diff options
Diffstat (limited to 'system')
| -rwxr-xr-x | system/core/Input.php | 1 | ||||
| -rwxr-xr-x | system/core/Router.php | 5 | ||||
| -rwxr-xr-x | system/core/Security.php | 21 | ||||
| -rwxr-xr-x | system/core/URI.php | 4 | ||||
| -rw-r--r-- | system/database/DB_query_builder.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/interbase/interbase_utility.php | 2 | ||||
| -rw-r--r-- | system/database/drivers/pdo/pdo_result.php | 19 | ||||
| -rw-r--r-- | system/database/drivers/postgre/postgre_driver.php | 95 | ||||
| -rw-r--r-- | system/helpers/smiley_helper.php | 115 | ||||
| -rw-r--r-- | system/helpers/string_helper.php | 89 | ||||
| -rw-r--r-- | system/helpers/text_helper.php | 148 | ||||
| -rw-r--r-- | system/libraries/Form_validation.php | 4 | ||||
| -rw-r--r-- | system/libraries/Javascript.php | 2 | ||||
| -rw-r--r-- | system/libraries/Pagination.php | 11 | ||||
| -rw-r--r-- | system/libraries/Session.php | 45 | ||||
| -rw-r--r-- | system/libraries/Upload.php | 8 | ||||
| -rw-r--r-- | system/libraries/User_agent.php | 24 | ||||
| -rw-r--r-- | system/libraries/Xmlrpc.php | 6 |
18 files changed, 327 insertions, 274 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index 7594a2e45..fc2a550bc 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -226,7 +226,6 @@ class CI_Input { */ public function cookie($index = '', $xss_clean = FALSE) { - $index = config_item('cookie_prefix').$index; return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } diff --git a/system/core/Router.php b/system/core/Router.php index fe9909b06..9314052fe 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -242,12 +242,9 @@ class CI_Router { $segments[1] = 'index'; } - // This is being routed to a file in a sub directory - $this->directory and array_unshift($segments, trim($this->directory, '/')); - // Update our "routed" segment array to contain the segments. // Note: If there is no custom routing, this array will be - // identical to $this->uri->segments + // identical to $this->uri->segments $this->uri->rsegments = $segments; } diff --git a/system/core/Security.php b/system/core/Security.php index 974e2e428..c82b69ff9 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -95,13 +95,14 @@ class CI_Security { * * @var array */ - protected $_never_allowed_regex = array( + protected $_never_allowed_regex = array( 'javascript\s*:', 'expression\s*(\(|&\#40;)', // CSS and IE 'vbscript\s*:', // IE, surprise! - 'Redirect\s+302' + 'Redirect\s+302', + "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?" ); - + /** * Initialize security class */ @@ -365,10 +366,11 @@ class CI_Security { * These words are compacted back to their correct state. */ $words = array( - 'javascript', 'expression', 'vbscript', 'script', + 'javascript', 'expression', 'vbscript', 'script', 'base64', 'applet', 'alert', 'document', 'write', 'cookie', 'window' ); + foreach ($words as $word) { $word = implode('\s*', str_split($word)).'\s*'; @@ -605,10 +607,11 @@ class CI_Security { $attribs = array(); // find occurrences of illegal attribute strings without quotes - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s]*)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { + $attribs[] = preg_quote($attr[0], '/'); } @@ -623,7 +626,7 @@ class CI_Security { // replace illegal attribute strings that are inside an html tag if (count($attribs) > 0) { - $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z\-])('.implode('|', $attribs).')([\s><])([><]*)/i', '<$1$2$4$5', $str, -1, $count); + $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count); } } while ($count); @@ -664,7 +667,7 @@ class CI_Security { protected function _js_link_removal($match) { return str_replace($match[1], - preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si', + preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si', '', $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])) ), @@ -804,7 +807,7 @@ class CI_Security { foreach ($this->_never_allowed_regex as $regex) { - $str = preg_replace('#'.$regex.'#i', '[removed]', $str); + $str = preg_replace('#'.$regex.'#is', '[removed]', $str); } return $str; @@ -841,4 +844,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */
\ No newline at end of file +/* Location: ./system/core/Security.php */ diff --git a/system/core/URI.php b/system/core/URI.php index 705575a0c..cf82c5838 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -645,10 +645,10 @@ class CI_URI { */ public function ruri_string() { - return implode('/', $this->rsegment_array()); + return '/'.implode('/', $this->rsegment_array()); } } /* End of file URI.php */ -/* Location: ./system/core/URI.php */
