summaryrefslogtreecommitdiffstats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/core/Common.php15
-rw-r--r--system/core/Loader.php2
-rw-r--r--system/database/DB_driver.php1
-rw-r--r--system/database/drivers/oci8/oci8_driver.php8
-rw-r--r--system/libraries/Cache/drivers/Cache_memcached.php2
-rw-r--r--system/libraries/Email.php6
-rw-r--r--system/libraries/Form_validation.php2
-rw-r--r--system/libraries/Parser.php4
-rw-r--r--system/libraries/Profiler.php2
-rw-r--r--system/libraries/Session/drivers/Session_cookie.php9
-rw-r--r--system/libraries/Session/drivers/Session_native.php6
-rw-r--r--system/libraries/Upload.php31
12 files changed, 60 insertions, 28 deletions
diff --git a/system/core/Common.php b/system/core/Common.php
index cad340f33..93cd0a0ae 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -346,7 +346,20 @@ if ( ! function_exists('is_https'))
*/
function is_https()
{
- return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on');
+ if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
+ {
+ return TRUE;
+ }
+ elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+ {
+ return TRUE;
+ }
+ elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
+ {
+ return TRUE;
+ }
+
+ return FALSE;
}
}
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 49bd641b1..70a6b6fa6 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -955,7 +955,7 @@ class CI_Loader {
// Is this a class extension request?
if (file_exists($subclass))
{
- $baseclass = BASEPATH.'libraries/'.$class.'.php';
+ $baseclass = BASEPATH.'libraries/'.$subdir.$class.'.php';
if ( ! file_exists($baseclass))
{
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 593d78ba4..425657e17 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -561,7 +561,6 @@ abstract class CI_DB_driver {
if ($sql === '')
{
log_message('error', 'Invalid query: '.$sql);
-
return ($this->db_debug) ? $this->display_error('db_invalid_query') : FALSE;
}
elseif ( ! is_bool($return_object))
diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php
index 0ec8b53b8..93e62b4dd 100644
--- a/system/database/drivers/oci8/oci8_driver.php
+++ b/system/database/drivers/oci8/oci8_driver.php
@@ -327,12 +327,8 @@ class CI_DB_oci8_driver extends CI_DB {
{
if ($package === '' OR $procedure === '' OR ! is_array($params))
{
- if ($this->db_debug)
- {
- log_message('error', 'Invalid query: '.$package.'.'.$procedure);
- return $this->display_error('db_invalid_query');
- }
- return FALSE;
+ log_message('error', 'Invalid query: '.$package.'.'.$procedure);
+ return ($this->db_debug) ? $this->display_error('db_invalid_query') : FALSE;
}
// build the query string
diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php
index 246a7a264..f04483d2c 100644
--- a/system/libraries/Cache/drivers/Cache_memcached.php
+++ b/system/libraries/Cache/drivers/Cache_memcached.php
@@ -196,7 +196,7 @@ class CI_Cache_memcached extends CI_Driver {
return FALSE;
}
- foreach ($this->_memcache_conf as $name => $cache_server)
+ foreach ($this->_memcache_conf as $cache_server)
{
if ( ! array_key_exists('hostname', $cache_server))
{
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 10253c796..46ffaa1d4 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -739,7 +739,7 @@ class CI_Email {
*/
public function set_header($header, $value)
{
- $this->_headers[$header] = $value;
+ $this->_headers[$header] = str_replace(array("\n", "\r"), '', $value);
}
// --------------------------------------------------------------------
@@ -1275,7 +1275,7 @@ class CI_Email {
if ($this->send_multipart === FALSE)
{
$hdr .= 'Content-Type: text/html; charset='.$this->charset.$this->newline
- .'Content-Transfer-Encoding: quoted-printable';
+ .'Content-Transfer-Encoding: quoted-printable'.$this->newline.$this->newline;
}
else
{
