5 files changed, 85 insertions, 46 deletions
diff --git a/system/core/URI.php b/system/core/URI.php
index a575bc36e..a997525ee 100644
--- a/system/core/URI.php
+++ b/system/core/URI.php
@@ -119,7 +119,7 @@ class CI_URI {
 			}
 
 			// No PATH_INFO?... What about QUERY_STRING?
-			$path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
+			$path = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
 			if (trim($path, '/') !== '')
 			{
 				$this->_set_uri_string($path);
@@ -163,7 +163,7 @@ class CI_URI {
 	 * @param 	string
 	 * @return	void
 	 */
-	public function _set_uri_string($str)
+	protected function _set_uri_string($str)
 	{
 		// Filter out control characters
 		$str = remove_invisible_characters($str, FALSE);
@@ -177,8 +177,8 @@ class CI_URI {
 	/**
 	 * Detects the URI
 	 *
-	 * This function will detect the URI automatically and fix the query string
-	 * if necessary.
+	 * This function will detect the URI automatically
+	 * and fix the query string if necessary.
 	 *
 	 * @return	string
 	 */
@@ -189,23 +189,27 @@ class CI_URI {
 			return '';
 		}
 
-		$uri = $_SERVER['REQUEST_URI'];
-		if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0)
+		if (strpos($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME']) === 0)
 		{
-			$uri = substr($uri, strlen($_SERVER['SCRIPT_NAME']));
+			$uri = substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME']));
 		}
-		elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0)
+		elseif (strpos($_SERVER['REQUEST_URI'], dirname($_SERVER['SCRIPT_NAME'])) === 0)
 		{
-			$uri = substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME'])));
+			$uri = substr($_SERVER['REQUEST_URI'], strlen(dirname($_SERVER['SCRIPT_NAME'])));
+		}
+		else
+		{
+			$uri = $_SERVER['REQUEST_URI'];
 		}
 
 		// This section ensures that even on servers that require the URI to be in the query string (Nginx) a correct
 		// URI is found, and also fixes the QUERY_STRING server var and $_GET array.
-		if (strncmp($uri, '?/', 2) === 0)
+		if (strpos($uri, '?/') === 0)
 		{
 			$uri = substr($uri, 2);
 		}
-		$parts = preg_split('#\?#i', $uri, 2);
+
+		$parts = explode('?', $uri, 2);
 		$uri = $parts[0];
 		if (isset($parts[1]))
 		{
@@ -223,7 +227,7 @@ class CI_URI {
 			return '/';
 		}
 
-		$uri = parse_url($uri, PHP_URL_PATH);
+		$uri = parse_url('pseudo://hostname/'.$uri, PHP_URL_PATH);
 
 		// Do some final cleaning of the URI and return it
 		return str_replace(array('//', '../'), '/', trim($uri, '/'));
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 88a3b388f..d056bdb90 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -596,25 +596,51 @@ abstract class CI_DB_driver {
 	 */
 	public function compile_binds($sql, $binds)
 	{
-		if (preg_match_all('/(>|<|=|!)\s*('.preg_quote($this->bind_marker).')/i', $sql, $matches, PREG_SET_ORDER | PREG_OFFSET_CAPTURE) !== count($binds))
+		if (empty($binds) OR empty($this->bind_marker) OR strpos($sql, $this->bind_marker) === FALSE)
 		{
 			return $sql;
 		}
 		elseif ( ! is_array($binds))
 		{
 			$binds = array($binds);
+			$bind_count = 1;
 		}
 		else
 		{
 			// Make sure we're using numeric keys
 			$binds = array_values($binds);
+			$bind_count = count($binds);
 		}
 
+		// We'll need the marker length later
+		$ml = strlen($this->bind_marker);
 
-		for ($i = count($matches) - 1; $i >= 0; $i--)
+		// Make sure not to replace a chunk inside a string that happens to match the bind marker
+		if ($c = preg_match_all("/'[^']*'/i", $sql, $matches))
 		{
-			$sql = substr_replace($sql, $this->escape($binds[$i]), $matches[$i][2][1], 1);
+			$c = preg_match_all('/'.preg_quote($this->bind_marker).'/i',
+				str_replace($matches[0],
+					str_replace($this->bind_marker, str_repeat(' ', $ml), $matches[0]),
+					$sql, $c),
+				$matches, PREG_OFFSET_CAPTURE);
+
+			// Bind values' count must match the count of markers in the query
+			if ($bind_count !== $c)
+			{
+				return $sql;
+			}
+		}
+		elseif (($c = preg_match_all('/'.preg_quote($this->bind_marker).'/i', $sql, $matches, PREG_OFFSET_CAPTURE)) !== $bind_count)
+		{
+			return $sql;
+		}
+
+		do
+		{
+			$c--;
+			$sql = substr_replace($sql, $this->escape($binds[$c]), $matches[0][$c][1], $ml);
 		}
+		while ($c !== 0);
 