\ No newline at end of file +/* Location: ./system/core/URI.php */ diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 393a1cd75..d0af66de1 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -281,7 +281,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $v = trim($v); $this->_track_aliases($v); - $v = $this->qb_from[] = $this->protect_identifiers($v, TRUE, NULL, FALSE); + $this->qb_from[] = $v = $this->protect_identifiers($v, TRUE, NULL, FALSE); if ($this->qb_caching === TRUE) { diff --git a/system/database/drivers/interbase/interbase_utility.php b/system/database/drivers/interbase/interbase_utility.php index 1b92af9b6..164211836 100644 --- a/system/database/drivers/interbase/interbase_utility.php +++ b/system/database/drivers/interbase/interbase_utility.php @@ -42,7 +42,7 @@ class CI_DB_interbase_utility extends CI_DB_utility { * @param string $filename * @return mixed */ - protected function backup($filename) + protected function _backup($filename) { if ($service = ibase_service_attach($this->db->hostname, $this->db->username, $this->db->password)) { diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php index 19aee1dfc..0b8937cc5 100644 --- a/system/database/drivers/pdo/pdo_result.php +++ b/system/database/drivers/pdo/pdo_result.php @@ -84,19 +84,14 @@ class CI_DB_pdo_result extends CI_DB_result { // Define the output $output = array('assoc', 'object'); + // Initial value + $this->result_assoc = array() and $this->result_object = array(); + // Fetch the result - foreach ($output as $type) + while ($row = $this->_fetch_assoc()) { - // Define the method and handler - $res_method = '_fetch_'.$type; - $res_handler = 'result_'.$type; - - $this->$res_handler = array(); - - while ($row = $this->$res_method()) - { - $this->{$res_handler}[] = $row; - } + $this->result_assoc[] = $row; + $this->result_object[] = (object) $row; } // Save this as buffer and marked the fetch flag @@ -249,7 +244,7 @@ class CI_DB_pdo_result extends CI_DB_result { */ protected function _fetch_object() { - return $this->result_id->fetchObject(); + return $this->result_id->fetch(PDO::FETCH_OBJ); } } diff --git a/system/database/drivers/postgre/postgre_driver.php b/system/database/drivers/postgre/postgre_driver.php index 84bf768ee..17bd37b38 100644 --- a/system/database/drivers/postgre/postgre_driver.php +++ b/system/database/drivers/postgre/postgre_driver.php @@ -311,6 +311,27 @@ class CI_DB_postgre_driver extends CI_DB { // -------------------------------------------------------------------- /** + * "Smart" Escape String + * + * Escapes data based on type + * Sets boolean and null types + * + * @param string + * @return mixed + */ + public function escape($str) + { + if (is_bool($str)) + { + return ($str) ? 'TRUE' : 'FALSE'; + } + + return parent::escape($str); + } + + // -------------------------------------------------------------------- + + /** * Affected Rows * * @return int @@ -558,6 +579,78 @@ class CI_DB_postgre_driver extends CI_DB { // -------------------------------------------------------------------- /** + * Where + * + * Called by where() or or_where() + * + * @param mixed + * @param mixed + * @param string + * @return object + * + */ + protected function _where($key, $value = NULL, $type = 'AND ', $escape = NULL) + { + $type = $this->_group_get_type($type); + + if ( ! is_array($key)) + { + $key = array($key => $value); + } + + // If the escape value was not set will will base it on the global setting + if ( ! is_bool($escape)) + { + $escape = $this->_protect_identifiers; + } + + foreach ($key as $k => $v) + { + $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type; + + if (is_null($v) && ! $this->_has_operator($k)) + { + // value appears not to have been set, assign the test to IS NULL + $k .= ' IS NULL'; + } + + if ( ! is_null($v)) + { + if ($escape === TRUE) + { + $k = $this->protect_identifiers($k, FALSE, $escape); + $v = ' '.$this->escape($v); + } + elseif (is_bool($v)) + { + $v = ($v ? ' TRUE' : ' FALSE'); + } + + if ( ! $this->_has_operator($k)) + { + $k .= ' = '; + } + } + else + { + $k = $this->protect_identifiers($k, FALSE, $escape); + } + + $this->qb_where[] = $prefix.$k.$v; + if ($this->qb_caching === TRUE) + { + $this->qb_cache_where[] = $prefix.$k.$v; + $this->qb_cache_exists[] = 'where'; + } + + } + + return $this; + } + + // -------------------------------------------------------------------- + + /** * Close DB Connection * * @param resource @@ -571,4 +664,4 @@ class CI_DB_postgre_driver extends CI_DB { } /* End of file postgre_driver.php */ -/* Location: ./system/database/drivers/postgre/postgre_driver.php */ +/* Location: ./system/database/drivers/postgre/postgre_driver.php */
