From 93c09877da81323e083322126d9d02b97a9583d1 Mon Sep 17 00:00:00 2001 From: Ahmad Anbar Date: Sat, 31 May 2014 18:52:13 +0300 Subject: Added _display documentation. --- user_guide_src/source/libraries/output.rst | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/user_guide_src/source/libraries/output.rst b/user_guide_src/source/libraries/output.rst index e49ea5366..c3f948805 100644 --- a/user_guide_src/source/libraries/output.rst +++ b/user_guide_src/source/libraries/output.rst @@ -205,4 +205,32 @@ Class Reference Caches the current page for the specified amount of seconds. - For more information, please see the :doc:`caching documentation <../general/caching>`. \ No newline at end of file + For more information, please see the :doc:`caching documentation <../general/caching>`. + + .. method:: _display([$output='']) + + :param string $output: Output data override + :returns: void + :rtype: void + + sends finalized output data to the browser along with any server headers and profile data. It also stops benchmark + timers so the page rendering speed and memory usage can be shown. + + :: + + $this->output->_display(); + + .. note:: This method is called automatically at the end of script execution, you won't need to call it manually unless + you are aborting script execution using ``exit()`` or ``die()`` in your code. + + :: + $response = array('status' => 'OK'); + + $this->output + ->set_status_header(200) + ->set_content_type('application/json', 'utf-8') + ->set_output(json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)) + ->_display(); + exit(); + + .. note:: Calling this method manually without aborting script execution will result in a duplicated output. \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 9549666a1d026a8d275ba707b6c56506999f01cc Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 1 Jun 2014 00:00:13 +0300 Subject: Add support for non-ASCII domain names in FV & Email classes' valid_email() Depends on the Intl extension --- system/libraries/Email.php | 5 +++++ system/libraries/Form_validation.php | 5 +++++ user_guide_src/source/changelog.rst | 2 ++ 3 files changed, 12 insertions(+) diff --git a/system/libraries/Email.php b/system/libraries/Email.php index c39a26a15..88398d316 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1079,6 +1079,11 @@ class CI_Email { */ public function valid_email($email) { + if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@')) + { + $email = substr($email, 0, ++$atpos).idn_to_ascii(substr($email, $atpos)); + } + return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); } diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index dc5d17fb3..555a65959 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1225,6 +1225,11 @@ class CI_Form_validation { */ public function valid_email($str) { + if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@')) + { + $email = substr($email, 0, ++$atpos).idn_to_ascii(substr($email, $atpos)); + } + return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 8492be289..40c24a696 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -347,6 +347,7 @@ Release Date: Not Released - Added rule **alpha_numeric_spaces**. - Added support for custom error messages per field rule. - Added support for callable rules when they are passed as an array. + - Added support for non-ASCII domains in **valid_email** rule, depending on the Intl extension. - :doc:`Caching Library ` changes include: @@ -375,6 +376,7 @@ Release Date: Not Released - Added an optional parameter to ``print_debugger()`` to allow specifying which parts of the message should be printed ('headers', 'subject', 'body'). - Added SMTP keepalive option to avoid opening the connection for each ``send()`` call. Accessible as ``$smtp_keepalive``. - Public method ``set_header()`` now filters the input by removing all "\\r" and "\\n" characters. + - Added support for non-ASCII domains in ``valid_email()``, depending on the Intl extension. - :doc:`Pagination Library ` changes include: -- cgit v1.2.3-24-g4f1b From 054bbe8f16f14cd817d4a7e3b6b440ddc2be8245 Mon Sep 17 00:00:00 2001 From: Ahmad Anbar Date: Sun, 1 Jun 2014 12:20:08 +0300 Subject: Fixed code style. --- user_guide_src/source/libraries/output.rst | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/user_guide_src/source/libraries/output.rst b/user_guide_src/source/libraries/output.rst index c3f948805..5c82e455a 100644 --- a/user_guide_src/source/libraries/output.rst +++ b/user_guide_src/source/libraries/output.rst @@ -207,30 +207,26 @@ Class Reference For more information, please see the :doc:`caching documentation <../general/caching>`. - .. method:: _display([$output='']) + .. method:: _display([$output = '']) :param string $output: Output data override :returns: void :rtype: void - sends finalized output data to the browser along with any server headers and profile data. It also stops benchmark - timers so the page rendering speed and memory usage can be shown. - - :: - - $this->output->_display(); + Sends finalized output data to the browser along with any server headers. It also stops benchmark + timers. .. note:: This method is called automatically at the end of script execution, you won't need to call it manually unless you are aborting script execution using ``exit()`` or ``die()`` in your code. - :: + Example:: $response = array('status' => 'OK'); $this->output - ->set_status_header(200) - ->set_content_type('application/json', 'utf-8') - ->set_output(json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)) - ->_display(); - exit(); + ->set_status_header(200) + ->set_content_type('application/json', 'utf-8') + ->set_output(json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)) + ->_display(); + exit; - .. note:: Calling this method manually without aborting script execution will result in a duplicated output. \ No newline at end of file + .. note:: Calling this method manually without aborting script execution will result in duplicated output. \ No newline at end of file -- cgit v1.2.3-24-g4f1b From e06c5c4f04583eddf35aa8549ca16ed11e2503bf Mon Sep 17 00:00:00 2001 From: Ahmad Anbar Date: Sun, 1 Jun 2014 12:22:12 +0300 Subject: reduced line length. --- user_guide_src/source/libraries/output.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/libraries/output.rst b/user_guide_src/source/libraries/output.rst index 5c82e455a..218ec5896 100644 --- a/user_guide_src/source/libraries/output.rst +++ b/user_guide_src/source/libraries/output.rst @@ -216,8 +216,8 @@ Class Reference Sends finalized output data to the browser along with any server headers. It also stops benchmark timers. - .. note:: This method is called automatically at the end of script execution, you won't need to call it manually unless - you are aborting script execution using ``exit()`` or ``die()`` in your code. + .. note:: This method is called automatically at the end of script execution, you won't need to + call it manually unless you are aborting script execution using ``exit()`` or ``die()`` in your code. Example:: $response = array('status' => 'OK'); -- cgit v1.2.3-24-g4f1b From f9201ae527d2c321976658f5c360f7127faa414c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 1 Jun 2014 12:57:30 +0300 Subject: Fix wrong variable name --- system/libraries/Form_validation.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 555a65959..145692e89 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1225,9 +1225,9 @@ class CI_Form_validation { */ public function valid_email($str) { - if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@')) + if (function_exists('idn_to_ascii') && $atpos = strpos($str, '@')) { - $email = substr($email, 0, ++$atpos).idn_to_ascii(substr($email, $atpos)); + $str = substr($str, 0, ++$atpos).idn_to_ascii(substr($str, $atpos)); } return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); -- cgit v1.2.3-24-g4f1b From 1f5090acda137edb29cc649d85c7ef1b75b8f59f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 3 Jun 2014 15:40:30 +0300 Subject: Fix a potential undefined variable error --- system/helpers/file_helper.php | 2 +- system/libraries/Zip.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/system/helpers/file_helper.php b/system/helpers/file_helper.php index 8cfe0f1c1..8fdb5f7cc 100644 --- a/system/helpers/file_helper.php +++ b/system/helpers/file_helper.php @@ -80,7 +80,7 @@ if ( ! function_exists('write_file')) flock($fp, LOCK_EX); - for ($written = 0, $length = strlen($data); $written < $length; $written += $result) + for ($result = $written = 0, $length = strlen($data); $written < $length; $written += $result) { if (($result = fwrite($fp, substr($data, $written))) === FALSE) { diff --git a/system/libraries/Zip.php b/system/libraries/Zip.php index ab30a9019..62a84ae75 100644 --- a/system/libraries/Zip.php +++ b/system/libraries/Zip.php @@ -405,7 +405,7 @@ class CI_Zip { flock($fp, LOCK_EX); - for ($written = 0, $data = $this->get_zip(), $length = strlen($data); $written < $length; $written += $result) + for ($result = $written = 0, $data = $this->get_zip(), $length = strlen($data); $written < $length; $written += $result) { if (($result = fwrite($fp, substr($data, $written))) === FALSE) { -- cgit v1.2.3-24-g4f1b From d1bac4c7ee0b64ad1b4c3234223e7dec19a0c14c Mon Sep 17 00:00:00 2001 From: Sean Fahey Date: Tue, 3 Jun 2014 13:34:08 -0500 Subject: Added 'application/vnd.ms-office' MIME for ppt An export from Apple's Numbers to .ppt gives a MIME of application/vnd.ms-office --- application/config/mimes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/application/config/mimes.php b/application/config/mimes.php index 8123557f4..0723e6f12 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -58,7 +58,7 @@ return array( 'smil' => 'application/smil', 'mif' => 'application/vnd.mif', 'xls' => array('application/vnd.ms-excel', 'application/msexcel', 'application/x-msexcel', 'application/x-ms-excel', 'application/x-excel', 'application/x-dos_ms_excel', 'application/xls', 'application/x-xls', 'application/excel', 'application/download', 'application/vnd.ms-office', 'application/msword'), - 'ppt' => array('application/powerpoint', 'application/vnd.ms-powerpoint'), + 'ppt' => array('application/powerpoint', 'application/vnd.ms-powerpoint', 'application/vnd.ms-office'), 'pptx' => array('application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/x-zip', 'application/zip'), 'wbxml' => 'application/wbxml', 'wmlc' => 'application/wmlc', @@ -178,4 +178,4 @@ return array( ); /* End of file mimes.php */ -/* Location: ./application/config/mimes.php */ \ No newline at end of file +/* Location: ./application/config/mimes.php */ -- cgit v1.2.3-24-g4f1b From 905c1f3aac5731777af8881472e7496387002f6a Mon Sep 17 00:00:00 2001 From: Sean Fahey Date: Tue, 3 Jun 2014 13:46:05 -0500 Subject: Another ppt mime type --- application/config/mimes.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/mimes.php b/application/config/mimes.php index 0723e6f12..63233a9e5 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -58,7 +58,7 @@ return array( 'smil' => 'application/smil', 'mif' => 'application/vnd.mif', 'xls' => array('application/vnd.ms-excel', 'application/msexcel', 'application/x-msexcel', 'application/x-ms-excel', 'application/x-excel', 'application/x-dos_ms_excel', 'application/xls', 'application/x-xls', 'application/excel', 'application/download', 'application/vnd.ms-office', 'application/msword'), - 'ppt' => array('application/powerpoint', 'application/vnd.ms-powerpoint', 'application/vnd.ms-office'), + 'ppt' => array('application/powerpoint', 'application/vnd.ms-powerpoint', 'application/vnd.ms-office', 'application/msword'), 'pptx' => array('application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/x-zip', 'application/zip'), 'wbxml' => 'application/wbxml', 'wmlc' => 'application/wmlc', -- cgit v1.2.3-24-g4f1b -- cgit v1.2.3-24-g4f1b From 717e9c9adb5bd9d181ee9a35e2febf654ee925c3 Mon Sep 17 00:00:00 2001 From: sean Date: Tue, 3 Jun 2014 17:05:50 -0500 Subject: Seriously, remove the line ending --- application/config/mimes.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/mimes.php b/application/config/mimes.php index 63233a9e5..ccca69220 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -178,4 +178,4 @@ return array( ); /* End of file mimes.php */ -/* Location: ./application/config/mimes.php */ +/* Location: ./application/config/mimes.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 7428ff0cebbf89d6ad8dd9c8b77a5e0103e13c68 Mon Sep 17 00:00:00 2001 From: AdwinTrave Date: Wed, 4 Jun 2014 17:44:17 -0500 Subject: Updating table template prototype id documentation Updating template prototype in documentation to reflect the actual template prototype in the table library. --- user_guide_src/source/libraries/table.rst | 36 ++++++++++++++++++------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/user_guide_src/source/libraries/table.rst b/user_guide_src/source/libraries/table.rst index 9d95eddfc..bb001e84c 100644 --- a/user_guide_src/source/libraries/table.rst +++ b/user_guide_src/source/libraries/table.rst @@ -95,24 +95,30 @@ The Table Class permits you to set a table template with which you can specify the design of your layout. Here is the template prototype:: $template = array( - 'table_open' => '', + 'table_open' => '
