diff options
Diffstat (limited to 'system')
15 files changed, 224 insertions, 38 deletions
diff --git a/system/core/Loader.php b/system/core/Loader.php index 18e4c5287..87f21b279 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -285,9 +285,39 @@ class CI_Loader { $this->database($db_conn, FALSE, TRUE); } + // Note: All of the code under this condition used to be just: + // + // load_class('Model', 'core'); + // + // However, load_class() instantiates classes + // to cache them for later use and that prevents + // MY_Model from being an abstract class and is + // sub-optimal otherwise anyway. if ( ! class_exists('CI_Model', FALSE)) { - load_class('Model', 'core'); + $app_path = APPPATH.'core'.DIRECTORY_SEPARATOR; + if (file_exists($app_path.'Model.php')) + { + require_once($app_path.'Model.php'); + if ( ! class_exists('CI_Model', FALSE)) + { + throw new RuntimeException($app_path."Model.php exists, but doesn't declare class CI_Model"); + } + } + elseif ( ! class_exists('CI_Model', FALSE)) + { + require_once(BASEPATH.'core'.DIRECTORY_SEPARATOR.'Model.php'); + } + + $class = config_item('subclass_prefix').'Model'; + if (file_exists($app_path.$class.'.php')) + { + require_once($app_path.$class.'.php'); + if ( ! class_exists($class, FALSE)) + { + throw new RuntimeException($app_path.$class.".php exists, but doesn't declare class ".$class); + } + } } $model = ucfirst($model); diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 3fafe3fd8..bbda83e58 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -84,7 +84,7 @@ class CI_DB_mysql_driver extends CI_DB { * * @var bool */ - public $stricton = FALSE; + public $stricton; // -------------------------------------------------------------------- @@ -156,9 +156,26 @@ class CI_DB_mysql_driver extends CI_DB { return ($this->db->debug) ? $this->display_error('db_unable_to_set_charset', $this->char_set) : FALSE; } - if ($this->stricton) + if (isset($this->stricton)) { - $this->simple_query('SET SESSION sql_mode="STRICT_ALL_TABLES"'); + if ($this->stricton) + { + $this->simple_query('SET SESSION sql_mode = CONCAT(@@sql_mode, ",", "STRICT_ALL_TABLES")'); + } + else + { + $this->simple_query( + 'SET SESSION sql_mode = + REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE( + @@sql_mode, + "STRICT_ALL_TABLES,", ""), + ",STRICT_ALL_TABLES", ""), + "STRICT_ALL_TABLES", ""), + "STRICT_TRANS_TABLES,", ""), + ",STRICT_TRANS_TABLES", ""), + "STRICT_TRANS_TABLES", "")' + ); + } } return $this->conn_id; diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 847544780..cec1f8692 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -84,7 +84,7 @@ class CI_DB_mysqli_driver extends CI_DB { * * @var bool */ - public $stricton = FALSE; + public $stricton; // -------------------------------------------------------------------- @@ -98,6 +98,17 @@ class CI_DB_mysqli_driver extends CI_DB { // -------------------------------------------------------------------- /** + * MySQLi object + * + * Has to be preserved without being assigned to $conn_id. + * + * @var MySQLi + */ + protected $_mysqli; + + // -------------------------------------------------------------------- + + /** * Database connection * * @param bool $persistent @@ -122,13 +133,30 @@ class CI_DB_mysqli_driver extends CI_DB { } $client_flags = ($this->compress === TRUE) ? MYSQLI_CLIENT_COMPRESS : 0; - $mysqli = mysqli_init(); + $this->_mysqli = mysqli_init(); - $mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 10); + $this->_mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 10); - if ($this->stricton) + if (isset($this->stricton)) { - $mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"'); + if ($this->stricton) + { + $this->_mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode = CONCAT(@@sql_mode, ",", "STRICT_ALL_TABLES")'); + } + else + { + $this->_mysqli->options(MYSQLI_INIT_COMMAND, + 'SET SESSION sql_mode = + REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE( + @@sql_mode, + "STRICT_ALL_TABLES,", ""), + ",STRICT_ALL_TABLES", ""), + "STRICT_ALL_TABLES", ""), + "STRICT_TRANS_TABLES,", ""), + ",STRICT_TRANS_TABLES", ""), + "STRICT_TRANS_TABLES", "")' + ); + } } if (is_array($this->encrypt)) @@ -142,13 +170,26 @@ class CI_DB_mysqli_driver extends CI_DB { if ( ! empty($ssl)) { - if ( ! empty($this->encrypt['ssl_verify']) && defined('MYSQLI_OPT_SSL_VERIFY_SERVER_CERT')) + if (isset($this->encrypt['ssl_verify'])) { - $mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, TRUE); + if ($this->encrypt['ssl_verify']) + { + defined('MYSQLI_OPT_SSL_VERIFY_SERVER_CERT') && $this->_mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, TRUE); + } + // Apparently (when it exists), setting MYSQLI_OPT_SSL_VERIFY_SERVER_CERT + // to FALSE didn't do anything, so PHP 5.6.16 introduced yet another + // constant ... + // + // https://secure.php.net/ChangeLog-5.php#5.6.16 + // https://bugs.php.net/bug.php?id=68344 + elseif (defined('MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT')) + { + $this->_mysqli->options(MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT, TRUE); + } } $client_flags |= MYSQLI_CLIENT_SSL; - $mysqli->ssl_set( + $this->_mysqli->ssl_set( isset($ssl['key']) ? $ssl['key'] : NULL, isset($ssl['cert']) ? $ssl['cert'] : NULL, isset($ssl['ca']) ? $ssl['ca'] : NULL, @@ -158,29 +199,29 @@ class CI_DB_mysqli_driver extends CI_DB { } } - if ($mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags)) + if ($this->_mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags)) { // Prior to version 5.7.3, MySQL silently downgrades to an unencrypted connection if SSL setup fails if ( ($client_flags & MYSQLI_CLIENT_SSL) - && version_compare($mysqli->client_info, '5.7.3', '<=') - && empty($mysqli->query("SHOW STATUS LIKE 'ssl_cipher'")->fetch_object()->Value) + && version_compare($this->_mysqli->client_info, '5.7.3', '<=') + && empty($this->_mysqli->query("SHOW STATUS LIKE 'ssl_cipher'")->fetch_object()->Value) ) { - $mysqli->close(); + $this->_mysqli->close(); $message = 'MySQLi was configured for an SSL connection, but got an unencrypted connection instead!'; log_message('error', $message); return ($this->db->db_debug) ? $this->db->display_error($message, '', TRUE) : FALSE; } - if ( ! $mysqli->set_charset($this->char_set)) + if ( ! $this->_mysqli->set_charset($this->char_set)) { log_message('error', "Database: Unable to set the configured connection charset ('{$this->char_set}')."); - $mysqli->close(); + $this->_mysqli->close(); return ($this->db->db_debug) ? $this->display_error('db_unable_to_set_charset', $this->char_set) : FALSE; } - return $mysqli; + return $this->_mysqli; } return FALSE; @@ -451,11 +492,11 @@ class CI_DB_mysqli_driver extends CI_DB { */ public function error() { - if ( ! empty($this->conn_id->connect_errno)) + if ( ! empty($this->_mysqli->connect_errno)) { return array( - 'code' => $this->conn_id->connect_errno, - 'message' => is_php('5.2.9') ? $this->conn_id->connect_error : mysqli_connect_error() + 'code' => $this->_mysqli->connect_errno, + 'message' => is_php('5.2.9') ? $this->_mysqli->connect_error : mysqli_connect_error() ); } diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 206924d06..994f8f33a 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -654,6 +654,14 @@ class CI_DB_oci8_driver extends CI_DB { */ protected function _limit($sql) { + if (version_compare($this->version(), '12.1', '>=')) + { + // OFFSET-FETCH can be used only with the ORDER BY clause + empty($this->qb_orderby) && $sql .= ' ORDER BY 1'; + + return $sql.' OFFSET '.(int) $this->qb_offset.' ROWS FETCH NEXT '.$this->qb_limit.' ROWS ONLY'; + } + $this->limit_used = TRUE; return 'SELECT * FROM (SELECT inner_query.*, rownum rnum FROM ('.$sql.') inner_query WHERE rownum < '.($this->qb_offset + $this->qb_limit + 1).')' .($this->qb_offset ? ' WHERE rnum >= '.($this->qb_offset + 1) : ''); diff --git a/system/database/drivers/odbc/odbc_driver.php b/system/database/drivers/odbc/odbc_driver.php index 409284b44..e12ad53bc 100644 --- a/system/database/drivers/odbc/odbc_driver.php +++ b/system/database/drivers/odbc/odbc_driver.php @@ -189,6 +189,24 @@ class CI_DB_odbc_driver extends CI_DB { // -------------------------------------------------------------------- /** + * Determines if a query is a "write" type. + * + * @param string An SQL query string + * @return bool + */ + public function is_write_type($sql) + { + if (preg_match('#^(INSERT|UPDATE).*RETURNING\s.+(\,\s?.+)*$#i', $sql)) + { + return FALSE; + } + + return parent::is_write_type($sql); + } + + // -------------------------------------------------------------------- + + /** * Platform-dependant string escape * * @param string diff --git a/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php b/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php index e9d25cebc..c230651dc 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php +++ b/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php @@ -73,7 +73,7 @@ class CI_DB_pdo_mysql_driver extends CI_DB_pdo_driver { * * @var bool */ - public $stricton = FALSE; + public $stricton; // -------------------------------------------------------------------- @@ -133,15 +133,34 @@ class CI_DB_pdo_mysql_driver extends CI_DB_pdo_driver { .