\ No newline at end of file diff --git a/system/helpers/smiley_helper.php b/system/helpers/smiley_helper.php index 8dba74e73..638100e9c 100644 --- a/system/helpers/smiley_helper.php +++ b/system/helpers/smiley_helper.php @@ -40,7 +40,7 @@ /** * Smiley Javascript * - * Returns the javascript required for the smiley insertion. Optionally takes + * Returns the javascript required for the smiley insertion. Optionally takes * an array of aliases to loosely couple the smiley array to the view. * * @param mixed alias name or array of alias->field_id pairs @@ -52,7 +52,6 @@ if ( ! function_exists('smiley_js')) function smiley_js($alias = '', $field_id = '', $inline = TRUE) { static $do_setup = TRUE; - $r = ''; if ($alias != '' && ! is_array($alias)) @@ -62,69 +61,58 @@ if ( ! function_exists('smiley_js')) if ($do_setup === TRUE) { - $do_setup = FALSE; - - $m = array(); + $do_setup = FALSE; + $m = array(); - if (is_array($alias)) + if (is_array($alias)) + { + foreach ($alias as $name => $id) { - foreach ($alias as $name => $id) - { - $m[] = '"'.$name.'" : "'.$id.'"'; - } + $m[] = '"'.$name.'" : "'.$id.'"'; } + } - $m = '{'.implode(',', $m).'}'; + $m = '{'.implode(',', $m).'}'; - $r .= <<<EOF - var smiley_map = {$m}; + $r .= <<<EOF + var smiley_map = {$m}; - function insert_smiley(smiley, field_id) { - var el = document.getElementById(field_id), newStart; + function insert_smiley(smiley, field_id) { + var el = document.getElementById(field_id), newStart; - if ( ! el && smiley_map[field_id]) { - el = document.getElementById(smiley_map[field_id]); + if ( ! el && smiley_map[field_id]) { + el = document.getElementById(smiley_map[field_id]); - if ( ! el) - return false; - } + if ( ! el) + return false; + } - el.focus(); - smiley = " " + smiley; + el.focus(); + smiley = " " + smiley; - if ('selectionStart' in el) { - newStart = el.selectionStart + smiley.length; + if ('selectionStart' in el) { + newStart = el.selectionStart + smiley.length; - el.value = el.value.substr(0, el.selectionStart) + - smiley + - el.value.substr(el.selectionEnd, el.value.length); - el.setSelectionRange(newStart, newStart); - } - else if (document.selection) { - document.selection.createRange().text = smiley; - } + el.value = el.value.substr(0, el.selectionStart) + + smiley + + el.value.substr(el.selectionEnd, el.value.length); + el.setSelectionRange(newStart, newStart); } + else if (document.selection) { + document.selection.createRange().text = smiley; + } + } EOF; } - else + elseif (is_array($alias)) { - if (is_array($alias)) + foreach ($alias as $name => $id) { - foreach ($alias as $name => $id) - { - $r .= 'smiley_map["'.$name.'"] = "'.$id.'";'."\n"; - } + $r .= 'smiley_map["'.$name.'"] = "'.$id."\";\n"; } } - if ($inline) - { - return '<script type="text/javascript" charset="utf-8">/*<![CDATA[ */'.$r.'// ]]></script>'; - } - else - { - return $r; - } + return ($inline) ? '<script type="text/javascript" charset="utf-8">/*<![CDATA[ */'.$r.'// ]]></script>' : $r; } } @@ -144,18 +132,13 @@ if ( ! function_exists('get_clickable_smileys')) function get_clickable_smileys($image_url, $alias = '', $smileys = NULL) { // For backward compatibility with js_insert_smiley - if (is_array($alias)) { $smileys = $alias; } - - if ( ! is_array($smileys)) + elseif (FALSE === ($smileys = _get_smiley_array())) { - if (FALSE === ($smileys = _get_smiley_array())) - { - return $smileys; - } + return $smileys; } // Add a trailing slash to the file path if needed @@ -165,7 +148,7 @@ if ( ! function_exists('get_clickable_smileys')) foreach ($smileys as $key => $val) { // Keep duplicates from being used, which can happen if the - // mapping array contains multiple identical replacements. For example: + // mapping array contains multiple identical replacements. For example: // :-) and :) might be replaced with the same image so both smileys // will be in the array. if (isset($used[$smileys[$key][0]])) @@ -173,8 +156,7 @@ if ( ! function_exists('get_clickable_smileys')) continue; } - $link[] = "<a href=\"javascript:void(0);\" onclick=\"insert_smiley('".$key."', '".$alias."')\"><img src=\"".$image_url.$smileys[$key][0]."\" width=\"".$smileys[$key][1]."\" height=\"".$smileys[$key][2]."\" alt=\"".$smileys[$key][3]."\" style=\"border:0;\" /></a>"; - + $link[] = '<a href="javascript:void(0);" onclick="insert_smiley(\''.