diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/core/Security.php | 13 | ||||
| -rw-r--r-- | system/database/DB_driver.php | 22 | ||||
| -rw-r--r-- | system/database/DB_query_builder.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/oci8/oci8_driver.php | 18 | ||||
| -rw-r--r-- | system/helpers/email_helper.php | 4 | ||||
| -rw-r--r-- | system/helpers/security_helper.php | 3 | ||||
| -rw-r--r-- | system/helpers/url_helper.php | 14 | ||||
| -rw-r--r-- | system/libraries/Email.php | 4 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 12 | ||||
| -rw-r--r-- | system/libraries/Ftp.php | 2 |
10 files changed, 61 insertions, 33 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 4593a1090..227217e75 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -561,6 +561,19 @@ class CI_Security { // ---------------------------------------------------------------- /** + * Strip Image Tags + * + * @param string + * @return string + */ + public function strip_image_tags($str) + { + return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + } + + // ---------------------------------------------------------------- + + /** * Compact Exploded Words * * Callback function for xss_clean() to remove whitespace from diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index d326282c8..295b109f7 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -296,7 +296,7 @@ abstract class CI_DB_driver { * @param array An array of binding data * @return mixed */ - public function query($sql, $binds = FALSE, $return_object = TRUE) + public function query($sql, $binds = FALSE, $return_object = NULL) { if ($sql === '') { @@ -304,6 +304,10 @@ abstract class CI_DB_driver { return ($this->db_debug) ? $this->display_error('db_invalid_query') : FALSE; } + elseif ( ! is_bool($return_object)) + { + $return_object = ! $this->is_write_type($sql); + } // Verify table prefix and replace if necessary if ($this->dbprefix !== '' && $this->swap_pre !== '' && $this->dbprefix !== $this->swap_pre) @@ -320,7 +324,7 @@ abstract class CI_DB_driver { // Is query caching enabled? If the query is a "read type" // we will load the caching class and return the previously // cached query if it exists - if ($this->cache_on === TRUE && stripos($sql, 'SELECT') !== FALSE && $this->_cache_init()) + if ($this->cache_on === TRUE && $return_object === TRUE && $this->_cache_init()) { $this->load_rdriver(); if (FALSE !== ($cache = $this->CACHE->read($sql))) @@ -329,7 +333,7 @@ abstract class CI_DB_driver { } } - // Save the query for debugging + // Save the query for debugging if ($this->save_queries === TRUE) { $this->queries[] = $sql; @@ -353,7 +357,7 @@ abstract class CI_DB_driver { $error = $this->error(); // Log errors - log_message('error', 'Query error: '.$error['message'] . ' - Invalid query: ' . $sql); + log_message('error', 'Query error: '.$error['message'].' - Invalid query: '.$sql); if ($this->db_debug) { @@ -382,12 +386,10 @@ abstract class CI_DB_driver { // Increment the query counter $this->query_count++; - // Was the query a "write" type? - // If so we'll simply return true - if ($this->is_write_type($sql) === TRUE) + // Will we have a result object instantiated? If not - we'll simply return TRUE + if ($return_object !== TRUE) { - // If caching is enabled we'll auto-cleanup any - // existing files related to this particular URI + // If caching is enabled we'll auto-cleanup any existing files related to this particular URI if ($this->cache_on === TRUE && $this->cache_autodel === TRUE && $this->_cache_init()) { $this->CACHE->delete(); @@ -397,8 +399,6 @@ abstract class CI_DB_driver { } // Return TRUE if we don't need to create a result object - // Currently only the Oracle driver uses this when stored - // procedures are used if ($return_object !== TRUE) { return TRUE; diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 4c43fe3c3..3982885e8 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1218,7 +1218,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param string the offset clause * @return object */ - public function get_where($table = '', $where = null, $limit = null, $offset = null) + public function get_where($table = '', $where = NULL, $limit = NULL, $offset = NULL) { if ($table !== '') { diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index 67bb0403b..691247fee 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -158,6 +158,8 @@ class CI_DB_oci8_driver extends CI_DB { $this->dsn = ''; } + // -------------------------------------------------------------------- + /** * Non-persistent database connection * @@ -179,9 +181,9 @@ class CI_DB_oci8_driver extends CI_DB { */ public function db_pconnect() { - return ( ! empty($this->char_set)) - ? @oci_pconnect($this->username, $this->password, $this->dsn, $this->char_set) - : @oci_pconnect($this->username, $this->password, $this->dsn); + return empty($this->char_set) + ? @oci_pconnect($this->username, $this->password, $this->dsn) + : @oci_pconnect($this->username, $this->password, $this->dsn, $this->char_set); } // -------------------------------------------------------------------- @@ -217,6 +219,8 @@ class CI_DB_oci8_driver extends CI_DB { return @oci_execute($this->stmt_id, $this->commit_mode); } + // -------------------------------------------------------------------- + /** * Generate a statement ID * @@ -236,7 +240,7 @@ class CI_DB_oci8_driver extends CI_DB { /** * Get cursor. Returns a cursor from the database * - * @return cursor id + * @return resource */ public function get_cursor() { @@ -300,6 +304,7 @@ class CI_DB_oci8_driver extends CI_DB { /** * Bind parameters * + * @param array * @return void */ protected function _bind_params($params) @@ -328,6 +333,7 @@ class CI_DB_oci8_driver extends CI_DB { /** * Begin Transaction * + * @param bool * @return bool */ public function trans_begin($test_mode = FALSE) @@ -636,8 +642,8 @@ class CI_DB_oci8_driver extends CI_DB { protected function _limit($sql, $limit, $offset) { $this->limit_used = TRUE; - return 'SELECT * FROM (SELECT inner_query.