@@ -2140,7 +2140,7 @@ class CI_Email {
if (in_array('headers', $include, TRUE))
{
- $raw_data = $this->_header_str."\n";
+ $raw_data = htmlspecialchars($this->_header_str)."\n";
}
if (in_array('subject', $include, TRUE))
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 1ed50844c..40ba01202 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1405,7 +1405,7 @@ class CI_Form_validation {
*/
public function valid_base64($str)
{
- return ! preg_match('/[^a-zA-Z0-9\/\+=]/', $str);
+ return (base64_encode(base64_decode($str)) === $str);
}
// --------------------------------------------------------------------
diff --git a/system/libraries/Parser.php b/system/libraries/Parser.php
index 1c26bd2b2..c1f1ad73b 100644
--- a/system/libraries/Parser.php
+++ b/system/libraries/Parser.php
@@ -38,14 +38,14 @@ defined('BASEPATH') OR exit('No direct script access allowed');
class CI_Parser {
/**
- * Left delimeter character for psuedo vars
+ * Left delimiter character for pseudo vars
*
* @var string
*/
public $l_delim = '{';
/**
- * Right delimeter character for psuedo vars
+ * Right delimiter character for pseudo vars
*
* @var string
*/
diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index 7ce56931c..ed64f0a59 100644
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -447,7 +447,7 @@ class CI_Profiler {
.'&nbsp;&nbsp;(<span style="cursor: pointer;" onclick="var s=document.getElementById(\'ci_profiler_httpheaders_table\').style;s.display=s.display==\'none\'?\'\':\'none\';this.innerHTML=this.innerHTML==\''.$this->CI->lang->line('profiler_section_show').'\'?\''.$this->CI->lang->line('profiler_section_hide').'\':\''.$this->CI->lang->line('profiler_section_show').'\';">'.$this->CI->lang->line('profiler_section_show')."</span>)</legend>\n\n\n"
.'<table style="width:100%;display:none;" id="ci_profiler_httpheaders_table">'."\n";
- foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR') as $header)
+ foreach (array('HTTP_ACCEPT', 'HTTP_USER_AGENT', 'HTTP_CONNECTION', 'SERVER_PORT', 'SERVER_NAME', 'REMOTE_ADDR', 'SERVER_SOFTWARE', 'HTTP_ACCEPT_LANGUAGE', 'SCRIPT_NAME', 'REQUEST_METHOD',' HTTP_HOST', 'REMOTE_HOST', 'CONTENT_TYPE', 'SERVER_PROTOCOL', 'QUERY_STRING', 'HTTP_ACCEPT_ENCODING', 'HTTP_X_FORWARDED_FOR', 'HTTP_DNT') as $header)
{
$val = isset($_SERVER[$header]) ? $_SERVER[$header] : '';
$output .= '<tr><td style="vertical-align:top;width:50%;padding:5px;color:#900;background-color:#ddd;">'
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 7174d63c8..d3d22d03a 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -402,6 +402,7 @@ class CI_Session_cookie extends CI_Session_driver {
// Is the session data we unserialized an array with the correct format?
if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
{
+ log_message('debug', 'Session: Wrong cookie data format');
$this->sess_destroy();
return FALSE;
}
@@ -409,6 +410,7 @@ class CI_Session_cookie extends CI_Session_driver {
// Is the session current?
if (($session['last_activity'] + $this->sess_expiration) < $this->now OR $session['last_activity'] > $this->now)
{
+ log_message('debug', 'Session: Expired');
$this->sess_destroy();
return FALSE;
}
@@ -416,6 +418,7 @@ class CI_Session_cookie extends CI_Session_driver {
// Does the IP match?
if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
{
+ log_message('debug', 'Session: IP address mismatch');
$this->sess_destroy();
return FALSE;
}
@@ -424,6 +427,7 @@ class CI_Session_cookie extends CI_Session_driver {
if ($this->sess_match_useragent === TRUE &&
trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
{
+ log_message('debug', 'Session: User Agent string mismatch');
$this->sess_destroy();
return FALSE;
}
@@ -459,6 +463,7 @@ class CI_Session_cookie extends CI_Session_driver {
// No result? Kill it!