$key.'\', \''.$alias.'\')"><img src="'.$image_url.$smileys[$key][0].'" alt="'.$smileys[$key][3].'" style="width: '.$smileys[$key][1].'; height: '.$smileys[$key][2].'; border: 0;" /></a>'; $used[$smileys[$key][0]] = TRUE; } @@ -197,25 +179,17 @@ if ( ! function_exists('parse_smileys')) { function parse_smileys($str = '', $image_url = '', $smileys = NULL) { - if ($image_url == '') + if ($image_url == '' OR ( ! is_array($smileys) && FALSE === ($smileys = _get_smiley_array()))) { return $str; } - if ( ! is_array($smileys)) - { - if (FALSE === ($smileys = _get_smiley_array())) - { - return $str; - } - } - // Add a trailing slash to the file path if needed - $image_url = preg_replace("/(.+?)\/*$/", "\\1/", $image_url); + $image_url = rtrim($image_url, '/').'/'; foreach ($smileys as $key => $val) { - $str = str_replace($key, "<img src=\"".$image_url.$smileys[$key][0]."\" width=\"".$smileys[$key][1]."\" height=\"".$smileys[$key][2]."\" alt=\"".$smileys[$key][3]."\" style=\"border:0;\" />", $str); + $str = str_replace($key, '<img src="'.$image_url.$smileys[$key][0].'" alt="'.$smileys[$key][3].'" style="width: '.$smileys[$key][1].'; height: '.$smileys[$key][2].'; border: 0;" />', $str); } return $str; @@ -244,12 +218,7 @@ if ( ! function_exists('_get_smiley_array')) include(APPPATH.'config/smileys.php'); } - if (isset($smileys) && is_array($smileys)) - { - return $smileys; - } - - return FALSE; + return (isset($smileys) && is_array($smileys)) ? $smileys : FALSE; } } diff --git a/system/helpers/string_helper.php b/system/helpers/string_helper.php index aed35c157..a6a6b485d 100644 --- a/system/helpers/string_helper.php +++ b/system/helpers/string_helper.php @@ -73,16 +73,14 @@ if ( ! function_exists('strip_slashes')) { function strip_slashes($str) { - if (is_array($str)) + if ( ! is_array($str)) { - foreach ($str as $key => $val) - { - $str[$key] = strip_slashes($val); - } + return stripslashes($str); } - else + + foreach ($str as $key => $val) { - $str = stripslashes($str); + $str[$key] = strip_slashes($val); } return $str; @@ -173,13 +171,7 @@ if ( ! function_exists('reduce_multiples')) function reduce_multiples($str, $character = ',', $trim = FALSE) { $str = preg_replace('#'.preg_quote($character, '#').'{2,}#', $character, $str); - - if ($trim === TRUE) - { - return trim($str, $character); - } - - return $str; + return ($trim === TRUE) ? trim($str, $character) : $str; } } @@ -198,44 +190,36 @@ if ( ! function_exists('random_string')) { function random_string($type = 'alnum', $len = 8) { - switch($type) + switch ($type) { - case 'basic' : return mt_rand(); - break; - case 'alnum' : - case 'numeric' : - case 'nozero' : - case 'alpha' : - - switch ($type) - { - case 'alpha' : $pool = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; - break; - case 'alnum' : $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; - break; - case 'numeric' : $pool = '0123456789'; - break; - case 'nozero' : $pool = '123456789'; - break; - } - - $str = substr(str_shuffle(str_repeat($pool, ceil($len/strlen($pool)))),0,$len); - - return $str; - break; - case 'unique' : - case 'md5' : - - return md5(uniqid(mt_rand())); - break; - case 'encrypt' : - case 'sha1' : - - $CI =& get_instance(); - $CI->load->helper('security'); - - return do_hash(uniqid(mt_rand(), TRUE), 'sha1'); - break; + case 'basic': + return mt_rand(); + case 'alnum': + case 'numeric': + case 'nozero': + case 'alpha': + switch ($type) + { + case 'alpha': + $pool = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + break; + case 'alnum': + $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + break; + case 'numeric': + $pool = '0123456789'; + break; + case 'nozero': + $pool = '123456789'; + break; + } + return substr(str_shuffle(str_repeat($pool, ceil($len / strlen($pool)))), 0, $len); + case 'unique': + case 'md5': + return md5(uniqid(mt_rand())); + case 'encrypt': + case 'sha1': + return sha1(uniqid(mt_rand(), TRUE)); } } } @@ -255,7 +239,6 @@ if ( ! function_exists('increment_string')) function increment_string($str, $separator = '_', $first = 1) { preg_match('/(.+)'.$separator.'([0-9]+)$/', $str, $match); - return isset($match[2]) ? $match[1].$separator.($match[2] + 1) : $str.$separator.$first; } } @@ -267,7 +250,7 @@ if ( ! function_exists('increment_string')) * * Allows strings to be alternated. See docs... * - * @param string (as many parameters as needed) + * @param string (as many parameters as needed) * @return string */ if ( ! function_exists('alternator')) diff --git a/system/helpers/text_helper.php b/system/helpers/text_helper.php index cc501c334..c1c0eb947 100644 --- a/system/helpers/text_helper.php +++ b/system/helpers/text_helper.php @@ -58,7 +58,7 @@ if ( ! function_exists('word_limiter')) preg_match('/^\s*+(?:\S++\s*+){1,'.