summaryrefslogtreecommitdiffstats
path: root/system/core/Input.php
AgeCommit message (Collapse)AuthorFilesLines
2014-01-08Make newline standardization configurableAndrey Andreev1-4/+5
Added ['standardize_newlines'] Also altered the Session cookie driver, which experienced issues with this feature due to it's HMAC verification failing after the Input class alters newlines in non-encrypted session cookies. Supersedes PR #2470
2014-01-08Fix #346Andrey Andreev1-14/+24
When ['global_xss_filtering'] was turned on, the , , & superglobals were automatically overwritten. This resulted in one of the following problems: - xss_clean() being called twice - Inability to retrieve the original (not filtered) value XSS filtering is now only applied on demand by the Input class, and the default value for the parameter in CI_Input methods is changed to NULL. Unless a boolean value is passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering'] value.
2014-01-08Fix #148Andrey Andreev1-4/+6
CI_Input::_clean_input_data() assumed that all input data is URL-encoded while sanitizing it. However, PHP already performs URL-decoding on it, so this is either redudant or overly intrusive as it resulted in many, many reports of data containing '%' followed by 1 numeric characters being essentially destroyed. Supersedes PR #1229
2014-01-06Make CI_Input::set_cookie() and cookie helpers set_cookie(), get_cookie(), ↵Andrey Andreev1-1/+1
delete_cookie()'s first (name) parameter mandatory
2013-11-12Deprecate CI_Input::is_cli_request() and add common function is_cli() to ↵Andrey Andreev1-3/+4
replace it Calls to this function are often needed before the Input library is available
2013-09-23Fix issue #33Andrey Andreev1-7/+24
2013-08-11Input class: change behavior of get_post() method, add post_get() methodvlakoff1-1/+17
followup to PR #2522
2013-08-06Replace php_sapi_name() function with PHP_SAPI constantvlakoff1-1/+1
exact same behavior but faster, shorter
2013-08-06Various typos and tabs adjustmentsvlakoff1-1/+1
2013-04-17See #2409: Avoid overwriting global $_SERVER and set Content-Type to ↵CJ1-1/+1
protected property;
2013-04-17#2409: Force Content Type to go through camelization;CJ1-1/+1
2013-04-16See #2409: Reformating and code cleanup for request_headers;CJ1-15/+8
2013-04-16See #2409: Remove double replacing of dashes and instead change ↵CJ1-2/+2
`Content-Type` to `CONTENT_TYPE`
2013-04-16#2409: Updated based on feedback by @narfbg;CJ1-2/+8
2013-04-16apache_request_headers need not go through recapitalization of incomingCJ1-8/+8
headers and should be pass through as is. This is a follow up on #2107 (c82b57b) by @danhunsaker;
2013-03-26Code style fixnisheeth-barthwal1-1/+1
2013-03-26Code fixes in line with suggestionsnisheeth-barthwal1-5/+6
2013-03-25Simplified notation parsing and other cosmetic fixesnisheeth-barthwal1-31/+16
2013-03-25Changed "else if" to "elseif"nisheeth-barthwal1-1/+1
2013-03-23Removed $recurse parameter in lieu of auto parsing. Changed "provision" entry.nisheeth-barthwal1-19/+13
2013-03-21Added array notation for keys in Input librarynisheeth-barthwal1-16/+58
2013-02-23Updated exit codes as constant valuesDaniel Hunsaker1-1/+1
Re-allocated exit status codes according to three references, which follow: BSD sysexits.h:http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=sysexits GNU recomendations:http://www.gnu.org/software/libc/manual/html_node/Exit-Status.html Bash scripting:http://tldp.org/LDP/abs/html/exitcodes.html The GNU recommendations stem from and expand upon the standard C/C++ library (stdlibc) definitions, while also suggesting some best-practice conventions which happen to prevent exit status code collisions with bash, and probably other shells. The re-allocated codes are now mapped to constant values, set in *application/config/constants.php*, and used throughout the CodeIgniter core. They would additionally be used in *index.php*, but the constants file hasn't been loaded at that point, so the integer values are used instead, and a comment follows each such use with amplifying information on why that particular value was selected. Finally, the errors documentation has been updated accordingly. Signed-off-by: Daniel Hunsaker <danhunsaker@gmail.com>
2013-02-22Merge branch 'develop' of github.com:EllisLab/CodeIgniter into ↵Daniel Hunsaker1-2/+2
feature/exit-status
2013-01-28Fix newline standardization.Eric Roberts1-2/+2
Signed-off-by: Eric Roberts <eric@cryode.com>
2013-01-25Updated all cases of exit() to return a valid codeDaniel Hunsaker1-1/+2