', - 'heading_row_start' => '', - 'heading_row_end' => '', - 'heading_cell_start' => '', + 'thead_open' => '', + 'thead_close' => '', - 'row_start' => '', - 'row_end' => '', - 'cell_start' => '', + 'heading_row_start' => '', + 'heading_row_end' => '', + 'heading_cell_start' => '', - 'row_alt_start' => '', - 'row_alt_end' => '', - 'cell_alt_start' => '', + 'tbody_open' => '', + 'tbody_close' => '', - 'table_close' => '
', - 'heading_cell_end' => '
', - 'cell_end' => '
', + 'heading_cell_end' => '
', - 'cell_alt_end' => '
' + 'row_start' => '', + 'row_end' => '', + 'cell_start' => '', + 'cell_end' => '', + + 'row_alt_start' => '', + 'row_alt_end' => '', + 'cell_alt_start' => '', + 'cell_alt_end' => '', + + 'table_close' => '' ); $this->table->set_template($template); @@ -288,4 +294,4 @@ Class Reference $this->table->add_row('Mary', 'Monday', 'Air'); $this->table->add_row('John', 'Saturday', 'Overnight'); - echo $this->table->generate(); \ No newline at end of file + echo $this->table->generate(); -- cgit v1.2.3-24-g4f1b From 57f10059d7bff4cad3ff597f0e5749707b76f009 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jun 2014 12:22:37 +0300 Subject: Fix #3085 --- system/libraries/Form_validation.php | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 145692e89..1d654d9f7 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -792,27 +792,29 @@ class CI_Form_validation { if ($result === FALSE) { // Callable rules don't have named error messages - if ( ! is_callable($rule)) + if ( ! is_string($rule)) { - // Check if a custom message is defined - if (isset($this->_field_data[$row['field']]['errors'][$rule])) - { - $line = $this->_field_data[$row['field']]['errors'][$rule]; - } - elseif ( ! isset($this->_error_messages[$rule])) - { - if (FALSE === ($line = $this->CI->lang->line('form_validation_'.$rule)) - // DEPRECATED support for non-prefixed keys - && FALSE === ($line = $this->CI->lang->line($rule, FALSE))) - { - $line = 'Unable to access an error message corresponding to your field name.'; - } - } - else + return; + } + + // Check if a custom message is defined + if (isset($this->_field_data[$row['field']]['errors'][$rule])) + { + $line = $this->_field_data[$row['field']]['errors'][$rule]; + } + elseif ( ! isset($this->_error_messages[$rule])) + { + if (FALSE === ($line = $this->CI->lang->line('form_validation_'.$rule)) + // DEPRECATED support for non-prefixed keys + && FALSE === ($line = $this->CI->lang->line($rule, FALSE))) { - $line = $this->_error_messages[$rule]; + $line = 'Unable to access an error message corresponding to your field name.'; } } + else + { + $line = $this->_error_messages[$rule]; + } // Is the parameter we are inserting into the error message the name // of another field? If so we need to grab its "field label" -- cgit v1.2.3-24-g4f1b From 94293adfa2dea87ae0fc4ced4ba58dd9184a3adc Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 12 Jun 2014 11:33:43 +0300 Subject: Fix #3101 --- system/core/Hooks.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Hooks.php b/system/core/Hooks.php index fd1a2ba11..26ced0894 100644 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -127,7 +127,7 @@ class CI_Hooks { return FALSE; } - if (is_array($this->hooks[$which])) + if (is_array($this->hooks[$which]) && ! isset($this->hooks[$which]['function'])) { foreach ($this->hooks[$which] as $val) { -- cgit v1.2.3-24-g4f1b From b3355196d8a0541812fa0883e7fcdac912fa6d98 Mon Sep 17 00:00:00 2001 From: Fu Xu Date: Thu, 12 Jun 2014 16:45:00 +0800 Subject: config load bug fix --- system/core/Config.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/system/core/Config.php b/system/core/Config.php index ad0e5f981..6650c4cc9 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -104,10 +104,11 @@ class CI_Config { public function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE) { $file = ($file === '') ? 'config' : str_replace('.php', '', $file); - $found = $loaded = FALSE; + $loaded = FALSE; foreach ($this->_config_paths as $path) { + $found = FALSE; foreach (array(ENVIRONMENT.'/'.$file, $file) as $location) { $file_path = $path.'config/'.$location.'.php'; @@ -358,4 +359,4 @@ class CI_Config { } /* End of file Config.php */ -/* Location: ./system/core/Config.php */ \ No newline at end of file +/* Location: ./system/core/Config.php */ -- cgit v1.2.3-24-g4f1b From 66b181e56c38f0834342abc1bb9ed20c51aef240 Mon Sep 17 00:00:00 2001 From: Fu Xu Date: Thu, 12 Jun 2014 16:49:11 +0800 Subject: style change --- system/core/Config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Config.php b/system/core/Config.php index 6650c4cc9..bd197925a 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -108,7 +108,7 @@ class CI_Config { foreach ($this->_config_paths as $path) { - $found = FALSE; + $found = FALSE; foreach (array(ENVIRONMENT.'/'.$file, $file) as $location) { $file_path = $path.'config/'.$location.'.php'; -- cgit v1.2.3-24-g4f1b From 0bd32a66e5787ddb22a903d2ee718b3c872be454 Mon Sep 17 00:00:00 2001 From: Fu Xu Date: Thu, 12 Jun 2014 19:58:51 +0800 Subject: remove the empty line at the end of file --- system/core/Config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Config.php b/system/core/Config.php index bd197925a..db406dfde 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -359,4 +359,4 @@ class CI_Config { } /* End of file Config.php */ -/* Location: ./system/core/Config.php */ +/* Location: ./system/core/Config.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From a01924d2cc2d63d2bddbee85a18b423b88a9b19e Mon Sep 17 00:00:00 2001 From: Takayuki Sakai Date: Fri, 13 Jun 2014 02:01:52 +0900 Subject: Make num_links=0 in pagination library possible to configure --- system/libraries/Pagination.php | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php index 5b9bfcb5d..d079d835d 100644 --- a/system/libraries/Pagination.php +++ b/system/libraries/Pagination.php @@ -393,9 +393,9 @@ class CI_Pagination { // Check the user defined number of links. $this->num_links = (int) $this->num_links; - if ($this->num_links < 1) + if ($this->num_links < 0) { - show_error('Your number of links must be a positive number.'); + show_error('Your number of links must be a non-negative number.'); } // Keep any existing query string items. @@ -535,11 +535,14 @@ class CI_Pagination { // Render the "First" link. if ($this->first_link !== FALSE && $this->cur_page > ($this->num_links + 1)) { - // Take the general parameters, and squeeze this pagination-page attr in for JS frameworks. - $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, 1); + if (($this->num_links === 0 && $this->cur_page < 3) !== true) + { + // Take the general parameters, and squeeze this pagination-page attr in for JS frameworks. + $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, 1); - $output .= $this->first_tag_open.'_attr_rel('start').'>' + $output .= $this->first_tag_open.'_attr_rel('start').'>' .$this->first_link.''.$this->first_tag_close; + } } // Render the "Previous" link. @@ -611,12 +614,15 @@ class CI_Pagination { // Render the "Last" link if ($this->last_link !== FALSE && ($this->cur_page + $this->num_links) < $num_pages) { - $i = ($this->use_page_numbers) ? $num_pages : ($num_pages * $this->per_page) - $this->per_page; + if (($this->num_links === 0 && ($this->cur_page + 1) >= $num_pages) !== true) + { + $i = ($this->use_page_numbers) ? $num_pages : ($num_pages * $this->per_page) - $this->per_page; - $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, (int) $i); + $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, (int) $i); - $output .= $this->last_tag_open.'' - .$this->last_link.''.$this->last_tag_close; + $output .= $this->last_tag_open.'' + .$this->last_link.''.$this->last_tag_close; + } } // Kill double slashes. Note: Sometimes we can end up with a double slash -- cgit v1.2.3-24-g4f1b From 1240b6a04ee4e6a200cc882481f09fce6a7eb4fc Mon Sep 17 00:00:00 2001 From: Takayuki Sakai Date: Fri, 13 Jun 2014 18:12:02 +0900 Subject: Revert "Make num_links=0 in pagination library possible to configure" This reverts commit a01924d2cc2d63d2bddbee85a18b423b88a9b19e. --- system/libraries/Pagination.php | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php index d079d835d..5b9bfcb5d 100644 --- a/system/libraries/Pagination.php +++ b/system/libraries/Pagination.php @@ -393,9 +393,9 @@ class CI_Pagination { // Check the user defined number of links. $this->num_links = (int) $this->num_links; - if ($this->num_links < 0) + if ($this->num_links < 1) { - show_error('Your number of links must be a non-negative number.'); + show_error('Your number of links must be a positive number.'); } // Keep any existing query string items. @@ -535,14 +535,11 @@ class CI_Pagination { // Render the "First" link. if ($this->first_link !== FALSE && $this->cur_page > ($this->num_links + 1)) { - if (($this->num_links === 0 && $this->cur_page < 3) !== true) - { - // Take the general parameters, and squeeze this pagination-page attr in for JS frameworks. - $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, 1); + // Take the general parameters, and squeeze this pagination-page attr in for JS frameworks. + $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, 1); - $output .= $this->first_tag_open.'_attr_rel('start').'>' + $output .= $this->first_tag_open.'_attr_rel('start').'>' .$this->first_link.''.$this->first_tag_close; - } } // Render the "Previous" link. @@ -614,15 +611,12 @@ class CI_Pagination { // Render the "Last" link if ($this->last_link !== FALSE && ($this->cur_page + $this->num_links) < $num_pages) { - if (($this->num_links === 0 && ($this->cur_page + 1) >= $num_pages) !== true) - { - $i = ($this->use_page_numbers) ? $num_pages : ($num_pages * $this->per_page) - $this->per_page; + $i = ($this->use_page_numbers) ? $num_pages : ($num_pages * $this->per_page) - $this->per_page; - $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, (int) $i); + $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, (int) $i); - $output .= $this->last_tag_open.'' - .$this->last_link.''.$this->last_tag_close; - } + $output .= $this->last_tag_open.'' + .$this->last_link.''.$this->last_tag_close; } // Kill double slashes. Note: Sometimes we can end up with a double slash -- cgit v1.2.3-24-g4f1b From 8bc5903ce7d4694f50c2cd02036a788c88c134f2 Mon Sep 17 00:00:00 2001 From: Takayuki Sakai Date: Fri, 13 Jun 2014 18:38:05 +0900 Subject: Make 'num_links=0' configuration available in Pagination library Changed conditions when making 'first' and 'last' links --- system/libraries/Pagination.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php index 5b9bfcb5d..3c8baac36 100644 --- a/system/libraries/Pagination.php +++ b/system/libraries/Pagination.php @@ -393,9 +393,9 @@ class CI_Pagination { // Check the user defined number of links. $this->num_links = (int) $this->num_links; - if ($this->num_links < 1) + if ($this->num_links < 0) { - show_error('Your number of links must be a positive number.'); + show_error('Your number of links must be a non-negative number.'); } // Keep any existing query string items. @@ -533,7 +533,7 @@ class CI_Pagination { $output = ''; // Render the "First" link. - if ($this->first_link !== FALSE && $this->cur_page > ($this->num_links + 1)) + if ($this->first_link !