(int) $limit.'}/', $str, $matches); - if (strlen($str) == strlen($matches[0])) + if (strlen($str) === strlen($matches[0])) { $end_char = ''; } @@ -72,7 +72,7 @@ if ( ! function_exists('word_limiter')) /** * Character Limiter * - * Limits the string based on the character count. Preserves complete words + * Limits the string based on the character count. Preserves complete words * so the character count may not be exactly as specified. * * @param string @@ -89,14 +89,14 @@ if ( ! function_exists('character_limiter')) return $str; } - $str = preg_replace("/\s+/", ' ', str_replace(array("\r\n", "\r", "\n"), ' ', $str)); + $str = preg_replace('/\s+/', ' ', str_replace(array("\r\n", "\r", "\n"), ' ', $str)); if (strlen($str) <= $n) { return $str; } - $out = ""; + $out = ''; foreach (explode(' ', trim($str)) as $val) { $out .= $val.' '; @@ -104,7 +104,7 @@ if ( ! function_exists('character_limiter')) if (strlen($out) >= $n) { $out = trim($out); - return (strlen($out) == strlen($str)) ? $out : $out.$end_char; + return (strlen($out) === strlen($str)) ? $out : $out.$end_char; } } } @@ -138,7 +138,7 @@ if ( ! function_exists('ascii_to_entities')) If the $temp array has a value but we have moved on, then it seems only fair that we output that entity and restart $temp before continuing. -Paul */ - if (count($temp) == 1) + if (count($temp) === 1) { $out .= '&#'.array_shift($temp).';'; $count = 1; @@ -148,16 +148,18 @@ if ( ! function_exists('ascii_to_entities')) } else { - if (count($temp) == 0) + if (count($temp) === 0) { $count = ($ordinal < 224) ? 2 : 3; } $temp[] = $ordinal; - if (count($temp) == $count) + if (count($temp) === $count) { - $number = ($count == 3) ? (($temp['0'] % 16) * 4096) + (($temp['1'] % 64) * 64) + ($temp['2'] % 64) : (($temp['0'] % 32) * 64) + ($temp['1'] % 64); + $number = ($count === 3) + ? (($temp[0] % 16) * 4096) + (($temp[1] % 64) * 64) + ($temp[2] % 64) + : (($temp[0] % 32) * 64) + ($temp[1] % 64); $out .= '&#'.$number.';'; $count = 1; @@ -187,10 +189,9 @@ if ( ! function_exists('entities_to_ascii')) { if (preg_match_all('/\&#(\d+)\;/', $str, $matches)) { - for ($i = 0, $s = count($matches['0']); $i < $s; $i++) + for ($i = 0, $s = count($matches[0]); $i < $s; $i++) { - $digits = $matches['1'][$i]; - + $digits = $matches[1][$i]; $out = ''; if ($digits < 128) @@ -200,25 +201,24 @@ if ( ! function_exists('entities_to_ascii')) } elseif ($digits < 2048) { - $out .= chr(192 + (($digits - ($digits % 64)) / 64)); - $out .= chr(128 + ($digits % 64)); + $out .= chr(192 + (($digits - ($digits % 64)) / 64)).chr(128 + ($digits % 64)); } else { - $out .= chr(224 + (($digits - ($digits % 4096)) / 4096)); - $out .= chr(128 + ((($digits % 4096) - ($digits % 64)) / 64)); - $out .= chr(128 + ($digits % 64)); + $out .= chr(224 + (($digits - ($digits % 4096)) / 4096)) + .chr(128 + ((($digits % 4096) - ($digits % 64)) / 64)) + .chr(128 + ($digits % 64)); } - $str = str_replace($matches['0'][$i], $out, $str); + $str = str_replace($matches[0][$i], $out, $str); } } if ($all) { - $str = str_replace(array("&", "<", ">", """, "'", "-"), - array("&","<",">","\"", "'", "-"), - $str); + return str_replace(array('&', '<', '>', '"', ''', '-'), + array('&', '<', '>', '"', "'", '-'), + $str); } return $str; @@ -286,27 +286,33 @@ if ( ! function_exists('highlight_code')) { function highlight_code($str) { - // The highlight string function encodes and highlights - // brackets so we need them to start raw - $str = str_replace(array('<', '>'), array('<', '>'), $str); - - // Replace any existing PHP tags to temporary markers so they don't accidentally - // break the string out of PHP, and thus, thwart the highlighting. - $str = str_replace(array('<?', '?>', '<%', '%>', '\\', '</script>'), - array('phptagopen', 'phptagclose', 'asptagopen', 'asptagclose', 'backslashtmp', 'scriptclose'), + /* The highlight string function encodes and highlights + * brackets so we need them to start raw. + * + * Also replace any existing PHP tags to temporary markers + * so they don't accidentally break the string out of PHP, + * and thus, thwart the highlighting. + */ + $str = str_replace(array('<', '>', '<?', '?>', '<%', '%>', '\\', '</script>'), + array('<', '>', 'phptagopen', 'phptagclose', 'asptagopen', 'asptagclose', 'backslashtmp', 'scriptclose'), $str); // The highlight_string function requires that the text be surrounded // by PHP tags, which we will remove later - $str = '<?php '.