 		return $sql;
 	}
diff --git a/system/helpers/date_helper.php b/system/helpers/date_helper.php
index c601dc9e5..d5036f645 100644
--- a/system/helpers/date_helper.php
+++ b/system/helpers/date_helper.php
@@ -42,29 +42,28 @@ if ( ! function_exists('now'))
 	/**
 	 * Get "now" time
 	 *
-	 * Returns time() or its GMT equivalent based on the config file preference
+	 * Returns time() based on the timezone parameter or on the
+	 * "time_reference" setting
 	 *
+	 * @param	string
 	 * @return	int
 	 */
-	function now()
+	function now($timezone = NULL)
 	{
-		$CI =& get_instance();
-
-		if (strtolower($CI->config->item('time_reference')) === 'gmt')
+		if (empty($timezone))
 		{
-			$now = time();
-			$system_time = mktime(gmdate("H", $now), gmdate("i", $now), gmdate("s", $now), gmdate("m", $now), gmdate("d", $now), gmdate("Y", $now));
-
-			if (strlen($system_time) < 10)
-			{
-				$system_time = time();
-				log_message('error', 'The Date class could not set a proper GMT timestamp so the local time() value was used.');
-			}
+			$timezone = config_item('time_reference');
+		}
 
-			return $system_time;
+		if ($timezone === 'local' OR $timezone === date_default_timezone_get())
+		{
+			return time();
 		}
 
-		return time();
+		$datetime = new DateTime('now', new DateTimeZone($timezone));
+		sscanf($datetime->format('j-n-Y G:i:s'), '%d-%d-%d %d:%d:%d', $day, $month, $year, $hour, $minute, $second);
+
+		return mktime($hour, $minute, $second, $month, $day, $year);
 	}
 }
 
@@ -315,13 +314,13 @@ if ( ! function_exists('local_to_gmt'))
 			$time = time();
 		}
 
-		return mktime(
-			gmdate('H', $time),
-			gmdate('i', $time),
-			gmdate('s', $time),
-			gmdate('m', $time),
-			gmdate('d', $time),
-			gmdate('Y', $time)
+		return gmmktime(
+			date('H', $time),
+			date('i', $time),
+			date('s', $time),
+			date('m', $time),
+			date('d', $time),
+			date('Y', $time)
 		);
 	}
 }
@@ -376,9 +375,7 @@ if ( ! function_exists('mysql_to_unix'))
 		// since the formatting changed with MySQL 4.1
 		// YYYY-MM-DD HH:MM:SS
 
-		$time = str_replace('-', '', $time);
-		$time = str_replace(':', '', $time);
-		$time = str_replace(' ', '', $time);
+		$time = str_replace(array('-', ':', ' '), '', $time);
 
 		// YYYYMMDDHHMMSS
 		return mktime(
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 77c968e7c..6cbe032c7 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -187,6 +187,12 @@ class CI_Form_validation {
 			return $this;
 		}
 
+		// Convert an array of rules to a string
+		if (is_array($rules))
+		{
+			$rules = implode('|', $rules);
+		}
+
 		// No fields? Nothing to do...
 		if ( ! is_string($field) OR ! is_string($rules) OR $field === '')
 		{
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 7beedd96b..72a942b8a 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -149,11 +149,11 @@ class CI_Session {
 	public $flashdata_key			= 'flash';
 
 	/**
-	 * Function to use to get the current time
+	 * Timezone to use for the current time
 	 *
 	 * @var string
 	 */
-	public $time_reference			= 'time';
+	public $time_reference			= 'local';
 
 	/**
 	 * Probablity level of garbage collection of old sessions
@@ -203,7 +203,7 @@ class CI_Session {
 		// manually via the $params array above or via the config file
 		foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key)
 		{
-			$this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key);
+			$this->$key = isset($params[$key]) ? $params[$key] : $this->CI->config->item($key);
 		}
 
 		if ($this->encryption_key === '')
@@ -786,9 +786,15 @@ class CI_Session {
 	 */
 	protected function _get_time()
 	{
-		return (strtolower($this->time_reference) === 'gmt')
-			? mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'))
-			: time();
+		if ($this->time_reference === 'local' OR $this->time_reference === date_default_timezone_get())
+		{
+			return time();
+		}
+
+		$datetime = new DateTime('now', new DateTimeZone($this->time_reference));
+		sscanf($datetime->format('j-n-Y G:i:s'), '%d-%d-%d %d:%d:%d', $day, $month, $year, $hour, $minute, $second);
+
+		return mktime($hour, $minute, $second, $month, $day, $year);
 	}
 
 	// --------------------------------------------------------------------