== FALSE && $this->cur_page > ($this->num_links + 1 + ! $this->num_links)) { // Take the general parameters, and squeeze this pagination-page attr in for JS frameworks. $attributes = sprintf('%s %s="%d"', $this->_attributes, $this->data_page_attr, 1); @@ -609,7 +609,7 @@ class CI_Pagination { } // Render the "Last" link - if ($this->last_link !== FALSE && ($this->cur_page + $this->num_links) < $num_pages) + if ($this->last_link !== FALSE && ($this->cur_page + $this->num_links + ! $this->num_links) < $num_pages) { $i = ($this->use_page_numbers) ? $num_pages : ($num_pages * $this->per_page) - $this->per_page; -- cgit v1.2.3-24-g4f1b From f8a1453ca12becc6c7f7513e160cab343988d07d Mon Sep 17 00:00:00 2001 From: Takayuki Sakai Date: Fri, 13 Jun 2014 19:31:36 +0900 Subject: Add a changelog entry in Pagination Library section --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 40c24a696..02c2c181d 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -387,6 +387,7 @@ Release Date: Not Released - Added support for language translations of the *first_link*, *next_link*, *prev_link* and *last_link* values. - Added ``$config['reuse_query_string']`` to allow automatic repopulation of query string arguments, combined with normal URI segments. - Removed the default `` `` from a number of the configuration variables. + - Added support ``$config['num_links'] = 0`` configuration to allow showing only the first/prev/next/last links + the current page number. - :doc:`Profiler Library ` changes include: -- cgit v1.2.3-24-g4f1b From 41474117d235dda5dc3024a9018d1205cf63fbdc Mon Sep 17 00:00:00 2001 From: Takayuki Sakai Date: Fri, 13 Jun 2014 19:50:46 +0900 Subject: Fixed a changelog entry --- user_guide_src/source/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 02c2c181d..d32efbc08 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -387,7 +387,7 @@ Release Date: Not Released - Added support for language translations of the *first_link*, *next_link*, *prev_link* and *last_link* values. - Added ``$config['reuse_query_string']`` to allow automatic repopulation of query string arguments, combined with normal URI segments. - Removed the default `` `` from a number of the configuration variables. - - Added support ``$config['num_links'] = 0`` configuration to allow showing only the first/prev/next/last links + the current page number. + - Added support ``$config['num_links'] = 0`` configuration. - :doc:`Profiler Library ` changes include: -- cgit v1.2.3-24-g4f1b From 8ed90fa219df5f37b32dc2b5bbd96da98cdd0b5c Mon Sep 17 00:00:00 2001 From: Takayuki Sakai Date: Fri, 13 Jun 2014 19:59:27 +0900 Subject: Fixed the changelog entry again --- user_guide_src/source/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index d32efbc08..089524659 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -387,7 +387,7 @@ Release Date: Not Released - Added support for language translations of the *first_link*, *next_link*, *prev_link* and *last_link* values. - Added ``$config['reuse_query_string']`` to allow automatic repopulation of query string arguments, combined with normal URI segments. - Removed the default `` `` from a number of the configuration variables. - - Added support ``$config['num_links'] = 0`` configuration. + - Added support for ``$config['num_links'] = 0`` configuration. - :doc:`Profiler Library ` changes include: -- cgit v1.2.3-24-g4f1b From 62fad288482a02573d7c2f3463d97c7a0edbd533 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jun 2014 15:25:40 +0300 Subject: Fix #3112 --- system/database/drivers/cubrid/cubrid_driver.php | 9 +-------- system/database/drivers/mysql/mysql_driver.php | 4 +--- system/database/drivers/mysqli/mysqli_driver.php | 4 +--- system/database/drivers/sqlite3/sqlite3_driver.php | 2 +- 4 files changed, 4 insertions(+), 15 deletions(-) diff --git a/system/database/drivers/cubrid/cubrid_driver.php b/system/database/drivers/cubrid/cubrid_driver.php index 138b0ed45..c5cb79683 100644 --- a/system/database/drivers/cubrid/cubrid_driver.php +++ b/system/database/drivers/cubrid/cubrid_driver.php @@ -264,14 +264,7 @@ class CI_DB_cubrid_driver extends CI_DB { */ protected function _escape_str($str) { - if (function_exists('cubrid_real_escape_string') && - (is_resource($this->conn_id) - OR (get_resource_type($this->conn_id) === 'Unknown' && preg_match('/Resource id #/', strval($this->conn_id))))) - { - return cubrid_real_escape_string($str, $this->conn_id); - } - - return addslashes($str); + return cubrid_real_escape_string($str, $this->conn_id); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index 7cbcf1028..a827a6ed4 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -336,9 +336,7 @@ class CI_DB_mysql_driver extends CI_DB { */ protected function _escape_str($str) { - return is_resource($this->conn_id) - ? mysql_real_escape_string($str, $this->conn_id) - : addslashes($str); + return mysql_real_escape_string($str, $this->conn_id); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 09277fc39..aa4c6b559 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -307,9 +307,7 @@ class CI_DB_mysqli_driver extends CI_DB { */ protected function _escape_str($str) { - return is_object($this->conn_id) - ? $this->conn_id->real_escape_string($str) - : addslashes($str); + return $this->conn_id->real_escape_string($str); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/sqlite3/sqlite3_driver.php b/system/database/drivers/sqlite3/sqlite3_driver.php index a7d0d087d..2b447a1b3 100644 --- a/system/database/drivers/sqlite3/sqlite3_driver.php +++ b/system/database/drivers/sqlite3/sqlite3_driver.php @@ -189,7 +189,7 @@ class CI_DB_sqlite3_driver extends CI_DB { */ protected function _escape_str($str) { - return $this->conn_id->escapeString(remove_invisible_characters($str)); + return $this->conn_id->escapeString($str); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 1e83d69a52a85a4f568bfa086d658556acd48980 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jun 2014 20:08:59 +0300 Subject: Remove the custom IV option from CI_Encryption It serves for no practical purpose and can only do harm. --- system/libraries/Encryption.php | 87 ++++++++++--------------- tests/codeigniter/libraries/Encryption_test.php | 9 +-- user_guide_src/source/libraries/encryption.rst | 1 - 3 files changed, 37 insertions(+), 60 deletions(-) diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index 810b7bf4a..d6ffc9bfe 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -356,16 +356,14 @@ class CI_Encryption { { return FALSE; } - elseif ( ! isset($params['iv'])) - { - // The greater-than-1 comparison is mostly a work-around for a bug, - // where 1 is returned for ARCFour instead of 0. - $params['iv'] = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1) - ? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM) - : NULL; - } - if (mcrypt_generic_init($params['handle'], $params['key'], $params['iv']) < 0) + // The greater-than-1 comparison is mostly a work-around for a bug, + // where 1 is returned for ARCFour instead of 0. + $iv = (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1) + ? mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM) + : NULL; + + if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0) { if ($params['handle'] !== $this->_handle) { @@ -396,7 +394,7 @@ class CI_Encryption { // but OpenSSL isn't that dumb and we need to make the process // portable, so ... $data = (mcrypt_enc_get_modes_name($params['handle']) !== 'ECB') - ? $params['iv'].mcrypt_generic($params['handle'], $data) + ? $iv.mcrypt_generic($params['handle'], $data) : mcrypt_generic($params['handle'], $data); mcrypt_generic_deinit($params['handle']); @@ -423,19 +421,17 @@ class CI_Encryption { { return FALSE; } - elseif ( ! isset($params['iv'])) - { - $params['iv'] = ($iv_size = openssl_cipher_iv_length($params['handle'])) - ? openssl_random_pseudo_bytes($iv_size) - : NULL; - } + + $iv = ($iv_size = openssl_cipher_iv_length($params['handle'])) + ? openssl_random_pseudo_bytes($iv_size) + : NULL; $data = openssl_encrypt( $data, $params['handle'], $params['key'], 1, // DO NOT TOUCH! - $params['iv'] + $iv ); if ($data === FALSE) @@ -443,7 +439,7 @@ class CI_Encryption { return FALSE; } - return $params['iv'].$data; + return $iv.$data; } // -------------------------------------------------------------------- @@ -499,11 +495,6 @@ class CI_Encryption { $data = base64_decode($data); } - if (isset($params['iv']) && strncmp($params['iv'], $data, $iv_size = strlen($params['iv'])) === 0) - { - $data = substr($data, $iv_size); - } - isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, strlen($this->_key), 'encryption'); return $this->{'_'.$this->_driver.'_decrypt'}($data, $params); @@ -524,30 +515,28 @@ class CI_Encryption { { return FALSE; } - elseif ( ! isset($params['iv'])) + + // The greater-than-1 comparison is mostly a work-around for a bug, + // where 1 is returned for ARCFour instead of 0. + if (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1) { - // The greater-than-1 comparison is mostly a work-around for a bug, - // where 1 is returned for ARCFour instead of 0. - if (($iv_size = mcrypt_enc_get_iv_size($params['handle'])) > 1) + if (mcrypt_enc_get_modes_name($params['handle']) !== 'ECB') { - if (mcrypt_enc_get_modes_name($params['handle']) !== 'ECB') - { - $params['iv'] = substr($data, 0, $iv_size); - $data = substr($data, $iv_size); - } - else - { - // MCrypt is dumb and this is ignored, only size matters - $params['iv'] = str_repeat("\x0", $iv_size); - } + $iv = substr($data, 0, $iv_size); + $data = substr($data, $iv_size); } else { - $params['iv'] = NULL; + // MCrypt is dumb and this is ignored, only size matters + $iv = str_repeat("\x0", $iv_size); } } + else + { + $iv = NULL; + } - if (mcrypt_generic_init($params['handle'], $params['key'], $params['iv']) < 0) + if (mcrypt_generic_init($params['handle'], $params['key'], $iv) < 0) { if ($params['handle'] !== $this->_handle) { @@ -584,17 +573,14 @@ class CI_Encryption { */ protected function _openssl_decrypt($data, $params) { - if ( ! isset($params['iv'])) + if ($iv_size = openssl_cipher_iv_length($params['handle'])) { - if ($iv_size = openssl_cipher_iv_length($params['handle'])) - { - $params['iv'] = substr($data, 0, $iv_size); - $data = substr($data, $iv_size); - } - else - { - $params['iv'] = NULL; - } + $iv = substr($data, 0, $iv_size); + $data = substr($data, $iv_size); + } + else + { + $iv = NULL; } return empty($params['handle']) @@ -604,7 +590,7 @@ class CI_Encryption { $params['handle'], $params['key'], 1, // DO NOT TOUCH! - $params['iv'] + $iv ); } @@ -679,7 +665,6 @@ class CI_Encryption { 'cipher' => $params['cipher'], 'mode' => $params['mode'], 'key' => $params['key'], - 'iv' => isset($params['iv']) ? $params['iv'] : NULL, 'base64' => isset($params['raw_data']) ? ! $params['raw_data'] : FALSE, 'hmac_digest' => $params['hmac_digest'], 'hmac_key' => $params['hmac_key'] diff --git a/tests/codeigniter/libraries/Encryption_test.php b/tests/codeigniter/libraries/Encryption_test.php index 759d7cdac..f457fe325 100644 --- a/tests/codeigniter/libraries/Encryption_test.php +++ b/tests/codeigniter/libraries/Encryption_test.php @@ -141,7 +141,6 @@ class Encryption_test extends CI_TestCase { $this->assertTrue(is_array($this->encryption->__get_params($params))); - $params['iv'] = NULL; $params['base64'] = TRUE; $params['hmac_digest'] = 'sha512'; @@ -150,7 +149,6 @@ class Encryption_test extends CI_TestCase { 'cipher' => 'aes-128', 'mode' => 'cbc', 'key' => str_repeat("\x0", 16), - 'iv' => str_repeat("\x0", 16), 'raw_data' => TRUE, 'hmac_key' => str_repeat("\x0", 16), 'hmac_digest' => 'sha256' @@ -216,22 +214,17 @@ class Encryption_test extends CI_TestCase { $this->assertFalse($this->encryption->encrypt($message, array('foo'))); $this->assertFalse($this->encryption->decrypt($message, array('foo'))); - // Custom IV (we'll check it), no HMAC, binary output + // No HMAC, binary output $params = array( 'cipher' => 'tripledes', 'mode' => 'cfb', 'key' => str_repeat("\x1", 16), - 'iv' => str_repeat("\x2", 8), 'base64' => FALSE, 'hmac' => FALSE ); $ciphertext = $this->encryption->encrypt($message, $params); - $this->assertEquals(0, strncmp($params['iv'], $ciphertext, 8)); - // IV should be found in the cipher-text, no matter if it was supplied or not - $this->assertEquals($message, $this->encryption->decrypt($ciphertext, $params)); - unset($params['iv']); $this->assertEquals($message, $this->encryption->decrypt($ciphertext, $params)); } diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index a4415f510..ff41ade78 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -425,7 +425,6 @@ Option Default value Mandatory / Optional Description cipher N/A Yes Encryption algorithm (see :ref:`ciphers-and-modes`). mode N/A Yes Encryption mode (see :ref:`encryption-modes`). key N/A Yes Encryption key. -iv N/A No Initialization vector (IV). If not provided it will be automatically generated during encryption and looked for during decryption. hmac TRUE No Whether to use a HMAC. -- cgit v1.2.3-24-g4f1b From 38372554817921aa4efbab2225471474c2893b4a Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jun 2014 21:18:40 +0300 Subject: [ci skip] Leftover from 1e83d69a52a85a4f568bfa086d658556acd48980 --- user_guide_src/source/libraries/encryption.