Specific codes are as follows, but can easily be changed if a different order/breakdown makes more sense: - 0: Success; everything executed as planned - 1: Configuration Error; something is wrong with/in the configuration file(s) - 2: Class Not Found; what it says - 3: Driver Method Unsupported; the method you're trying to use on a Driver doesn't exist - 4: File Not Found; 404 error - 5: Database Error; something is broken in the database somewhere - 6: Invalid Input; the user attempted to submit a request with invlaid characters in 1+ key names 7 through 26 are reserved for future use - 27: Generic Error; generated by show_error() when the status code is >= 100 28 through 127 are errors generated by user applications, normally by using show_error() with a status code below 100 128 through 254 should not be used by applications, as they are reserved by system-level functions - 255: PHP Fatal Error; automatically generated by PHP for fatal errors, and therefore not allowed for our use Status codes below 100 are shifted up by 28 to place them in the user error range. It may make more sense to have these codes left alone and instead shift the CI errors into the 101 through 127 space, but that's not what I opted for here. It would probably also be a good idea to replace the hard-coded numbers with constants or some such, but I was in a bit of a hurry when I made these changes, so I didn't look around for the best place to do this. With proper guidance, I could easily amend this commit with another that uses such constant values. Signed-off-by: Daniel Hunsaker <danhunsaker@gmail.com>
2013-01-01[ci skip] Happy new yearAndrey Andreev1-1/+1
2012-12-31Fixed normalization of headers under ApacheDaniel Hunsaker1-1/+1
The existing header normalization routine converts headers provided by Apache (that is, with `-` in the name instead of `_`) to all lowercase, with the exception of the first character. This is different from the expected result, wherein each word of the header is capitalized. For example, `CONTENT-LENGTH` would normalize to `Content-length` instead of the expected `Content-Length`. The reason for this is that the existing code is only converting underscores to spaces, and leaving hyphens untouched. The fix is to replace hyphens with spaces as well before passing the result through `ucwords()`. That fix is included here. Signed-off-by: Daniel Hunsaker <danhunsaker@gmail.com>
2012-11-20Fix CI_Input::get() and CI_Input::post() not returning array when a key is ↵Andrey Andreev1-2/+12
not specified
2012-11-12Some micro-optimizationsAndrey Andreev1-2/+2
2012-11-06Added CI_Input::input_stream()Andrey Andreev1-0/+41
Helps in reading php://input stream data by caching it when accessed for the first time. (supersedes PR #1684)
2012-11-05Merge pull request #1730 from damao/developAlex Bilbie1-1/+1
Fix / Disallowed Key Characters.
2012-11-02Some micro-optimizationsAndrey Andreev1-6/+2
2012-11-01Manually apply PR #1594 (fixing phpdoc page-level generation/warnings)Andrey Andreev1-1/+2
Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files.
2012-10-27Remove extra new linesvkeranov1-1/+0
2012-10-27Input class improvementsAndrey Andreev1-107/+121
- Disable register_globals replication on PHP 5.4+ (no longer exists). - DocBlock improvements. - Add missing changelog entry. - Change user_agent() to return NULL when no value is found (for consistency with other fetcher methods).
2012-10-13Fix CI_Input::ip_address() subnet detectionAndrey Andreev1-20/+28
2012-10-09Remove an unnecessary variable initializationAndrey Andreev1-1/+1
2012-10-09Merge changes from developAndrey Andreev1-13/+3
2012-10-09Merge changes from 2.1-stableAndrey Andreev1-49/+48
2012-10-06Add IPv6 and array() support for *proxy_ips* configurationAndrey Andreev1-42/+99
2012-10-04Misc. style fixes [ci skip]Andrey Andreev1-8/+12
2012-09-20Fixes issue #1815 - input::ip_address() returns incorrect IP behind proxyAdam McCann1-1/+1
2012-08-20China's biggest ICP China Telecom will hijack user and leave a cookie ↵bigCat1-1/+1
contains | . such as "1345466626|7601294|43373|0|0|0" it's impossible to fix this shit...
2012-07-23Update system/core/Input.phpJordan Pittman1-11/+17
2012-07-21Added support for IP Address Range Masks (e.g. 192.168.137.0/24) to the ↵Jordan Pittman1-2/+19
Proxy IPs config option
2012-06-12Change file permissions for system/core/*.php and system/database/DB.php so ↵Andrey Andreev1-0/+0
that they don't differ from the rest
2012-06-10Merge branch 2.1-stable into developAndrey Andreev1-4/+16
2012-06-06removed ip_version()Joffrey Jaffeux1-21/+1
2012-06-06styling guide false -> FALSEJoffrey Jaffeux1-1/+1
2012-06-06ip_version() now returns int instead of stringJoffrey Jaffeux1-3/+3