(empty($this->dbcollat) ? '' : ' COLLATE '.$this->dbcollat); } - if ($this->stricton) + if (isset($this->stricton)) { - if (empty($this->options[PDO::MYSQL_ATTR_INIT_COMMAND])) + if ($this->stricton) { - $this->options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET SESSION sql_mode="STRICT_ALL_TABLES"'; + $sql = 'CONCAT(@@sql_mode, ",", "STRICT_ALL_TABLES")'; } else { - $this->options[PDO::MYSQL_ATTR_INIT_COMMAND] .= ', @@session.sql_mode = "STRICT_ALL_TABLES"'; + $sql = 'REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE( + @@sql_mode, + "STRICT_ALL_TABLES,", ""), + ",STRICT_ALL_TABLES", ""), + "STRICT_ALL_TABLES", ""), + "STRICT_TRANS_TABLES,", ""), + ",STRICT_TRANS_TABLES", ""), + "STRICT_TRANS_TABLES", "")'; + } + + if ( ! empty($sql)) + { + if (empty($this->options[PDO::MYSQL_ATTR_INIT_COMMAND])) + { + $this->options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET SESSION sql_mode = '.$sql; + } + else + { + $this->options[PDO::MYSQL_ATTR_INIT_COMMAND] .= ', @@session.sql_mode = '.$sql; + } } } diff --git a/system/database/drivers/pdo/subdrivers/pdo_oci_driver.php b/system/database/drivers/pdo/subdrivers/pdo_oci_driver.php index 4791ab157..d4cfb7dd7 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_oci_driver.php +++ b/system/database/drivers/pdo/subdrivers/pdo_oci_driver.php @@ -311,6 +311,14 @@ class CI_DB_pdo_oci_driver extends CI_DB_pdo_driver { */ protected function _limit($sql) { + if (version_compare($this->version(), '12.1', '>=')) + { + // OFFSET-FETCH can be used only with the ORDER BY clause + empty($this->qb_orderby) && $sql .= ' ORDER BY 1'; + + return $sql.' OFFSET '.(int) $this->qb_offset.' ROWS FETCH NEXT '.$this->qb_limit.' ROWS ONLY'; + } + return 'SELECT * FROM (SELECT inner_query.*, rownum rnum FROM ('.$sql.') inner_query WHERE rownum < '.($this->qb_offset + $this->qb_limit + 1).')' .($this->qb_offset ? ' WHERE rnum >= '.($this->qb_offset + 1): ''); } diff --git a/system/database/drivers/pdo/subdrivers/pdo_odbc_driver.php b/system/database/drivers/pdo/subdrivers/pdo_odbc_driver.php index 51c70b630..4df2de8ba 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_odbc_driver.php +++ b/system/database/drivers/pdo/subdrivers/pdo_odbc_driver.php @@ -161,6 +161,24 @@ class CI_DB_pdo_odbc_driver extends CI_DB_pdo_driver { // -------------------------------------------------------------------- /** + * Determines if a query is a "write" type. + * + * @param string An SQL query string + * @return bool + */ + public function is_write_type($sql) + { + if (preg_match('#^(INSERT|UPDATE).*RETURNING\s.+(\,\s?.+)*$#i', $sql)) + { + return FALSE; + } + + return parent::is_write_type($sql); + } + + // -------------------------------------------------------------------- + + /** * Show table query * * Generates a platform-specific query string so that the table names can be fetched diff --git a/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php b/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php index 2dd41ca87..79c3c7be0 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php +++ b/system/database/drivers/pdo/subdrivers/pdo_pgsql_driver.php @@ -154,7 +154,12 @@ class CI_DB_pdo_pgsql_driver extends CI_DB_pdo_driver { */ public function is_write_type($sql) { - return (bool) preg_match('/^\s*"?(SET|INSERT(?![^\)]+\)\s+RETURNING)|UPDATE(?!.*\sRETURNING)|DELETE|CREATE|DROP|TRUNCATE|LOAD|COPY|ALTER|RENAME|GRANT|REVOKE|LOCK|UNLOCK|REINDEX)\s/i', str_replace(array("\r\n", "\r", "\n"), ' ', $sql)); + if (preg_match('#^(INSERT|UPDATE).*RETURNING\s.+(\,\s?.+)*$#i', $sql)) + { + return FALSE; + } + + return parent::is_write_type($sql); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 2d4e5a5d5..dfbd448c0 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -282,7 +282,12 @@ class CI_DB_postgre_driver extends CI_DB { */ public function is_write_type($sql) { - return (bool) preg_match('/^\s*"?(SET|INSERT(?![^\)]+\)\s+RETURNING)|UPDATE(?!.*\sRETURNING)|DELETE|CREATE|DROP|TRUNCATE|LOAD|COPY|ALTER|RENAME|GRANT|REVOKE|LOCK|UNLOCK|REINDEX)\s/i', str_replace(array("\r\n", "\r", "\n"), ' ', $sql)); + if (preg_match('#^(INSERT|UPDATE).*RETURNING\s.+(\,\s?.