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index ff41ade78..28aa57302 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -425,8 +425,6 @@ Option Default value Mandatory / Optional Description cipher N/A Yes Encryption algorithm (see :ref:`ciphers-and-modes`). mode N/A Yes Encryption mode (see :ref:`encryption-modes`). key N/A Yes Encryption key. - If not provided it will be automatically generated - during encryption and looked for during decryption. hmac TRUE No Whether to use a HMAC. Boolean. If set to FALSE, then *hmac_digest* and *hmac_key* will be ignored. -- cgit v1.2.3-24-g4f1b From 4191be3d3be76909253158a6cd35fbf3a89cfb5f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Jun 2014 16:13:13 +0300 Subject: Fix a _potential_ flaw in password_hash() --- system/core/compat/password.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/system/core/compat/password.php b/system/core/compat/password.php index a9355d5d0..d5a017d9a 100644 --- a/system/core/compat/password.php +++ b/system/core/compat/password.php @@ -145,7 +145,10 @@ if ( ! function_exists('password_hash')) } isset($options['cost']) OR $options['cost'] = 10; - return crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt'])); + + return (strlen($password = crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt']))) === 60) + ? $password + : FALSE; } } -- cgit v1.2.3-24-g4f1b From 42183de45621e09621399ee161135f995af552ff Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 22 Jun 2014 00:09:36 +0300 Subject: Add CI_Encryption::create_key() This was planned, we somehow forgot about it. :) --- system/libraries/Encryption.php | 15 +++++++++++++++ user_guide_src/source/libraries/encryption.rst | 15 ++++++++++----- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index d6ffc9bfe..aa91cd3f9 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -309,6 +309,21 @@ class CI_Encryption { // -------------------------------------------------------------------- + /** + * Create a random key + * + * @param int $length Output length + * @return string + */ + public function create_key($length) + { + return ($this->_driver === 'mcrypt') + ? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM) + : openssl_random_pseudo_bytes($length); + } + + // -------------------------------------------------------------------- + /** * Encrypt * diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 28aa57302..1353c4ed0 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -84,14 +84,19 @@ your server is not totally under your control it's impossible to ensure key security so you may want to think carefully before using it for anything that requires high security, like storing credit card numbers. -Your encryption key should be as long as the encyption algorithm in use -allows. For AES-128, that's 128 bits or 16 bytes (charcters) long. The -key should be as random as possible and it should **not** be a simple -text string. - +Your encryption key **must** be as long as the encyption algorithm in use +allows. For AES-128, that's 128 bits or 16 bytes (charcters) long. You will find a table below that shows the supported key lengths of different ciphers. +The key should be as random as possible and it **must not** be a regular +text string, nor the output of a hashing function, etc. In order to create +a proper key, you must use the Encryption library's ``create_key()`` method +:: + + // $key will be assigned a 16-byte (128-bit) random key + $key = $this->encryption->create_key(16); + The key can be either stored in your *application/config/config.php*, or you can design your own storage mechanism and pass the key dynamically when encrypting/decrypting. -- cgit v1.2.3-24-g4f1b From eb93e7347f4c7320ba0247b29095907d3b5b7b7f Mon Sep 17 00:00:00 2001 From: Graham Campbell Date: Sun, 29 Jun 2014 14:05:49 +0100 Subject: Fixed typo --- system/core/Security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index 2cf214b18..cce20cdb9 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -605,7 +605,7 @@ class CI_Security { { if (($char = array_search($matches[$i].';', $_entities, TRUE)) !== FALSE) { - $replace[$matches[$i]] = $character; + $replace[$matches[$i]] = $char; } } @@ -934,4 +934,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ \ No newline at end of file +/* Location: ./system/core/Security.php */ -- cgit v1.2.3-24-g4f1b From 3820b5a7c4533599f114909376b2546ee282978c Mon Sep 17 00:00:00 2001 From: Graham Campbell Date: Sun, 29 Jun 2014 17:55:56 +0100 Subject: Fixed eof --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Security.php b/system/core/Security.php index cce20cdb9..c4621d588 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -934,4 +934,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ +/* Location: ./system/core/Security.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 60f744bb05b778f33230bb7dc31aeb2b6409e0b2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 1 Jul 2014 08:33:30 +0300 Subject: Fix #3124 --- system/database/drivers/mssql/mssql_driver.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/database/drivers/mssql/mssql_driver.php b/system/database/drivers/mssql/mssql_driver.php index f4a166180..8d830fb51 100644 --- a/system/database/drivers/mssql/mssql_driver.php +++ b/system/database/drivers/mssql/mssql_driver.php @@ -143,8 +143,8 @@ class CI_DB_mssql_driver extends CI_DB { } // Note: Escaping is required in the event that the DB name - // contains reserved characters - if (mssql_select_db($this->escape_identifiers($database), $this->conn_id)) + // contains reserved characters. + if (mssql_select_db('['.$database.']', $this->conn_id)) { $this->database = $database; return TRUE; -- cgit v1.2.3-24-g4f1b From ab9971f112c1394db0d0fc963d860479d3ec408b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 2 Jul 2014 19:09:08 +0300 Subject: Remove GCM mode from CI_Encryption (OpenSSL) While openssl_get_cipher_methods() lists 'aes--gcm' as supported, it appears that this is only half of the story. To be more specific, only the encryption operation of GCM is performed, and the authentication message is completely missing, rendering the whole thing useles. --- system/libraries/Encryption.php | 5 ++--- user_guide_src/source/libraries/encryption.rst | 17 ++++++----------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index aa91cd3f9..b85d7da36 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -105,7 +105,6 @@ class CI_Encryption { 'cfb8' => 'cfb8', 'ctr' => 'ctr', 'stream' => '', - 'gcm' => 'gcm', 'xts' => 'xts' ) ); @@ -628,7 +627,7 @@ class CI_Encryption { 'mode' => $this->_mode, 'key' => NULL, 'base64' => TRUE, - 'hmac_digest' => ($this->_mode !== 'gcm' ? 'sha512' : NULL), + 'hmac_digest' => 'sha512', 'hmac_key' => NULL ) : FALSE; @@ -651,7 +650,7 @@ class CI_Encryption { } } - if ($params['mode'] === 'gcm' OR (isset($params['hmac']) && $params['hmac'] === FALSE)) + if (isset($params['hmac']) && $params['hmac'] === FALSE) { $params['hmac_digest'] = $params['hmac_key'] = NULL; } diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 1353c4ed0..5d92b109a 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -173,9 +173,9 @@ but regardless, here's a list of most of them: ============== ========= ============================== ========================================= Cipher name Driver Key lengths (bits / bytes) Supported modes ============== ========= ============================== ========================================= -AES-128 OpenSSL 128 / 16 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS -AES-192 OpenSSL 192 / 24 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS -AES-256 OpenSSL 256 / 32 CBC, CTR, CFB, CFB8, OFB, ECB, GCM, XTS +AES-128 OpenSSL 128 / 16 CBC, CTR, CFB, CFB8, OFB, ECB, XTS +AES-192 OpenSSL 192 / 24 CBC, CTR, CFB, CFB8, OFB, ECB, XTS +AES-256 OpenSSL 256 / 32 CBC, CTR, CFB, CFB8, OFB, ECB, XTS Rijndael-128 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB Rijndael-192 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB Rijndael-256 MCrypt 128 / 16, 192 / 24, 256 / 32 CBC, CTR, CFB, CFB8, OFB, OFB8, ECB @@ -239,7 +239,6 @@ CFB8 cfb8 MCrypt, OpenSSL Same as CFB, but operates in 8- OFB ofb MCrypt, OpenSSL N/A OFB8 ofb8 MCrypt Same as OFB, but operates in 8-bit mode (not recommended). ECB ecb MCrypt, OpenSSL Ignores IV (not recommended). -GCM gcm OpenSSL Provides authentication and therefore doesn't need a HMAC. XTS xts OpenSSL Usually used for encrypting random access data such as RAM or hard-disk storage. Stream stream MCrypt, OpenSSL This is not actually a mode, it just says that a stream cipher is being used. Required because of the general cipher+mode initialization process. =========== ================== ================= =================================================================================================================================================== @@ -251,10 +250,9 @@ It's probably important for you to know that an encrypted string is usually longer than the original, plain-text string (depending on the cipher). This is influenced by the cipher algorithm itself, the IV prepended to the -cipher-text and (unless you are using GCM mode) the HMAC authentication -message that is also prepended. Furthermore, the encrypted message is also -Base64-encoded so that it is safe for storage and transmission, regardless -of a possible character set in use. +cipher-text and the HMAC authentication message that is also prepended. +Furthermore, the encrypted message is also Base64-encoded so that it is safe +for storage and transmission, regardless of a possible character set in use. Keep this information in mind when selecting your data storage mechanism. Cookies, for example, can only hold 4K of information. @@ -446,9 +444,6 @@ raw_data FALSE No Whether the cipher-t value is incorrect. This includes *hmac_key*, unless *hmac* is set to FALSE. -.. note:: If GCM mode is used, *hmac* will always be FALSE. This is - because GCM mode itself provides authentication. - .. _digests: Supported HMAC authentication algorithms -- cgit v1.2.3-24-g4f1b From 5df2f1b741cc03477c279ef01be6c564e6076c0e Mon Sep 17 00:00:00 2001 From: Dionysis Arvanitis Date: Sat, 5 Jul 2014 12:14:56 +0300 Subject: Missing looping index added. Without index empty rows returned for csv column headers. --- system/database/drivers/pdo/pdo_result.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php index 1b8fbc9d4..3f3af2e19 100644 --- a/system/database/drivers/pdo/pdo_result.php +++ b/system/database/drivers/pdo/pdo_result.php @@ -93,7 +93,7 @@ class CI_DB_pdo_result extends CI_DB_result { { // Might trigger an E_WARNING due to not all subdrivers // supporting getColumnMeta() - $field_names[$i] = @$this->result_id->getColumnMeta(); + $field_names[$i] = @$this->result_id->getColumnMeta($i); $field_names[$i] = $field_names[$i]['name']; } -- cgit v1.2.3-24-g4f1b From 5286ef0f3ec6d298fa53bfbf8ecde474e5710f81 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 6 Jul 2014 19:57:59 +0300 Subject: Fix #3131 --- system/helpers/url_helper.