*, rownum rnum FROM ('.$sql.') inner_query WHERE rownum < '.($offset + $limit).')' - .($offset ? ' WHERE rnum >= '.$offset : ''); + return 'SELECT * FROM (SELECT inner_query.*, rownum rnum FROM ('.$sql.') inner_query WHERE rownum < '.($offset + $limit + 1).')' + .($offset ? ' WHERE rnum >= '.($offset + 1): ''); } // -------------------------------------------------------------------- diff --git a/system/helpers/email_helper.php b/system/helpers/email_helper.php index 0516e938a..2a63b36c9 100644 --- a/system/helpers/email_helper.php +++ b/system/helpers/email_helper.php @@ -45,9 +45,9 @@ if ( ! function_exists('valid_email')) * @param string * @return bool */ - function valid_email($address) + function valid_email($email) { - return (bool) preg_match('/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix', $address); + return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); } } diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 7968f9e9f..0e8e9f93d 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -108,7 +108,8 @@ if ( ! function_exists('strip_image_tags')) */ function strip_image_tags($str) { - return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str); + $CI =& get_instance(); + return $CI->security->strip_image_tags($str); } } diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 40ce807df..39e6343a6 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -526,7 +526,7 @@ if ( ! function_exists('redirect')) * @param int * @return string */ - function redirect($uri = '', $method = 'auto', $http_response_code = 302) + function redirect($uri = '', $method = 'auto', $code = NULL) { if ( ! preg_match('#^https?://#i', $uri)) { @@ -538,14 +538,22 @@ if ( ! function_exists('redirect')) { $method = 'refresh'; } + elseif ($method !== 'refresh' && (empty($code) OR ! is_numeric($code))) + { + // Reference: http://en.wikipedia.org/wiki/Post/Redirect/Get + $code = (isset($_SERVER['REQUEST_METHOD'], $_SERVER['SERVER_PROTOCOL']) + && $_SERVER['REQUEST_METHOD'] === 'POST' + && $_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1') + ? 303 : 302; + } - switch($method) + switch ($method) { case 'refresh': header('Refresh:0;url='.$uri); break; default: - header('Location: '.$uri, TRUE, $http_response_code); + header('Location: '.$uri, TRUE, $code); break; } exit; diff --git a/system/libraries/Email.php b/system/libraries/Email.php index dd5477e05..fdb9be4da 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -706,9 +706,9 @@ class CI_Email { * @param string * @return bool */ - public function valid_email($address) + public function valid_email($email) { - return (bool) preg_match('/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix', $address); + return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); } // -------------------------------------------------------------------- diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 4bb29e41b..353624100 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1076,7 +1076,7 @@ class CI_Form_validation { */ public function valid_email($str) { - return (bool) preg_match('/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix', $str); + return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); } // -------------------------------------------------------------------- @@ -1129,7 +1129,7 @@ class CI_Form_validation { */ public function alpha($str) { - return (bool) preg_match('/^[a-z]+$/i', $str); + return ctype_alpha($str); } // -------------------------------------------------------------------- @@ -1142,7 +1142,7 @@ class CI_Form_validation { */ public function alpha_numeric($str) { - return (bool) preg_match('/^[a-z0-9]+$/i', $str); + return ctype_alnum((string) $str); } // -------------------------------------------------------------------- @@ -1264,7 +1264,7 @@ class CI_Form_validation { */ public function is_natural($str) { - return (bool) preg_match('/^[0-9]+$/', $str); + return ctype_digit((string) $str); } // -------------------------------------------------------------------- @@ -1277,7 +1277,7 @@ class CI_Form_validation { */ public function is_natural_no_zero($str) { - return ($str !== 0 && preg_match('/^[0-9]+$/', $str)); + return ($str != 0 && ctype_digit((string) $str)); } // -------------------------------------------------------------------- @@ -1360,7 +1360,7 @@ class CI_Form_validation { */ public function strip_image_tags($str) { - return $this->CI->input->strip_image_tags($str); + return $this->CI->security->strip_image_tags($str); } // -------------------------------------------------------------------- diff --git a/system/libraries/Ftp.php b/system/libraries/Ftp.php index 461e884fb..76f5e151a 100644 --- a/system/libraries/Ftp.php +++ b/system/libraries/Ftp.php @@ -445,7 +445,7 @@ class CI_FTP { * Set file permissions * * @param string the file path - * @param string the permissions + * @param int the permissions * @return bool */ public function chmod($path, $perm) |