summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/core/Security.php43
-rw-r--r--system/database/drivers/pdo/pdo_driver.php4
-rw-r--r--system/helpers/form_helper.php9
-rw-r--r--system/libraries/Cache/drivers/Cache_apc.php2
-rw-r--r--system/libraries/Cache/drivers/Cache_memcached.php2
-rw-r--r--system/libraries/Cache/drivers/Cache_redis.php2
-rw-r--r--system/libraries/Cache/drivers/Cache_wincache.php2
-rw-r--r--system/libraries/Session/Session.php39
8 files changed, 56 insertions, 47 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 196d61144..70cf3e013 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -38,6 +38,30 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class CI_Security {
/**
+ * List of sanitize filename strings
+ *
+ * @var array
+ */
+ public $filename_bad_chars = array(
+ '../', '<!--', '-->', '<', '>',
+ "'", '"', '&', '$', '#',
+ '{', '}', '[', ']', '=',
+ ';', '?', '%20', '%22',
+ '%3c', // <
+ '%253c', // <
+ '%3e', // >
+ '%0e', // >
+ '%28', // (
+ '%29', // )
+ '%2528', // (
+ '%26', // &
+ '%24', // $
+ '%3f', // ?
+ '%3b', // ;
+ '%3d' // =
+ );
+
+ /**
* XSS Hash
*
* Random Hash for protecting URLs.
@@ -549,24 +573,7 @@ class CI_Security {
*/
public function sanitize_filename($str, $relative_path = FALSE)
{
- $bad = array(
- '../', '<!--', '-->', '<', '>',
- "'", '"', '&', '$', '#',
- '{', '}', '[', ']', '=',
- ';', '?', '%20', '%22',
- '%3c', // <
- '%253c', // <
- '%3e', // >
- '%0e', // >
- '%28', // (
- '%29', // )
- '%2528', // (
- '%26', // &
- '%24', // $
- '%3f', // ?
- '%3b', // ;
- '%3d' // =
- );
+ $bad = $this->filename_bad_chars;
if ( ! $relative_path)
{
diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php
index fa89661b1..184a8df33 100644
--- a/system/database/drivers/pdo/pdo_driver.php
+++ b/system/database/drivers/pdo/pdo_driver.php
@@ -69,7 +69,7 @@ class CI_DB_pdo_driver extends CI_DB {
{
parent::__construct($params);
- if (preg_match('/([^;]+):/', $this->dsn, $match) && count($match) === 2)
+ if (preg_match('/([^:]+):/', $this->dsn, $match) && count($match) === 2)
{
// If there is a minimum valid dsn string pattern found, we're done
// This is for general PDO users, who tend to have a full DSN string.
@@ -77,7 +77,7 @@ class CI_DB_pdo_driver extends CI_DB {
return;
}
// Legacy support for DSN specified in the hostname field
- elseif (preg_match('/([^;]+):/', $this->hostname, $match) && count($match) === 2)
+ elseif (preg_match('/([^:]+):/', $this->hostname, $match) && count($match) === 2)
{
$this->dsn = $this->hostname;
$this->hostname = NULL;
diff --git a/system/helpers/form_helper.php b/system/helpers/form_helper.php
index 6fca73f85..146c0f588 100644
--- a/system/helpers/form_helper.php
+++ b/system/helpers/form_helper.php
@@ -931,9 +931,9 @@ if ( ! function_exists('_attributes_to_string'))
*/
function _attributes_to_string($attributes)
{
- if (is_string($attributes))
+ if (empty($attributes))
{
- return ($attributes === '' ? '' : ' '.$attributes);
+ return '';
}
if (is_object($attributes))
@@ -953,6 +953,11 @@ if ( ! function_exists('_attributes_to_string'))
return $atts;
}
+ if (is_string($attributes))
+ {
+ return ' '.$attributes;
+ }
+
return FALSE;
}
}
diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php
index 127a220a7..a84e7d2d3 100644
--- a/system/libraries/Cache/drivers/Cache_apc.php
+++ b/system/libraries/Cache/drivers/Cache_apc.php
@@ -150,7 +150,7 @@ class CI_Cache_apc extends CI_Driver {
{
if ( ! extension_loaded('apc') OR ! (bool) @ini_get('apc.enabled'))
{
- log_message('error', 'The APC PHP extension must be loaded to use APC Cache.');
+ log_message('debug', 'The APC PHP extension must be loaded to use APC Cache.');