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index dff1a86d2..4493d5b97 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -208,6 +208,10 @@ if ( ! function_exists('anchor_popup')) $window_name = $attributes['window_name']; unset($attributes['window_name']); } + else + { + $window_name = '_blank'; + } foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val) { -- cgit v1.2.3-24-g4f1b From 05fcc09436c0c34cc5883d7840abc81ad5af7969 Mon Sep 17 00:00:00 2001 From: Kyle Valade Date: Sun, 6 Jul 2014 13:43:20 -0700 Subject: Return 403 instead of 500 if no CSRF token given Not supplying a CSRF token shouldn't return a 500 response because it isn't a server error. The response status code should definitely be in the 400's, because it's the client's fault. And it should be a 403 because the client is forbidden from making that request without the appropriate credential (the CSRF token), though the request may be otherwise valid. http://en.wikipedia.org/wiki/List_of_HTTP_status_codes --- system/core/Security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index c4621d588..f1802f0c4 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -275,7 +275,7 @@ class CI_Security { */ public function csrf_show_error() { - show_error('The action you have requested is not allowed.'); + show_error('The action you have requested is not allowed.', 403); } // -------------------------------------------------------------------- @@ -934,4 +934,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ \ No newline at end of file +/* Location: ./system/core/Security.php */ -- cgit v1.2.3-24-g4f1b From 5b3fe7c4af5e08e17480b911fbfa8cf0ef6475c0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 7 Jul 2014 10:55:53 +0300 Subject: Fix a few typos and add a backport (compat) for hex2bin() --- system/core/CodeIgniter.php | 2 +- system/core/compat/array.php | 246 ----------- system/core/compat/standard.php | 293 +++++++++++++ tests/Bootstrap.php | 2 +- tests/codeigniter/core/compat/array_test.php | 429 ------------------- tests/codeigniter/core/compat/standard_test.php | 461 +++++++++++++++++++++ user_guide_src/source/changelog.rst | 2 +- .../source/general/compatibility_functions.rst | 38 +- user_guide_src/source/libraries/encryption.rst | 4 +- 9 files changed, 782 insertions(+), 695 deletions(-) delete mode 100644 system/core/compat/array.php create mode 100644 system/core/compat/standard.php delete mode 100644 tests/codeigniter/core/compat/array_test.php create mode 100644 tests/codeigniter/core/compat/standard_test.php diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 1c6e76b4f..3e1280bab 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -249,7 +249,7 @@ if ( ! is_php('5.4')) require_once(BASEPATH.'core/compat/mbstring.php'); require_once(BASEPATH.'core/compat/hash.php'); require_once(BASEPATH.'core/compat/password.php'); - require_once(BASEPATH.'core/compat/array.php'); + require_once(BASEPATH.'core/compat/standard.php'); /* * ------------------------------------------------------ diff --git a/system/core/compat/array.php b/system/core/compat/array.php deleted file mode 100644 index 07dae21c2..000000000 --- a/system/core/compat/array.php +++ /dev/null @@ -1,246 +0,0 @@ -markTestSkipped('All array functions are already available on PHP 5.5'); - } - elseif ( ! is_php('5.3')) - { - $this->assertTrue(function_exists('array_replace')); - $this->assertTrue(function_exists('array_replace_recursive')); - } - - $this->assertTrue(function_exists('array_column')); - } - - // ------------------------------------------------------------------------ - - /** - * array_column() test - * - * Borrowed from PHP's own tests - * - * @depends test_bootstrap - */ - public function test_array_column() - { - // Basic tests - - $input = array( - array( - 'id' => 1, - 'first_name' => 'John', - 'last_name' => 'Doe' - ), - array( - 'id' => 2, - 'first_name' => 'Sally', - 'last_name' => 'Smith' - ), - array( - 'id' => 3, - 'first_name' => 'Jane', - 'last_name' => 'Jones' - ) - ); - - // Ensure internal array position doesn't break it - next($input); - - $this->assertEquals( - array('John', 'Sally', 'Jane'), - array_column($input, 'first_name') - ); - - $this->assertEquals( - array(1, 2, 3), - array_column($input, 'id') - ); - - $this->assertEquals( - array( - 1 => 'Doe', - 2 => 'Smith', - 3 => 'Jones' - ), - array_column($input, 'last_name', 'id') - ); - - $this->assertEquals( - array( - 'John' => 'Doe', - 'Sally' => 'Smith', - 'Jane' => 'Jones' - ), - array_column($input, 'last_name', 'first_name') - ); - - // Object key search - - $f = new Foo(); - $b = new Bar(); - - $this->assertEquals( - array('Doe', 'Smith', 'Jones'), - array_column($input, $f) - ); - - $this->assertEquals( - array( - 'John' => 'Doe', - 'Sally' => 'Smith', - 'Jane' => 'Jones' - ), - array_column($input, $f, $b) - ); - - // NULL parameters - - $input = array( - 456 => array( - 'id' => '3', - 'title' => 'Foo', - 'date' => '2013-03-25' - ), - 457 => array( - 'id' => '5', - 'title' => 'Bar', - 'date' => '2012-05-20' - ) - ); - - $this->assertEquals( - array( - 3 => array( - 'id' => '3', - 'title' => 'Foo', - 'date' => '2013-03-25' - ), - 5 => array( - 'id' => '5', - 'title' => 'Bar', - 'date' => '2012-05-20' - ) - ), - array_column($input, NULL, 'id') - ); - - $this->assertEquals( - array( - array( - 'id' => '3', - 'title' => 'Foo', - 'date' => '2013-03-25' - ), - array( - 'id' => '5', - 'title' => 'Bar', - 'date' => '2012-05-20' - ) - ), - array_column($input, NULL, 'foo') - ); - - $this->assertEquals( - array( - array( - 'id' => '3', - 'title' => 'Foo', - 'date' => '2013-03-25' - ), - array( - 'id' => '5', - 'title' => 'Bar', - 'date' => '2012-05-20' - ) - ), - array_column($input, NULL) - ); - - // Data types - - $fh = fopen(__FILE__, 'r', TRUE); - $stdClass = new stdClass(); - $input = array( - array( - 'id' => 1, - 'value' => $stdClass - ), - array( - 'id' => 2, - 'value' => 34.2345 - ), - array( - 'id' => 3, - 'value' => TRUE - ), - array( - 'id' => 4, - 'value' => FALSE - ), - array( - 'id' => 5, - 'value' => NULL - ), - array( - 'id' => 6, - 'value' => 1234 - ), - array( - 'id' => 7, - 'value' => 'Foo' - ), - array( - 'id' => 8, - 'value' => $fh - ) - ); - - $this->assertEquals( - array( - $stdClass, - 34.2345, - TRUE, - FALSE, - NULL, - 1234, - 'Foo', - $fh - ), - array_column($input, 'value') - ); - - $this->assertEquals( - array( - 1 => $stdClass, - 2 => 34.2345, - 3 => TRUE, - 4 => FALSE, - 5 => NULL, - 6 => 1234, - 7 => 'Foo', - 8 => $fh - ), - array_column($input, 'value', 'id') - ); - - // Numeric column keys - - $input = array( - array('aaa', '111'), - array('bbb', '222'), - array('ccc', '333', -1 => 'ddd') - ); - - $this->assertEquals( - array('111', '222', '333'), - array_column($input, 1) - ); - - $this->assertEquals( - array( - 'aaa' => '111', - 'bbb' => '222', - 'ccc' => '333' - ), - array_column($input, 1, 0) - ); - - $this->assertEquals( - array( - 'aaa' => '111', - 'bbb' => '222', - 'ccc' => '333' - ), - array_column($input, 1, 0.123) - ); - - $this->assertEquals( - array( - 0 => '111', - 1 => '222', - 'ddd' => '333' - ), - array_column($input, 1, -1) - ); - - // Non-existing columns - - $this->assertEquals(array(), array_column($input, 2)); - $this->assertEquals(array(), array_column($input, 'foo')); - $this->assertEquals( - array('aaa', 'bbb', 'ccc'), - array_column($input, 0, 'foo') - ); - $this->assertEquals(array(), array_column($input, 3.14)); - - // One-dimensional array - $this->assertEquals(array(), array_column(array('foo', 'bar', 'baz'), 1)); - - // Columns not present in all rows - - $input = array( - array('a' => 'foo', 'b' => 'bar', 'e' => 'bbb'), - array('a' => 'baz', 'c' => 'qux', 'd' => 'aaa'), - array('a' => 'eee', 'b' => 'fff', 'e' => 'ggg') - ); - - $this->assertEquals( - array('qux'), - array_column($input, 'c') - ); - - $this->assertEquals( - array('baz' => 'qux'), - array_column($input, 'c', 'a') - ); - - $this->assertEquals( - array( - 0 => 'foo', - 'aaa' => 'baz', - 1 => 'eee' - ), - array_column($input, 'a', 'd') - ); - - $this->assertEquals( - array( - 'bbb' => 'foo', - 0 => 'baz', - 'ggg' => 'eee' - ), - array_column($input, 'a', 'e') - ); - - $this->assertEquals( - array('bar', 'fff'), - array_column($input, 'b') - ); - - $this->assertEquals( - array( - 'foo' => 'bar', - 'eee' => 'fff' - ), - array_column($input, 'b', 'a') - ); - } - - // ------------------------------------------------------------------------ - - /** - * array_replace(), array_replace_recursive() tests - * - * Borrowed from PHP's own tests - * - * @depends test_bootstrap - */ - public function test_array_replace_recursive() - { - if (is_php('5.3')) - { - return $this->markTestSkipped('array_replace() and array_replace_recursive() are already available on PHP 5.3'); - } - - $array1 = array( - 0 => 'dontclobber', - '1' => 'unclobbered', - 'test2' => 0.0, - 'test3' => array( - 'testarray2' => TRUE, - 1 => array( - 'testsubarray1' => 'dontclobber2', - 'testsubarray2' => 'dontclobber3' - ) - ) - ); - - $array2 = array( - 1 => 'clobbered', - 'test3' => array( - 'testarray2' => FALSE - ), - 'test4' => array( - 'clobbered3' => array(0, 1, 2) - ) - ); - - // array_replace() - $this->assertEquals( - array( - 0 => 'dontclobber', - 1 => 'clobbered', - 'test2' => 0.0, - 'test3' => array( - 'testarray2' => FALSE - ), - 'test4' => array( - 'clobbered3' => array(0, 1, 2) - ) - ), - array_replace($array1, $array2) - ); - - // array_replace_recursive() - $this->assertEquals( - array( - 0 => 'dontclobber', - 1 => 'clobbered', - 'test2' => 0.0, - 'test3' => array( - 'testarray2' => FALSE, - 1 => array( - 'testsubarray1' => 'dontclobber2', - 'testsubarray2' => 'dontclobber3' - ) - ), - 'test4' => array( - 'clobbered3' => array(0, 1, 2) - ) - ), - array_replace_recursive($array1, $array2) - ); - } -} - -// ------------------------------------------------------------------------ - -// These are necessary for the array_column() tests - -class Foo { - - public function __toString() - { - return 'last_name'; - } -} - -class Bar { - - public function __toString() - { - return 'first_name'; - } -} \ No newline at end of file diff --git a/tests/codeigniter/core/compat/standard_test.php b/tests/codeigniter/core/compat/standard_test.php new file mode 100644 index 000000000..8c7e7313a --- /dev/null +++ b/tests/codeigniter/core/compat/standard_test.php @@ -0,0 +1,461 @@ +markTestSkipped('All array functions are already available on PHP 5.5'); + } + + $this->assertTrue(function_exists('array_column')); + + if ( ! is_php('5.4')) + { + $this->assertTrue(function_exists('hex2bin')); + } + + if ( ! is_php('5.3')) + { + $this->assertTrue(function_exists('array_replace')); + $this->assertTrue(function_exists('array_replace_recursive')); + } + } + + // ------------------------------------------------------------------------ + + /** + * array_column() test + * + * Borrowed from PHP's own tests + * + * @depends test_bootstrap + */ + public function test_array_column() + { + // Basic tests + + $input = array( + array( + 'id' => 1, + 'first_name' => 'John', + 'last_name' => 'Doe' + ), + array( + 'id' => 2, + 'first_name' => 'Sally', + 'last_name' => 'Smith' + ), + array( + 'id' => 3, + 'first_name' => 'Jane', + 'last_name' => 'Jones' + ) + ); + + // Ensure internal array position doesn't break it + next($input); + + $this->assertEquals( + array('John', 'Sally', 'Jane'), + array_column($input, 'first_name') + ); + + $this->assertEquals( + array(1, 2, 3), + array_column($input, 'id') + ); + + $this->assertEquals( + array( + 1 => 'Doe', + 2 => 'Smith', + 3 => 'Jones' + ), + array_column($input, 'last_name', 'id') + ); + + $this->assertEquals( + array( + 'John' => 'Doe', + 'Sally' => 'Smith', + 'Jane' => 'Jones' + ), + array_column($input, 'last_name', 'first_name') + ); + + // Object key search + + $f = new Foo(); + $b = new Bar(); + + $this->assertEquals( + array('Doe', 'Smith', 'Jones'), + array_column($input, $f) + ); + + $this->assertEquals( + array( + 'John' => 'Doe', + 'Sally' => 'Smith', + 'Jane' => 'Jones' + ), + array_column($input, $f, $b) + ); + + // NULL parameters + + $input = array( + 456 => array( + 'id' => '3', + 'title' => 'Foo', + 'date' => '2013-03-25' + ), + 457 => array( + 'id' => '5', + 'title' => 'Bar', + 'date' => '2012-05-20' + ) + ); + + $this->assertEquals( + array( + 3 => array( + 'id' => '3', + 'title' => 'Foo', + 'date' => '2013-03-25' + ), + 