Age | Commit message (Collapse) | Author | Files | Lines |
|
Added ['standardize_newlines']
Also altered the Session cookie driver, which experienced issues with this
feature due to it's HMAC verification failing after the Input class alters
newlines in non-encrypted session cookies.
Supersedes PR #2470
|
|
When ['global_xss_filtering'] was turned on, the , , &
superglobals were automatically overwritten. This resulted in one of the following problems:
- xss_clean() being called twice
- Inability to retrieve the original (not filtered) value
XSS filtering is now only applied on demand by the Input class, and the default value for
the parameter in CI_Input methods is changed to NULL. Unless a boolean value is
passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering']
value.
|
|
CI_Input::_clean_input_data() assumed that all input data is URL-encoded while sanitizing it.
However, PHP already performs URL-decoding on it, so this is either redudant or overly
intrusive as it resulted in many, many reports of data containing '%' followed by 1 numeric
characters being essentially destroyed.
Supersedes PR #1229
|
|
delete_cookie()'s first (name) parameter mandatory
|
|
replace it
Calls to this function are often needed before the Input library is available
|
|
|
|
followup to PR #2522
|
|
exact same behavior but faster, shorter
|
|
|
|
protected property;
|
|
|
|
|
|
`Content-Type` to `CONTENT_TYPE`
|
|
|
|
headers and should be pass through as is.
This is a follow up on #2107 (c82b57b) by @danhunsaker;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Re-allocated exit status codes according to three references, which follow:
BSD sysexits.h:http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=sysexits
GNU recomendations:http://www.gnu.org/software/libc/manual/html_node/Exit-Status.html
Bash scripting:http://tldp.org/LDP/abs/html/exitcodes.html
The GNU recommendations stem from and expand upon the standard C/C++ library (stdlibc)
definitions, while also suggesting some best-practice conventions which happen to prevent
exit status code collisions with bash, and probably other shells.
The re-allocated codes are now mapped to constant values, set in *application/config/constants.php*,
and used throughout the CodeIgniter core. They would additionally be used in *index.php*,
but the constants file hasn't been loaded at that point, so the integer values are used
instead, and a comment follows each such use with amplifying information on why that
particular value was selected.
Finally, the errors documentation has been updated accordingly.
Signed-off-by: Daniel Hunsaker <danhunsaker@gmail.com>
|
|
feature/exit-status
|
|
Signed-off-by: Eric Roberts <eric@cryode.com>
|
|
Specific codes are as follows, but can easily be changed if a different order/breakdown makes more sense:
- 0: Success; everything executed as planned
- 1: Configuration Error; something is wrong with/in the configuration file(s)
- 2: Class Not Found; what it says
- 3: Driver Method Unsupported; the method you're trying to use on a Driver doesn't exist
- 4: File Not Found; 404 error
- 5: Database Error; something is broken in the database somewhere
- 6: Invalid Input; the user attempted to submit a request with invlaid characters in 1+ key names
7 through 26 are reserved for future use
- 27: Generic Error; generated by show_error() when the status code is >= 100
28 through 127 are errors generated by user applications, normally by using show_error() with a status code below 100
128 through 254 should not be used by applications, as they are reserved by system-level functions
- 255: PHP Fatal Error; automatically generated by PHP for fatal errors, and therefore not allowed for our use
Status codes below 100 are shifted up by 28 to place them in the user error range. It may make more sense to have these codes
left alone and instead shift the CI errors into the 101 through 127 space, but that's not what I opted for here.
It would probably also be a good idea to replace the hard-coded numbers with constants or some such, but I was in a bit of a
hurry when I made these changes, so I didn't look around for the best place to do this. With proper guidance, I could
easily amend this commit with another that uses such constant values.
Signed-off-by: Daniel Hunsaker <danhunsaker@gmail.com>
|
|
|
|
The existing header normalization routine converts headers provided by Apache (that is, with `-` in the name instead of `_`)
to all lowercase, with the exception of the first character. This is different from the expected result, wherein each word
of the header is capitalized. For example, `CONTENT-LENGTH` would normalize to `Content-length` instead of the expected
`Content-Length`. The reason for this is that the existing code is only converting underscores to spaces, and leaving hyphens
untouched. The fix is to replace hyphens with spaces as well before passing the result through `ucwords()`.
That fix is included here.
Signed-off-by: Daniel Hunsaker <danhunsaker@gmail.com>
|
|
not specified
|
|
|
|
Helps in reading php://input stream data by caching it when accessed for the first time.
(supersedes PR #1684)
|
|
Fix / Disallowed Key Characters.
|
|
|
|
Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files.
|
|
|
|
- Disable register_globals replication on PHP 5.4+ (no longer exists).
- DocBlock improvements.
- Add missing changelog entry.
- Change user_agent() to return NULL when no value is found (for consistency with other fetcher methods).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
contains | .
such as "1345466626|7601294|43373|0|0|0"
it's impossible to fix this shit...
|
|
|
|
Proxy IPs config option
|
|
that they don't differ from the rest
|
|
|
|
|
|
|
|
|