return FALSE;
}
diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php
index 35d91049a..d2a3a489d 100644
--- a/system/libraries/Cache/drivers/Cache_memcached.php
+++ b/system/libraries/Cache/drivers/Cache_memcached.php
@@ -240,7 +240,7 @@ class CI_Cache_memcached extends CI_Driver {
{
if ( ! extension_loaded('memcached') && ! extension_loaded('memcache'))
{
- log_message('error', 'The Memcached Extension must be loaded to use Memcached Cache.');
+ log_message('debug', 'The Memcached Extension must be loaded to use Memcached Cache.');
return FALSE;
}
diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php
index 484f284f1..40823fcb4 100644
--- a/system/libraries/Cache/drivers/Cache_redis.php
+++ b/system/libraries/Cache/drivers/Cache_redis.php
@@ -168,7 +168,7 @@ class CI_Cache_redis extends CI_Driver
}
else
{
- log_message('error', 'The Redis extension must be loaded to use Redis cache.');
+ log_message('debug', 'The Redis extension must be loaded to use Redis cache.');
return FALSE;
}
}
diff --git a/system/libraries/Cache/drivers/Cache_wincache.php b/system/libraries/Cache/drivers/Cache_wincache.php
index d749978f5..80d3ac13d 100644
--- a/system/libraries/Cache/drivers/Cache_wincache.php
+++ b/system/libraries/Cache/drivers/Cache_wincache.php
@@ -150,7 +150,7 @@ class CI_Cache_wincache extends CI_Driver {
{
if ( ! extension_loaded('wincache'))
{
- log_message('error', 'The Wincache PHP extension must be loaded to use Wincache Cache.');
+ log_message('debug', 'The Wincache PHP extension must be loaded to use Wincache Cache.');
return FALSE;
}
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index c7f6f828c..659a0269e 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -60,11 +60,18 @@ class CI_Session extends CI_Driver_Library {
public $params = array();
/**
+ * Valid drivers list
+ *
+ * @var array
+ */
+ public $valid_drivers = array('native', 'cookie');
+
+ /**
* Current driver in use
*
* @var string
*/
- protected $current = NULL;
+ public $current = NULL;
/**
* User data
@@ -105,36 +112,26 @@ class CI_Session extends CI_Driver_Library {
log_message('debug', 'CI_Session Class Initialized');
- // Get valid drivers list
- $this->valid_drivers = array(
- 'native',
- 'cookie'
- );
- $key = 'sess_valid_drivers';
- $drivers = isset($params[$key]) ? $params[$key] : $CI->config->item($key);
- if ($drivers)
+ // Add possible extra entries to our valid drivers list
+ $drivers = isset($params['sess_valid_drivers']) ? $params['sess_valid_drivers'] : $CI->config->item('sess_valid_drivers');
+ if ( ! empty($drivers))
{
- // Add driver names to valid list
- foreach ((array) $drivers as $driver)
- {
- if ( ! in_array(strtolower($driver), array_map('strtolower', $this->valid_drivers)))
- {
- $this->valid_drivers[] = $driver;
- }
- }
+ $drivers = array_map('strtolower', (array) $drivers);
+ $this->valid_drivers = array_merge($this->valid_drivers, array_diff($drivers, $this->valid_drivers));
}
// Get driver to load
- $key = 'sess_driver';
- $driver = isset($params[$key]) ? $params[$key] : $CI->config->item($key);
+ $driver = isset($params['sess_driver']) ? $params['sess_driver'] : $CI->config->item('sess_driver');
if ( ! $driver)
{
+ log_message('debug', "Session: No driver name is configured, defaulting to 'cookie'.");
$driver = 'cookie';
}
- if ( ! in_array(strtolower($driver), array_map('strtolower', $this->valid_drivers)))
+ if ( ! in_array($driver, $this->valid_drivers))
{
- $this->valid_drivers[] = $driver;
+ log_message('error', 'Session: Configured driver name is not valid, aborting.');
+ return;
}
// Save a copy of parameters in case drivers need access