - $this->sess_expiration;
$this->CI->db->delete($this->sess_table_name, 'last_activity < '.$expire);
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 85428044d..7989d113e 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -234,6 +234,13 @@ class CI_Upload {
public $xss_clean = FALSE;
/**
+ * Apache mod_mime fix flag
+ *
+ * @var bool
+ */
+ public $mod_mime_fix = TRUE;
+
+ /**
* Temporary filename prefix
*
* @var string
@@ -314,6 +321,7 @@ class CI_Upload {
'remove_spaces' => TRUE,
'detect_mime' => TRUE,
'xss_clean' => FALSE,
+ 'mod_mime_fix' => TRUE,
'temp_prefix' => 'temp_file_',
'client_name' => ''
);
@@ -463,7 +471,7 @@ class CI_Upload {
}
// Are the image dimensions within the allowed size?
- // Note: This can fail if the server has an open_basdir restriction.
+ // Note: This can fail if the server has an open_basedir restriction.
if ( ! $this->is_allowed_dimensions())
{
$this->set_error('upload_invalid_dimensions');
@@ -1148,7 +1156,7 @@ class CI_Upload {
*/
protected function _prep_filename($filename)
{
- if (strpos($filename, '.') === FALSE OR $this->allowed_types === '*')
+ if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR strpos($filename, '.') === FALSE)
{
return $filename;
}
@@ -1245,7 +1253,7 @@ class CI_Upload {
}
}
- if ( (bool) @ini_get('safe_mode') === FALSE && function_usable('shell_exec'))
+ if ((bool) @ini_get('safe_mode') === FALSE && function_usable('shell_exec'))
{
$mime = @shell_exec($cmd);
if (strlen($mime) > 0)
diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php
index 16c5b0ed8..fe9781b28 100644
--- a/system/libraries/Xmlrpc.php
+++ b/system/libraries/Xmlrpc.php
@@ -1684,7 +1684,7 @@ class XML_RPC_Values extends CI_Xmlrpc
{
if ($this->mytype !== 0)
{
- echo '<strong>XML_RPC_Values</strong>: already initialized as a [' . $this->kindOf() . ']<br />';
+ echo '<strong>XML_RPC_Values</strong>: already initialized as a ['.$this->kindOf().']<br />';
return 0;
}
@@ -1705,7 +1705,7 @@ class XML_RPC_Values extends CI_Xmlrpc
{
if ($this->mytype !== 0)
{
- echo '<strong>XML_RPC_Values</strong>: already initialized as a [' . $this->kindOf() . ']<br />';
+ echo '<strong>XML_RPC_Values</strong>: already initialized as a ['.$this->kindOf().']<br />';
return 0;
}
$this->mytype = $this->xmlrpcTypes['struct'];
diff --git a/system/libraries/Zip.php b/system/libraries/Zip.php
index 6608f050e..2ce457844 100644
--- a/system/libraries/Zip.php
+++ b/system/libraries/Zip.php
@@ -103,12 +103,12 @@ class CI_Zip {
*
* Lets you add a virtual directory into which you can place files.
*
- * @param mixed the directory name. Can be string or array
+ * @param mixed $directory the directory name. Can be string or array
* @return void
*/
public function add_dir($directory)
{
- foreach ( (array) $directory as $dir)
+ foreach ((array) $directory as $dir)
{
if ( ! preg_match('|.+/$|', $dir))
{
@@ -127,7 +127,7 @@ class CI_Zip {
*
* If this is a newly created file/dir, we will set the time to 'now'
*
- * @param string path to file
+ * @param string $dir path to file
* @return array filemtime/filemdate
*/
protected function _get_mod_time($dir)
@@ -146,9 +146,9 @@ class CI_Zip {
/**
* Add Directory
*
- * @param string the directory name
- * @param int
- * @param int
+ * @param string $dir the directory name
+ * @param int $file_mtime
+ * @param int $file_mdate
* @return void
*/
protected function _add_dir($dir, $file_mtime, $file_mdate)
@@ -199,8 +199,8 @@ class CI_Zip {
* in the filename it will be placed within a directory. Make
* sure you use add_dir() first to create the folder.
*
- * @param mixed
- * @param string
+ * @param mixed $filepath A single filepath or an array of file => data pairs
+ * @param string $data Single file contents
* @return void
*/
public function add_data($filepath, $data = NULL)
@@ -225,10 +225,10 @@ class CI_Zip {
/**
* Add Data to Zip
*
- * @param string the file name/path
- * @param string the data to be encoded
- * @param int
- * @param int
+ * @param string $filepath the file name/path
+ * @param string $data the data to be encoded
+ * @param int $file_mtime
+ * @param int $file_mdate
* @return void
*/
protected function _add_data($filepath, $data, $file_mtime, $file_mdate)
@@ -278,8 +278,8 @@ class CI_Zip {
/**
* Read the contents of a file and add it to the zip
*
- * @param string
- * @param bool
+ * @param string $path
+ * @param bool $preserve_filepath
* @return bool
*/
public function read_file($path, $preserve_filepath = FALSE)
@@ -313,9 +313,9 @@ class CI_Zip {
* sub-folders) and creates a zip based on it. Whatever directory structure
* is in the original file path will be recreated in the zip file.
*
- * @param string path to source
- * @param bool
- * @param bool
+ * @param string $path path to source directory
+ * @param bool $preserve_filepath
+ * @param string $root_path
* @return bool
*/
public function read_dir($path, $preserve_filepath = TRUE, $root_path = NULL)
@@ -389,7 +389,7 @@ class CI_Zip {
*
* Lets you write a file
*
- * @param string the file name
+ * @param string $filepath the file name
* @return bool
*/
public function archive($filepath)
@@ -412,7 +412,7 @@ class CI_Zip {
/**
* Download
*
- * @param string the file name
+ * @param string $filename the file name
* @return void
*/
public function download($filename = 'backup.zip')