5 => array( + 'id' => '5', + 'title' => 'Bar', + 'date' => '2012-05-20' + ) + ), + array_column($input, NULL, 'id') + ); + + $this->assertEquals( + array( + array( + 'id' => '3', + 'title' => 'Foo', + 'date' => '2013-03-25' + ), + array( + 'id' => '5', + 'title' => 'Bar', + 'date' => '2012-05-20' + ) + ), + array_column($input, NULL, 'foo') + ); + + $this->assertEquals( + array( + array( + 'id' => '3', + 'title' => 'Foo', + 'date' => '2013-03-25' + ), + array( + 'id' => '5', + 'title' => 'Bar', + 'date' => '2012-05-20' + ) + ), + array_column($input, NULL) + ); + + // Data types + + $fh = fopen(__FILE__, 'r', TRUE); + $stdClass = new stdClass(); + $input = array( + array( + 'id' => 1, + 'value' => $stdClass + ), + array( + 'id' => 2, + 'value' => 34.2345 + ), + array( + 'id' => 3, + 'value' => TRUE + ), + array( + 'id' => 4, + 'value' => FALSE + ), + array( + 'id' => 5, + 'value' => NULL + ), + array( + 'id' => 6, + 'value' => 1234 + ), + array( + 'id' => 7, + 'value' => 'Foo' + ), + array( + 'id' => 8, + 'value' => $fh + ) + ); + + $this->assertEquals( + array( + $stdClass, + 34.2345, + TRUE, + FALSE, + NULL, + 1234, + 'Foo', + $fh + ), + array_column($input, 'value') + ); + + $this->assertEquals( + array( + 1 => $stdClass, + 2 => 34.2345, + 3 => TRUE, + 4 => FALSE, + 5 => NULL, + 6 => 1234, + 7 => 'Foo', + 8 => $fh + ), + array_column($input, 'value', 'id') + ); + + // Numeric column keys + + $input = array( + array('aaa', '111'), + array('bbb', '222'), + array('ccc', '333', -1 => 'ddd') + ); + + $this->assertEquals( + array('111', '222', '333'), + array_column($input, 1) + ); + + $this->assertEquals( + array( + 'aaa' => '111', + 'bbb' => '222', + 'ccc' => '333' + ), + array_column($input, 1, 0) + ); + + $this->assertEquals( + array( + 'aaa' => '111', + 'bbb' => '222', + 'ccc' => '333' + ), + array_column($input, 1, 0.123) + ); + + $this->assertEquals( + array( + 0 => '111', + 1 => '222', + 'ddd' => '333' + ), + array_column($input, 1, -1) + ); + + // Non-existing columns + + $this->assertEquals(array(), array_column($input, 2)); + $this->assertEquals(array(), array_column($input, 'foo')); + $this->assertEquals( + array('aaa', 'bbb', 'ccc'), + array_column($input, 0, 'foo') + ); + $this->assertEquals(array(), array_column($input, 3.14)); + + // One-dimensional array + $this->assertEquals(array(), array_column(array('foo', 'bar', 'baz'), 1)); + + // Columns not present in all rows + + $input = array( + array('a' => 'foo', 'b' => 'bar', 'e' => 'bbb'), + array('a' => 'baz', 'c' => 'qux', 'd' => 'aaa'), + array('a' => 'eee', 'b' => 'fff', 'e' => 'ggg') + ); + + $this->assertEquals( + array('qux'), + array_column($input, 'c') + ); + + $this->assertEquals( + array('baz' => 'qux'), + array_column($input, 'c', 'a') + ); + + $this->assertEquals( + array( + 0 => 'foo', + 'aaa' => 'baz', + 1 => 'eee' + ), + array_column($input, 'a', 'd') + ); + + $this->assertEquals( + array( + 'bbb' => 'foo', + 0 => 'baz', + 'ggg' => 'eee' + ), + array_column($input, 'a', 'e') + ); + + $this->assertEquals( + array('bar', 'fff'), + array_column($input, 'b') + ); + + $this->assertEquals( + array( + 'foo' => 'bar', + 'eee' => 'fff' + ), + array_column($input, 'b', 'a') + ); + } + + // ------------------------------------------------------------------------ + + /** + * hex2bin() tests + * + * @depends test_bootstrap + */ + public function test_hex2bin() + { + if (is_php('5.4')) + { + return $this->markTestSkipped('hex2bin() is already available on PHP 5.4'); + } + + $this->assertEquals("\x03\x04", hex2bin("0304")); + $this->assertEquals('', hex2bin('')); + $this->assertEquals("\x01\x02\x03", hex2bin(new FooHex())); + } + + // ------------------------------------------------------------------------ + + /** + * array_replace(), array_replace_recursive() tests + * + * Borrowed from PHP's own tests + * + * @depends test_bootstrap + */ + public function test_array_replace_recursive() + { + if (is_php('5.3')) + { + return $this->markTestSkipped('array_replace() and array_replace_recursive() are already available on PHP 5.3'); + } + + $array1 = array( + 0 => 'dontclobber', + '1' => 'unclobbered', + 'test2' => 0.0, + 'test3' => array( + 'testarray2' => TRUE, + 1 => array( + 'testsubarray1' => 'dontclobber2', + 'testsubarray2' => 'dontclobber3' + ) + ) + ); + + $array2 = array( + 1 => 'clobbered', + 'test3' => array( + 'testarray2' => FALSE + ), + 'test4' => array( + 'clobbered3' => array(0, 1, 2) + ) + ); + + // array_replace() + $this->assertEquals( + array( + 0 => 'dontclobber', + 1 => 'clobbered', + 'test2' => 0.0, + 'test3' => array( + 'testarray2' => FALSE + ), + 'test4' => array( + 'clobbered3' => array(0, 1, 2) + ) + ), + array_replace($array1, $array2) + ); + + // array_replace_recursive() + $this->assertEquals( + array( + 0 => 'dontclobber', + 1 => 'clobbered', + 'test2' => 0.0, + 'test3' => array( + 'testarray2' => FALSE, + 1 => array( + 'testsubarray1' => 'dontclobber2', + 'testsubarray2' => 'dontclobber3' + ) + ), + 'test4' => array( + 'clobbered3' => array(0, 1, 2) + ) + ), + array_replace_recursive($array1, $array2) + ); + } +} + +// ------------------------------------------------------------------------ + +class Foo { + + public function __toString() + { + return 'last_name'; + } +} + +class Bar { + + public function __toString() + { + return 'first_name'; + } +} + +class FooHex { + + public function __toString() + { + return '010203'; + } + +} \ No newline at end of file diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 089524659..4bb2a3ee1 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -530,7 +530,7 @@ Release Date: Not Released - `Multibyte String `_ (limited support). - `Hash `_ (``hash_equals()``, ``hash_pbkdf2()``). - `Password Hashing `_. - - `Array Functions `_ (``array_column()``, ``array_replace()``, ``array_replace_recursive()``). + - `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hexbin()``. - Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions). - Log Library will now try to create the **log_path** directory if it doesn't exist. diff --git a/user_guide_src/source/general/compatibility_functions.rst b/user_guide_src/source/general/compatibility_functions.rst index e685073a1..0dc87804b 100644 --- a/user_guide_src/source/general/compatibility_functions.rst +++ b/user_guide_src/source/general/compatibility_functions.rst @@ -7,12 +7,12 @@ you to use functions what are otherwise natively available in PHP, but only in higher versions or depending on a certain extension. Being custom implementations, these functions will also have some -set of dependancies on their own, but are still useful if your +set of dependencies on their own, but are still useful if your PHP setup doesn't offer them natively. .. note:: Much like the `common functions `, the compatibility functions are always available, as long as - their dependancies are met. + their dependencies are met. .. contents:: :local: @@ -29,7 +29,7 @@ This set of compatibility functions offers a "backport" of PHP's standard `Password Hashing extension `_ that is otherwise available only since PHP 5.5. -Dependancies +Dependencies ============ - PHP 5.3.7 @@ -65,7 +65,7 @@ Function reference password_hash() `_. .. note:: Unless you provide your own (and valid) salt, this function - has a further dependancy on an available CSPRNG source. Each + has a further dependency on an available CSPRNG source. Each of the following would satisfy that: - ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM`` - ``openssl_random_pseudo_bytes()`` @@ -101,7 +101,7 @@ This compatibility layer contains backports for the ``hash_equals()`` and ``hash_pbkdf2()`` functions, which otherwise require PHP 5.6 and/or PHP 5.5 respectively. -Dependancies +Dependencies ============ - None @@ -144,19 +144,19 @@ the limited alternative solutions, only a few functions are available. .. note:: When a character set parameter is ommited, ``$config['charset']`` will be used. -Dependancies +Dependencies ============ - `iconv `_ extension -.. important:: This dependancy is optional and these functions will +.. important:: This dependency is optional and these functions will always be declared. If iconv is not available, they WILL fall-back to their non-mbstring versions. .. important:: Where a character set is supplied, it must be supported by iconv and in a format that it recognizes. -.. note:: For you own dependancy check on the actual mbstring +.. note:: For you own dependency check on the actual mbstring extension, use the ``MB_ENABLED`` constant. Function reference @@ -196,15 +196,14 @@ Function reference For more information, please refer to the `PHP manual for mb_substr() `_. -*************** -Array Functions -*************** +****************** +Standard Functions +****************** This set of compatibility functions offers support for a few -standard `Array Functions `_ in PHP -that otherwise require a newer PHP version. +standard functions in PHP that otherwise require a newer PHP version. -Dependancies +Dependencies ============ - None @@ -244,4 +243,13 @@ Function reference array_replace_recursive() `_. .. important:: Only PHP's native function can detect endless recursion. - Unless you are running PHP 5.3+, be careful with references! \ No newline at end of file + Unless you are running PHP 5.3+, be careful with references! + +.. function:: hex2bin($data) + + :param array $data: Hexadecimal representation of data + :returns: Binary representation of the given data + :rtype: string + + For more information, please refer to the `PHP manual for hex2bin() + `_. \ No newline at end of file diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst index 5d92b109a..f29ebf4ed 100644 --- a/user_guide_src/source/libraries/encryption.rst +++ b/user_guide_src/source/libraries/encryption.rst @@ -5,13 +5,13 @@ Encryption Library The Encryption Library provides two-way data encryption. To do so in a cryptographically secure way, it utilizes PHP extensions that are unfortunately not always available on all systems. -You must meet one of the following dependancies in order to use this +You must meet one of the following dependencies in order to use this library: - `OpenSSL `_ (and PHP 5.3.3) - `MCrypt `_ (and `MCRYPT_DEV_URANDOM` availability) -If neither of the above dependancies is met, we simply cannot offer +If neither of the above dependencies is met, we simply cannot offer you a good enough implementation to meet the high standards required for proper cryptography. -- cgit v1.2.3-24-g4f1b From 6500bc77232657141dbc34aa3c840dd9e205b84f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 7 Jul 2014 14:11:26 +0300 Subject: Add a backport (compat) for quoted_printable_encode() --- system/core/compat/standard.php | 92 ++++++++++++++++- tests/codeigniter/core/compat/standard_test.php | 115 +++++++++++++++++++++ user_guide_src/source/changelog.rst | 2 +- .../source/general/compatibility_functions.rst | 11 +- 4 files changed, 216 insertions(+), 4 deletions(-) diff --git a/system/core/compat/standard.php b/system/core/compat/standard.php index 6380fa1e8..afe9e9852 100644 --- a/system/core/compat/standard.php +++ b/system/core/compat/standard.php @@ -289,5 +289,93 @@ if ( ! function_exists('array_replace_recursive')) } } -/* End of file array.php */ -/* Location: ./system/core/compat/array.php */ \ No newline at end of file +// ------------------------------------------------------------------------ + +if ( ! function_exists('quoted_printable_encode')) +{ + /** + * quoted_printable_encode() + * + * @link http://php.net/quoted_printable_encode + * @param string $str + * @return string + */ + function quoted_printable_encode($str) + { + if (strlen($str) === 0) + { + return ''; + } + elseif (in_array($type = gettype($str), array('array', 'object'), TRUE)) + { + if ($type === 'object' && method_exists($str, '__toString')) + { + $str = (string) $str; + } + else + { + trigger_error('quoted_printable_encode() expects parameter 1 to be string, '.$type.' given', E_USER_WARNING); + return NULL; + } + } + + if (function_exists('imap_8bit')) + { + return imap_8bit($str); + } + + $i = $lp = 0; + $output = ''; + $hex = '0123456789ABCDEF'; + $length = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')) + ? mb_strlen($str, '8bit') + : strlen($str); + + while ($length--) + { + if ((($c = $str[$i++]) === "\015") && isset($str[$i]) && ($str[$i] === "\012") && $length > 0) + { + $output .