$str.' ?>'; // <? - - // All the magic happens here, baby! - $str = highlight_string($str, TRUE); + $str = highlight_string('<?php '.$str.' ?>', TRUE); // Remove our artificially added PHP, and the syntax highlighting that came with it - $str = preg_replace('/<span style="color: #([A-Z0-9]+)"><\?php( | )/i', '<span style="color: #$1">', $str); - $str = preg_replace('/(<span style="color: #[A-Z0-9]+">.*?)\?><\/span>\n<\/span>\n<\/code>/is', "$1</span>\n</span>\n</code>", $str); - $str = preg_replace('/<span style="color: #[A-Z0-9]+"\><\/span>/i', '', $str); + $str = preg_replace(array( + '/<span style="color: #([A-Z0-9]+)"><\?php( | )/i', + '/(<span style="color: #[A-Z0-9]+">.*?)\?><\/span>\n<\/span>\n<\/code>/is', + '/<span style="color: #[A-Z0-9]+"\><\/span>/i' + ), + array( + '<span style="color: #$1">', + "$1</span>\n</span>\n</code>", + '' + ), + $str); // Replace our markers back to PHP tags. return str_replace(array('phptagopen', 'phptagclose', 'asptagopen', 'asptagclose', 'backslashtmp', 'scriptclose'), @@ -339,7 +345,7 @@ if ( ! function_exists('highlight_phrase')) if ($phrase != '') { - return preg_replace('/('.preg_quote($phrase, '/').')/i', $tag_open."\\1".$tag_close, $str); + return preg_replace('/('.preg_quote($phrase, '/').')/i', $tag_open.'\\1'.$tag_close, $str); } return $str; @@ -358,18 +364,23 @@ if ( ! function_exists('convert_accented_characters')) { function convert_accented_characters($str) { - if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/foreign_chars.php')) - { - include(APPPATH.'config/'.ENVIRONMENT.'/foreign_chars.php'); - } - elseif (is_file(APPPATH.'config/foreign_chars.php')) - { - include(APPPATH.'config/foreign_chars.php'); - } + global $foreign_characters; - if ( ! isset($foreign_characters)) + if ( ! isset($foreign_characters) OR ! is_array($foreign_characters)) { - return $str; + if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/foreign_chars.php')) + { + include(APPPATH.'config/'.ENVIRONMENT.'/foreign_chars.php'); + } + elseif (is_file(APPPATH.'config/foreign_chars.php')) + { + include(APPPATH.'config/foreign_chars.php'); + } + + if ( ! isset($foreign_characters) OR ! is_array($foreign_characters)) + { + return $str; + } } return preg_replace(array_keys($foreign_characters), array_values($foreign_characters), $str); @@ -381,7 +392,7 @@ if ( ! function_exists('convert_accented_characters')) /** * Word Wrap * - * Wraps text at the specified character. Maintains the integrity of words. + * Wraps text at the specified character. Maintains the integrity of words. * Anything placed between {unwrap}{/unwrap} will not be word wrapped, nor * will URLs. * @@ -391,14 +402,16 @@ if ( ! function_exists('convert_accented_characters')) */ if ( ! function_exists('word_wrap')) { - function word_wrap($str, $charlim = '76') + function word_wrap($str, $charlim = 76) { - // Se the character limit + // Set the character limit if ( ! is_numeric($charlim)) + { $charlim = 76; + } // Reduce multiple spaces - $str = preg_replace("| +|", " ", $str); + $str = preg_replace('| +|', ' ', $str); // Standardize newlines if (strpos($str, "\r") !== FALSE) @@ -409,22 +422,22 @@ if ( ! function_exists('word_wrap')) // If the current word is surrounded by {unwrap} tags we'll // strip the entire chunk and replace it with a marker. $unwrap = array(); - if (preg_match_all("|(\{unwrap\}.+?\{/unwrap\})|s", $str, $matches)) + if (preg_match_all('|(\{unwrap\}.+?\{/unwrap\})|s', $str, $matches)) { - for ($i = 0; $i < count($matches['0']); $i++) + for ($i = 0, $c = count($matches[0]); $i < $c; $i++) { - $unwrap[] = $matches['1'][$i]; - $str = str_replace($matches['1'][$i], "{{unwrapped".$i."}}", $str); + $unwrap[] = $matches[1][$i]; + $str = str_replace($matches[1][$i], '{{unwrapped'.$i.'}}', $str); } } // Use PHP's native function to do the initial wordwrap. // We set the cut flag to FALSE so that any individual words that are - // too long get left alone. In the next step we'll deal with them. + // too long get left alone. In the next step we'll deal with them. $str = wordwrap($str, $charlim, "\n", FALSE); // Split the string into individual lines of text and cycle through them - $output = ""; + $output = ''; foreach (explode("\n", $str) as $line) { // Is the line within the allowed character count? @@ -439,28 +452,26 @@ if ( ! function_exists('word_wrap')) while ((strlen($line)) > $charlim) { // If the over-length word is a URL we won't wrap it - if (preg_match("!