if (empty($query) OR $query->num_rows() === 0)
{
+ log_message('debug', 'Session: No match found in our database');
$this->sess_destroy();
return FALSE;
}
@@ -498,6 +503,8 @@ class CI_Session_cookie extends CI_Session_driver {
'last_activity' => $this->now,
);
+ log_message('debug', 'Session: Creating new session ('.$this->userdata['session_id'].')');
+
// Check for database
if ($this->sess_use_database === TRUE)
{
@@ -536,6 +543,8 @@ class CI_Session_cookie extends CI_Session_driver {
{
// Get new id
$this->userdata['session_id'] = $this->_make_sess_id();
+
+ log_message('debug', 'Session: Regenerate ID');
}
// Check for database
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
index fb5ce1906..c237ad059 100644
--- a/system/libraries/Session/drivers/Session_native.php
+++ b/system/libraries/Session/drivers/Session_native.php
@@ -117,18 +117,21 @@ class CI_Session_native extends CI_Session_driver {
if (isset($_SESSION['last_activity']) && (($_SESSION['last_activity'] + $expire) < $now OR $_SESSION['last_activity'] > $now))
{
// Expired - destroy
+ log_message('debug', 'Session: Expired');
$destroy = TRUE;
}
elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address'])
&& $_SESSION['ip_address'] !== $this->CI->input->ip_address())
{
// IP doesn't match - destroy
+ log_message('debug', 'Session: IP address mismatch');
$destroy = TRUE;
}
elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent'])
&& $_SESSION['user_agent'] !== trim(substr($this->CI->input->user_agent(), 0, 50)))
{
// Agent doesn't match - destroy
+ log_message('debug', 'Session: User Agent string mismatch');
$destroy = TRUE;
}
@@ -145,9 +148,10 @@ class CI_Session_native extends CI_Session_driver {
&& ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now)
{
// Changing the session ID amidst a series of AJAX calls causes problems
- if( ! $this->CI->input->is_ajax_request())
+ if ( ! $this->CI->input->is_ajax_request())
{
// Regenerate ID, but don't destroy session
+ log_message('debug', 'Session: Regenerate ID');
$this->sess_regenerate(FALSE);
}
}
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 7c48b4294..85428044d 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -136,6 +136,13 @@ class CI_Upload {
public $file_ext = '';
/**
+ * Force filename extension to lowercase
+ *
+ * @var string
+ */
+ public $file_ext_tolower = FALSE;
+
+ /**
* Upload path
*
* @var string
@@ -294,6 +301,7 @@ class CI_Upload {
'file_type' => '',
'file_size' => NULL,
'file_ext' => '',
+ 'file_ext_tolower' => FALSE,
'upload_path' => '',
'overwrite' => FALSE,
'encrypt_name' => FALSE,
@@ -965,7 +973,14 @@ class CI_Upload {
public function get_extension($filename)
{
$x = explode('.', $filename);
- return (count($x) !== 1) ? '.'.end($x) : '';
+
+ if (count($x) === 1)
+ {
+ return '';
+ }
+
+ $ext = ($this->file_ext_tolower) ? strtolower(end($x)) : end($x);
+ return '.'.$ext;
}
// --------------------------------------------------------------------
@@ -1075,18 +1090,14 @@ class CI_Upload {
$CI =& get_instance();
$CI->lang->load('upload');
- if (is_array($msg))
+ if ( ! is_array($msg))
{
- foreach ($msg as $val)
- {
- $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val);
- $this->error_msg[] = $msg;
- log_message('error', $msg);
- }
+ $msg = array($msg);
}
- else
+
+ foreach ($msg as $val)
{
- $msg = ($CI->lang->line($msg) === FALSE) ? $msg : $CI->lang->line($msg);
+ $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val);
$this->error_msg[] = $msg;
log_message('error', $msg);
}