= "\015".$str[$i++]; + $length--; + $lp = 0; + continue; + } + + if ( + ctype_cntrl($c) + OR (ord($c) === 0x7f) + OR (ord($c) & 0x80) + OR ($c === '=') + OR ($c === ' ' && isset($str[$i]) && $str[$i] === "\015") + ) + { + if ( + (($lp += 3) > 75 && ord($c) <= 0x7f) + OR (ord($c) > 0x7f && ord($c) <= 0xdf && ($lp + 3) > 75) + OR (ord($c) > 0xdf && ord($c) <= 0xef && ($lp + 6) > 75) + OR (ord($c) > 0xef && ord($c) <= 0xf4 && ($lp + 9) > 75) + ) + { + $output .= "=\015\012"; + $lp = 3; + } + + $output .= '='.$hex[ord($c) >> 4].$hex[ord($c) & 0xf]; + continue; + } + + if ((++$lp) > 75) + { + $output .= "=\015\012"; + $lp = 1; + } + + $output .= $c; + } + + return $output; + } +} + +/* End of file standard.php */ +/* Location: ./system/core/compat/standard.php */ \ No newline at end of file diff --git a/tests/codeigniter/core/compat/standard_test.php b/tests/codeigniter/core/compat/standard_test.php index 8c7e7313a..a3a6d9552 100644 --- a/tests/codeigniter/core/compat/standard_test.php +++ b/tests/codeigniter/core/compat/standard_test.php @@ -20,6 +20,7 @@ class standard_test extends CI_TestCase { { $this->assertTrue(function_exists('array_replace')); $this->assertTrue(function_exists('array_replace_recursive')); + $this->assertTrue(function_exists('quoted_printable_encode')); } } @@ -431,6 +432,113 @@ class standard_test extends CI_TestCase { array_replace_recursive($array1, $array2) ); } + + // ------------------------------------------------------------------------ + + /** + * quoted_printable_encode() tests + * + * Borrowed from PHP's own tests + * + * @depends test_bootstrap + */ + public function test_quoted_printable_encode() + { + if (is_php('5.3')) + { + return $this->markTestSkipped('quoted_printable_encode() is already available on PHP 5.3'); + } + + + // These are actually imap_8bit() tests: + $this->assertEquals("String with CRLF at end=20\r\n", quoted_printable_encode("String with CRLF at end \r\n")); + // ext/imap/tests/imap_8bit_basic.phpt says for this line: + // NB this appears to be a bug in cclient; a space at end of string should be encoded as =20 + $this->assertEquals("String with space at end ", quoted_printable_encode("String with space at end ")); + $this->assertEquals("String with tabs =09=09 in middle", quoted_printable_encode("String with tabs \t\t in middle")); + $this->assertEquals("String with tab at end =09", quoted_printable_encode("String with tab at end \t")); + $this->assertEquals("=00=01=02=03=04=FE=FF=0A=0D", quoted_printable_encode("\x00\x01\x02\x03\x04\xfe\xff\x0a\x0d")); + + // And these are from ext/standard/tests/strings/quoted_printable_encode_002.phpt: + $this->assertEquals( + "=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=\r\n" + ."=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=\r\n" + ."=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=\r\n" + ."=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=\r\n" + ."=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=\r\n" + ."=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=\r\n" + ."=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=\r\n" + ."=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00=00", + $d = quoted_printable_encode(str_repeat("\0", 200)) + ); + $this->assertEquals(str_repeat("\x0", 200), quoted_printable_decode($d)); + $this->assertEquals( + "=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=\r\n" + ."=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=\r\n" + ."=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=\r\n" + ."=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=\r\n" + ."=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=\r\n" + ."=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=\r\n" + ."=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=\r\n" + ."=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=\r\n" + ."=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =\r\n" + ."=D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=\r\n" + ."=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=\r\n" + ."=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=\r\n" + ."=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=\r\n" + ."=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=\r\n" + ."=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=\r\n" + ."=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=\r\n" + ."=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=\r\n" + ."=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=\r\n" + ."=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=\r\n" + ."=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =\r\n" + ."=D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=\r\n" + ."=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=\r\n" + ."=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=\r\n" + ."=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=\r\n" + ."=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=\r\n" + ."=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=\r\n" + ."=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=\r\n" + ."=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=\r\n" + ."=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=\r\n" + ."=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=\r\n" + ."=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=\r\n" + ."=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =\r\n" + ."=D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=\r\n" + ."=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=\r\n" + ."=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=\r\n" + ."=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=\r\n" + ."=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=\r\n" + ."=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=\r\n" + ."=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=\r\n" + ."=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=\r\n" + ."=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=\r\n" + ."=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=\r\n" + ."=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =\r\n" + ."=D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=\r\n" + ."=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=\r\n" + ."=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=\r\n" + ."=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=\r\n" + ."=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=\r\n" + ."=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=\r\n" + ."=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=\r\n" + ."=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=\r\n" + ."=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=\r\n" + ."=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=\r\n" + ."=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=\r\n" + ."=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =\r\n" + ."=D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=\r\n" + ."=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=\r\n" + ."=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=\r\n" + ."=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=8E=D0=BD=D0=B8=\r\n" + ."=D0=BA=D0=BE=D0=B4=D0=B5=D1=81=D1=82=D1=80=D0=BE=D0=BA=D0=B0 =D0=B2 =D1=\r\n" + ."=8E=D0=BD=D0=B8=D0=BA=D0=BE=D0=B4=D0=B5", + $d = quoted_printable_encode(str_repeat('строка в юникоде', 50)) + ); + $this->assertEquals(str_repeat('строка в юникоде', 50), quoted_printable_decode($d)); + $this->assertEquals('this is a foo', quoted_printable_encode(new FooObject())); + } } // ------------------------------------------------------------------------ @@ -457,5 +565,12 @@ class FooHex { { return '010203'; } +} +class FooObject +{ + public function __toString() + { + return 'this is a foo'; + } } \ No newline at end of file diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 4bb2a3ee1..987e466d5 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -530,7 +530,7 @@ Release Date: Not Released - `Multibyte String `_ (limited support). - `Hash `_ (``hash_equals()``, ``hash_pbkdf2()``). - `Password Hashing `_. - - `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hexbin()``. + - `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hex2bin()``, ``quoted_printable_encode()``. - Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions). - Log Library will now try to create the **log_path** directory if it doesn't exist. diff --git a/user_guide_src/source/general/compatibility_functions.rst b/user_guide_src/source/general/compatibility_functions.rst index 0dc87804b..aee9b1ef0 100644 --- a/user_guide_src/source/general/compatibility_functions.rst +++ b/user_guide_src/source/general/compatibility_functions.rst @@ -252,4 +252,13 @@ Function reference :rtype: string For more information, please refer to the `PHP manual for hex2bin() - `_. \ No newline at end of file + `_. + +.. function:: quoted_printable_encode($str) + + :param string $str: Input string + :returns: 8bit-encoded string + :rtype: string + + For more information, please refer to the `PHP manual for + quoted_printable_encode() `_. \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 2da3550055ea20eba309ef68347a806a3986375d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 7 Jul 2014 14:41:57 +0300 Subject: Fix potential bugs in password_hash(), CI_Encryption strlen(), substr() are not byte-safe when mbstring.func_overload is enabled --- system/core/compat/password.php | 9 ++++-- system/libraries/Encryption.php | 61 +++++++++++++++++++++++++++++++++++------ 2 files changed, 59 insertions(+), 11 deletions(-) diff --git a/system/core/compat/password.php b/system/core/compat/password.php index d5a017d9a..a8bc756f0 100644 --- a/system/core/compat/password.php +++ b/system/core/compat/password.php @@ -83,6 +83,9 @@ if ( ! function_exists('password_hash')) */ function password_hash($password, $algo, array $options = array()) { + static $func_override; + isset($func_override) OR $func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override')); + if ($algo !== 1) { trigger_error('password_hash(): Unknown hashing algorithm: '.(int) $algo, E_USER_WARNING); @@ -95,9 +98,9 @@ if ( ! function_exists('password_hash')) return NULL; } - if (isset($options['salt']) && strlen($options['salt']) < 22) + if (isset($options['salt']) && ($saltlen = ($func_override ? mb_strlen($options['salt'], '8bit') : strlen($options['salt']))) < 22) { - trigger_error('password_hash(): Provided salt is too short: '.strlen($options['salt']).' expecting 22', E_USER_WARNING); + trigger_error('password_hash(): Provided salt is too short: '.$saltlen.' expecting 22', E_USER_WARNING); return NULL; } elseif ( ! isset($options['salt'])) @@ -119,7 +122,7 @@ if ( ! function_exists('password_hash')) } $options['salt'] = ''; - for ($read = 0; $read < 16; $read = strlen($options['salt'])) + for ($read = 0; $read < 16; $read = ($func_override) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt'])) { if (($read = fread($fp, 16 - $read)) === FALSE) { diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index b85d7da36..d47d65e8a 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -123,6 +123,13 @@ class CI_Encryption { 'sha512' => 64 ); + /** + * mbstring.func_override flag + * + * @var bool + */ + protected static $func_override; + // -------------------------------------------------------------------- /** @@ -145,8 +152,10 @@ class CI_Encryption { return show_error('Encryption: Unable to find an available encryption driver.'); } + isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override')); $this->initialize($params); - if ( ! isset($this->_key) && strlen($key = config_item('encryption_key')) > 0) + + if ( ! isset($this->_key) && self::strlen($key = config_item('encryption_key')) > 0) { $this->_key = $key; } @@ -337,7 +346,7 @@ class CI_Encryption { return FALSE; } - isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, strlen($this->_key), 'encryption'); + isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, self::strlen($this->_key), 'encryption'); if (($data = $this->{'_'.