\[url.+\]|://|wwww.!", $line)) + if (preg_match('!\[url.+\]|://|wwww.!', $line)) { break; } // Trim the word down - $temp .= substr($line, 0, $charlim-1); - $line = substr($line, $charlim-1); + $temp .= substr($line, 0, $charlim - 1); + $line = substr($line, $charlim - 1); } // If $temp contains data it means we had to split up an over-length // word into smaller chunks so we'll add it back to our current line if ($temp != '') { - $output .= $temp."\n".$line; + $output .= $temp."\n".$line."\n"; } else { - $output .= $line; + $output .= $line."\n"; } - - $output .= "\n"; } // Put our markers back @@ -468,14 +479,12 @@ if ( ! function_exists('word_wrap')) { foreach ($unwrap as $key => $val) { - $output = str_replace("{{unwrapped".$key."}}", $val, $output); + $output = str_replace('{{unwrapped'.$key.'}}', $val, $output); } } - // Remove the unwrap tags - $output = str_replace(array('{unwrap}', '{/unwrap}'), '', $output); - - return $output; + // Remove the unwrap tags and return + return str_replace(array('{unwrap}', '{/unwrap}'), '', $output); } } @@ -506,7 +515,6 @@ if ( ! function_exists('ellipsize')) } $beg = substr($str, 0, floor($max_length * $position)); - $position = ($position > 1) ? 1 : $position; if ($position === 1) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index a52cad5ff..c396580be 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -448,7 +448,7 @@ class CI_Form_validation { { $this->_field_data[$field]['postdata'] = $this->_reduce_array($validation_array, $row['keys']); } - elseif ( ! empty($validation_array[$field])) + elseif (isset($validation_array[$field]) && $validation_array[$field] !== '') { $this->_field_data[$field]['postdata'] = $validation_array[$field]; } @@ -1005,7 +1005,7 @@ class CI_Form_validation { return (MB_ENABLED === TRUE) ? ($val <= mb_strlen($str)) - : ($val <= strlen(str)); + : ($val <= strlen($str)); } // -------------------------------------------------------------------- diff --git a/system/libraries/Javascript.php b/system/libraries/Javascript.php index 629a3adfe..dd2df697c 100644 --- a/system/libraries/Javascript.php +++ b/system/libraries/Javascript.php @@ -723,7 +723,7 @@ class CI_Javascript { { if (is_object($result)) { - $json_result = $result->result_array(); + $json_result = is_callable(array($result, 'result_array')) ? $result->result_array() : (array) $result; } elseif (is_array($result)) { diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php index 0fe73d69f..3d2911813 100644 --- a/system/libraries/Pagination.php +++ b/system/libraries/Pagination.php @@ -94,17 +94,16 @@ class CI_Pagination { { foreach ($params as $key => $val) { - if (isset($this->$key)) + if ($key === 'anchor_class') + { + $this->anchor_class = ($val != '') ? 'class="'.$val.'" ' : ''; + } + elseif (isset($this->$key)) { $this->$key = $val; } } } - - if ($this->anchor_class != '') - { - $this->anchor_class = 'class="'.$this->anchor_class.'" '; - } } // -------------------------------------------------------------------- diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 3fa446d84..3195f0a91 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -36,146 +36,146 @@ */ class CI_Session { - /** + /** * Whether to encrypt the session cookie * * @var bool */ public $sess_encrypt_cookie = FALSE; - + /** * Whether to use to the database for session storage * * @var bool */ public $sess_use_database = FALSE; - + /** * Name of the database table in which to store sessions * * @var string */ public $sess_table_name = ''; - + /** * Length of time (in seconds) for sessions to expire * * @var int */ public $sess_expiration = 7200; - + /** * Whether to kill session on close of browser window * * @var bool */ public $sess_expire_on_close = FALSE; - + /** * Whether to match session on ip address * * @var bool */ public $sess_match_ip = FALSE; - + /** * Whether to match session on user-agent * * @var bool */ public $sess_match_useragent = TRUE; - + /** * Name of session cookie * * @var string */ public $sess_cookie_name = 'ci_session'; - + /** * Session cookie prefix * * @var string */ public $cookie_prefix = ''; - + /** * Session cookie path * * @var string */ public $cookie_path = ''; - + /** * Session cookie domain * * @var string */ public $cookie_domain = ''; - + /** * Whether to set the cookie only on HTTPS connections * * @var bool */ public $cookie_secure = FALSE; - + /** * Whether cookie should be allowed only to be sent by the server * * @var bool */ public $cookie_httponly = FALSE; - + /** * Interval at which