+)*$#i', $sql)) + { + return FALSE; + } + + return parent::is_write_type($sql); } // -------------------------------------------------------------------- diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 034586ac9..754dd1784 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1854,8 +1854,7 @@ class CI_Email { // is popen() enabled? if ( ! function_usable('popen') OR FALSE === ($fp = @popen( - $this->mailpath.' -oi -f '.$this->clean_email($this->_headers['From']) - .' -t -r '.$this->clean_email($this->_headers['Return-Path']) + $this->mailpath.' -oi -f '.$this->clean_email($this->_headers['From']).' -t' , 'w')) ) // server probably has popen disabled, so nothing we can do to get a verbose error. { diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index 40a358fb8..8c4555481 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -147,6 +147,9 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan { if ($this->_get_lock($session_id) !== FALSE) { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + // Needed by write() to detect session_regenerate_id() calls $this->_session_id = $session_id; @@ -199,6 +202,9 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan */ public function write($session_id, $session_data) { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + // Was the ID regenerated? if ($session_id !== $this->_session_id) { @@ -287,6 +293,9 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan { if ($this->_lock) { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + $this->_db->where('id', $session_id); if ($this->_config['match_ip']) { @@ -299,7 +308,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan } } - if ($this->close()) + if ($this->close() === $this->_success) { $this->_cookie_destroy(); return $this->_success; @@ -320,6 +329,9 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan */ public function gc($maxlifetime) { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + return ($this->_db->delete($this->_config['save_path'], 'timestamp < '.(time() - $maxlifetime))) ? $this->_success : $this->_failure; diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index f0f055f87..c540996a7 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -185,7 +185,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle } // We shouldn't need this, but apparently we do ... // See https://github.com/bcit-ci/CodeIgniter/issues/4039 - elseif ($this->_file_handler === FALSE) + elseif ($this->_file_handle === FALSE) { return $this->_failure; } @@ -224,7 +224,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle { // If the two IDs don't match, we have a session_regenerate_id() call // and we need to close the old handle and open a new one - if ($session_id !== $this->_session_id && ( ! $this->close() OR $this->read($session_id) === FALSE)) + if ($session_id !== $this->_session_id && ($this->close() === $this->_failure OR $this->read($session_id) === $this->_failure)) { return $this->_failure; } @@ -302,7 +302,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle */ public function destroy($session_id) { - if ($this->close()) + if ($this->close() === $this->_success) { if (file_exists($this->_file_path.$session_id)) { diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index 760239dfb..9d7ab1172 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -300,7 +300,10 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa */ protected function _get_lock($session_id) { - if (isset($this->_lock_key)) + // PHP 7 reuses the SessionHandler object on regeneration, + // so we need to check here if the lock key is for the + // correct session ID. + if ($this->_lock_key === $this->_key_prefix.$session_id.':lock') { return ($this->_memcached->replace($this->_lock_key, time(), 300)) ? $this->_success diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index 2395df1b5..fede625eb 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -265,7 +265,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle if ($this->_redis->ping() === '+PONG') { isset($this->_lock_key) && $this->_redis->delete($this->_lock_key); - if ( ! $this->_redis->close()) + if ($this->_redis->close() === $this->_failure) { return $this->_failure; } @@ -337,7 +337,10 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle */ protected function _get_lock($session_id) { - if (isset($this->_lock_key)) + // PHP 7 reuses the SessionHandler object on regeneration, + // so we need to check here if the lock key is for the + // correct session ID. + if ($this->_lock_key === $this->_key_prefix.$session_id.':lock') { return $this->_redis->setTimeout($this->_lock_key, 300); } |