to update session * * @var int */ public $sess_time_to_update = 300; - + /** * Key with which to encrypt the session cookie * * @var string */ public $encryption_key = ''; - + /** * String to indicate flash data cookies * * @var string */ public $flashdata_key = 'flash'; - + /** * Function to use to get the current time * * @var string */ public $time_reference = 'time'; - + /** * Probablity level of garbage collection of old sessions * * @var int */ public $gc_probability = 5; - + /** * Session data * * @var array */ public $userdata = array(); - + /** * Reference to CodeIgniter instance * * @var object */ public $CI; - + /** * Current time * @@ -570,6 +570,9 @@ class CI_Session { $this->cookie_domain, 0 ); + + // Kill session data + $this->userdata = array(); } // -------------------------------------------------------------------- diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 8ad67050d..24d4bd4d0 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -725,7 +725,7 @@ class CI_Upload { public function get_extension($filename) { $x = explode('.', $filename); - return '.'.end($x); + return (count($x) !== 1) ? '.'.end($x) : ''; } // -------------------------------------------------------------------- @@ -850,6 +850,10 @@ class CI_Upload { { return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good } + else + { + return FALSE; + } } if (($data = @file_get_contents($file)) === FALSE) @@ -1099,4 +1103,4 @@ class CI_Upload { } /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */
\ No newline at end of file +/* Location: ./system/libraries/Upload.php */ diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php index 0ac605fa4..ff596f04b 100644 --- a/system/libraries/User_agent.php +++ b/system/libraries/User_agent.php @@ -51,14 +51,14 @@ class CI_User_agent { * @var bool */ public $is_browser = FALSE; - + /** * Flag for if the user-agent is a robot * * @var bool */ public $is_robot = FALSE; - + /** * Flag for if the user-agent is a mobile browser * @@ -72,7 +72,7 @@ class CI_User_agent { * @var array */ public $languages = array(); - + /** * Character sets accepted by the current user agent * @@ -86,21 +86,21 @@ class CI_User_agent { * @var array */ public $platforms = array(); - + /** * List of browsers to compare against current user agent * * @var array */ public $browsers = array(); - + /** * List of mobile browsers to compare against current user agent * * @var array */ public $mobiles = array(); - + /** * List of robots to compare against current user agent * @@ -114,28 +114,28 @@ class CI_User_agent { * @var string */ public $platform = ''; - + /** * Current user-agent browser * * @var string */ public $browser = ''; - + /** * Current user-agent version * * @var string */ public $version = ''; - + /** * Current user-agent mobile name * * @var string */ public $mobile = ''; - + /** * Current user-agent robot name * @@ -330,7 +330,7 @@ class CI_User_agent { { foreach ($this->mobiles as $key => $val) { - if (FALSE !== (strpos(strtolower($this->agent), $key))) + if (FALSE !== (stripos($this->agent, $key))) { $this->is_mobile = TRUE; $this->mobile = $val; @@ -604,7 +604,7 @@ class CI_User_agent { /** * Test for a particular character set * - * @param string $charset + * @param string $charset * @return bool */ public function accept_charset($charset = 'utf-8') diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php index 7009deacc..0d2533855 100644 --- a/system/libraries/Xmlrpc.php +++ b/system/libraries/Xmlrpc.php @@ -436,7 +436,7 @@ class XML_RPC_Client extends CI_Xmlrpc */ public function sendPayload($msg) { - $fp = @fsockopen($this->server, $this->port,$this->errno, $this->errstr, $this->timeout); + $fp = @fsockopen($this->server, $this->port,$this->errno, $this->errstring, $this->timeout); if ( ! is_resource($fp)) { @@ -458,7 +458,7 @@ class XML_RPC_Client extends CI_Xmlrpc .'Content-Length: '.strlen($msg->payload).$r.$r .$msg->payload; - if ( ! fputs($fp, $op, strlen($op))) + if ( ! fwrite($fp, $op, strlen($op))) { error_log($this->xmlrpcstr['http_error']); return new XML_RPC_Response(0, $this->xmlrpcerr['http_error'], $this->xmlrpcstr['http_error']); @@ -1076,7 +1076,7 @@ class XML_RPC_Message extends CI_Xmlrpc // we have an I4/INT // we must check that only 0123456789-<space> are characters here $this->xh[$the_parser]['value'] = preg_match('/^[+-]?[0-9\t ]+$/', $this->xh[$the_parser]['ac']) - ? (int) $this->xh[$the_parset]['ac'] + ? (int) $this->xh[$the_parser]['ac'] : 'ERROR_NON_NUMERIC_FOUND'; } $this->xh[$the_parser]['ac'] = ''; |