$this->_driver.'_encrypt'}($data, $params)) === FALSE) { @@ -392,7 +401,7 @@ class CI_Encryption { if (in_array(strtolower(mcrypt_enc_get_modes_name($params['handle'])), array('cbc', 'ecb'), TRUE)) { $block_size = mcrypt_enc_get_block_size($params['handle']); - $pad = $block_size - (strlen($data) % $block_size); + $pad = $block_size - (self::strlen($data) % $block_size); $data .= str_repeat(chr($pad), $pad); } @@ -480,7 +489,7 @@ class CI_Encryption { ? $this->_digests[$params['hmac_digest']] * 2 : $this->_digests[$params['hmac_digest']]; - if (strlen($data) <= $digest_size) + if (self::strlen($data) <= $digest_size) { return FALSE; } @@ -509,7 +518,7 @@ class CI_Encryption { $data = base64_decode($data); } - isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, strlen($this->_key), 'encryption'); + isset($params['key']) OR $params['key'] = $this->hkdf($this->_key, 'sha512', NULL, self::strlen($this->_key), 'encryption'); return $this->{'_'.$this->_driver.'_decrypt'}($data, $params); } @@ -564,7 +573,7 @@ class CI_Encryption { // Remove PKCS#7 padding, if necessary if (in_array(strtolower(mcrypt_enc_get_modes_name($params['handle'])), array('cbc', 'ecb'), TRUE)) { - $data = substr($data, 0, -ord($data[strlen($data)-1])); + $data = substr($data, 0, -ord($data[self::strlen($data)-1])); } mcrypt_generic_deinit($params['handle']); @@ -827,11 +836,11 @@ class CI_Encryption { return FALSE; } - strlen($salt) OR $salt = str_repeat("\0", $this->_digests[$digest]); + self::strlen($salt) OR $salt = str_repeat("\0", $this->_digests[$digest]); $prk = hash_hmac($digest, $key, $salt, TRUE); $key = ''; - for ($key_block = '', $block_index = 1; strlen($key) < $length; $block_index++) + for ($key_block = '', $block_index = 1; self::strlen($key) < $length; $block_index++) { $key_block = hash_hmac($digest, $key_block.$info.chr($block_index), $prk, TRUE); $key .= $key_block; @@ -863,6 +872,42 @@ class CI_Encryption { return NULL; } + // -------------------------------------------------------------------- + + /** + * Byte-safe strlen() + * + * @param string $str + * @return integer + */ + protected static function strlen($str) + { + return (self::$func_override) + ? mb_strlen($str, '8bit') + : strlen($str); + } + + // -------------------------------------------------------------------- + + /** + * Byte-safe substr() + * + * @param string $str + * @param int $start + * @param int $length + * @return string + */ + protected static function substr($str, $start, $length = null) + { + if (self::$func_override) + { + return mb_substr($str, $start, $length); + } + + return isset($length) + ? substr($str, $start, $length) + : substr($str, $start); + } } /* End of file Encryption.php */ -- cgit v1.2.3-24-g4f1b From 9fa275e6aba369fab6557284a84e2c0dda77da35 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 7 Jul 2014 14:43:51 +0300 Subject: Continuing from previous commit ... use CI_Encryption::substr() --- system/libraries/Encryption.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index d47d65e8a..0b759eb5d 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -494,8 +494,8 @@ class CI_Encryption { return FALSE; } - $hmac_input = substr($data, 0, $digest_size); - $data = substr($data, $digest_size); + $hmac_input = self::substr($data, 0, $digest_size); + $data = self::substr($data, $digest_size); isset($params['hmac_key']) OR $params['hmac_key'] = $this->hkdf($this->_key, 'sha512', NULL, NULL, 'authentication'); $hmac_check = hash_hmac($params['hmac_digest'], $data, $params['hmac_key'], ! $params['base64']); @@ -545,8 +545,8 @@ class CI_Encryption { { if (mcrypt_enc_get_modes_name($params['handle']) !== 'ECB') { - $iv = substr($data, 0, $iv_size); - $data = substr($data, $iv_size); + $iv = self::substr($data, 0, $iv_size); + $data = self::substr($data, $iv_size); } else { @@ -573,7 +573,7 @@ class CI_Encryption { // Remove PKCS#7 padding, if necessary if (in_array(strtolower(mcrypt_enc_get_modes_name($params['handle'])), array('cbc', 'ecb'), TRUE)) { - $data = substr($data, 0, -ord($data[self::strlen($data)-1])); + $data = self::substr($data, 0, -ord($data[self::strlen($data)-1])); } mcrypt_generic_deinit($params['handle']); @@ -598,8 +598,8 @@ class CI_Encryption { { if ($iv_size = openssl_cipher_iv_length($params['handle'])) { - $iv = substr($data, 0, $iv_size); - $data = substr($data, $iv_size); + $iv = self::substr($data, 0, $iv_size); + $data = self::substr($data, $iv_size); } else { @@ -846,7 +846,7 @@ class CI_Encryption { $key .= $key_block; } - return substr($key, 0, $length); + return self::substr($key, 0, $length); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From ed86ee14f3a36de1034b8fa19ff6d41aeb428a93 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 11 Jul 2014 19:48:37 +0300 Subject: Add setting ['composer_autoload'] Supersedes PR #3132 --- application/config/config.php | 22 +++++++++++++++++++++- system/core/CodeIgniter.php | 17 +++++++++++++++++ user_guide_src/source/changelog.rst | 1 + user_guide_src/source/general/autoloader.rst | 6 +++++- 4 files changed, 44 insertions(+), 2 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index d269b6e5d..b6b3c9fdf 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -121,7 +121,6 @@ $config['charset'] = 'UTF-8'; */ $config['enable_hooks'] = FALSE; - /* |-------------------------------------------------------------------------- | Class Extension Prefix @@ -136,6 +135,27 @@ $config['enable_hooks'] = FALSE; */ $config['subclass_prefix'] = 'MY_'; +/* +|-------------------------------------------------------------------------- +| Composer auto-loading +|-------------------------------------------------------------------------- +| +| Enabling this setting will tell CodeIgniter to look for a Composer +| package auto-loader script in application/vendor/autoload.php. +| +| $config['composer_autoload'] = TRUE; +| +| Or if you have your vendor/ directory located somewhere else, you +| can opt to set a specific path as well: +| +| $config['composer_autoload'] = '/path/to/vendor/autoload.php'; +| +| For more information about Composer, please visit http://getcomposer.org/ +| +| Note: This will NOT disable or override the CodeIgniter-specific +| autoloading (application/config/autoload.php) +*/ +$config['composer_autoload'] = FALSE; /* |-------------------------------------------------------------------------- diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 3e1280bab..5ff788ae3 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -447,6 +447,23 @@ if ( ! is_php('5.4')) $params = array_slice($URI->rsegments, 2); } +/* + * ------------------------------------------------------ + * Should we use a Composer autoloader? + * ------------------------------------------------------ + */ + if (($composer_autoload = config_item('composer_autoload')) !== FALSE) + { + if ($composer_autoload === TRUE && file_exists(APPPATH.'vendor/autoload.php')) + { + require_once(APPPATH.'vendor/autoload.php'); + } + elseif (file_exists($composer_autoload)) + { + require_once($composer_autoload); + } + } + /* * ------------------------------------------------------ * Is there a "pre_controller" hook? diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 987e466d5..bcdb12feb 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -61,6 +61,7 @@ Release Date: Not Released - Added availability checks where usage of dangerous functions like ``eval()`` and ``exec()`` is required. - Added support for changing the file extension of log files using ``$config['log_file_extension']``. - Added support for turning newline standardization on/off via ``$config['standardize_newlines']`` and set it to FALSE by default. + - Added configuration setting ``$config['composer_autoload']`` to enable loading of a `Composer `_ auto-loader. - Helpers diff --git a/user_guide_src/source/general/autoloader.rst b/user_guide_src/source/general/autoloader.rst index bf2e3935a..2f1223e28 100644 --- a/user_guide_src/source/general/autoloader.rst +++ b/user_guide_src/source/general/autoloader.rst @@ -20,4 +20,8 @@ file and add the item you want loaded to the autoload array. You'll find instructions in that file corresponding to each type of item. .. note:: Do not include the file extension (.php) when adding items to - the autoload array. \ No newline at end of file + the autoload array. + +Additionally, if you want CodeIgniter to use a `Composer `_ +auto-loader, just set ``$config['composer_autoload']`` to ``TRUE`` or +a custom path in **application/config/config.php**. \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 45cf68c43f782e33173f8ad2e932dc929a0cd340 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 12 Jul 2014 02:20:41 +0300 Subject: [ci skip] Add a note about CI_Driver (issue #3140) --- user_guide_src/source/general/creating_drivers.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user_guide_src/source/general/creating_drivers.rst b/user_guide_src/source/general/creating_drivers.rst index cf4ea5d7f..63ac83902 100644 --- a/user_guide_src/source/general/creating_drivers.rst +++ b/user_guide_src/source/general/creating_drivers.rst @@ -18,4 +18,8 @@ Sample driver directory and file structure layout: .. note:: In order to maintain compatibility on case-sensitive file systems, the Driver_name directory must be - named in the format returned by ``ucfirst()``. \ No newline at end of file + named in the format returned by ``ucfirst()``. + +.. note:: The Driver library's architecture is such that + the subclasses don't extend and therefore don't inherit + properties or methods of the main driver. \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 11beac2458afa34fe83913b77c9ba103d90583cd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 12 Jul 2014 18:28:38 +0300 Subject: Fix CI_Encryption::substr() usage of mb_substr() The whole point was to use 8bit encoding --- system/libraries/Encryption.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index 0b759eb5d..e002c28ef 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -901,7 +901,7 @@ class CI_Encryption { { if (self::$func_override) { - return mb_substr($str, $start, $length); + return mb_substr($str, $start, $length, '8bit'); } return isset($length) -- cgit v1.2.3-24-g4f1b From 35a7b44d6515e5ceae0151119a56904296a32ee5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 12 Jul 2014 21:46:26 +0300 Subject: Fix CI_Encryption::substr() for PHP 5.3 Nothing critical, just an edge case that isn't currently used --- system/libraries/Encryption.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php index e002c28ef..1a61967a7 100644 --- a/system/libraries/Encryption.php +++ b/system/libraries/Encryption.php @@ -897,10 +897,13 @@ class CI_Encryption { * @param int $length * @return string */ - protected static function substr($str, $start, $length = null) + protected static function substr($str, $start, $length = NULL) { if (self::$func_override) { + // mb_substr($str, $start, null, '8bit') returns an empty + // string on PHP 5.3 + isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start); return mb_substr($str, $start, $length, '8bit'); } -- cgit v1.2.3-24-g4f1b From 2761ff49f406d43c749ea87f7d5ebd4e2b7c3197 Mon Sep 17 00:00:00 2001 From: Kyle Valade Date: Sun, 13 Jul 2014 16:11:19 -0700 Subject: Add changelog entry for CSRF status code; remove line at EOF --- system/core/Security.php | 2 +- user_guide_src/source/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/system/core/Security.php b/system/core/Security.php index f1802f0c4..68e345c54 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -934,4 +934,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ +/* Location: ./system/core/Security.php */ \ No newline at end of file diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 089524659..ec38a3ea9 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -506,6 +506,7 @@ Release Date: Not Released - Added ``$config['csrf_regeneration']``, which makes token regeneration optional. - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run. - Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list. + - Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request. - :doc:`Language Library ` changes include: -- cgit v1.2.3-24-g4f1b From a3f13b74fe88a899c476efd0d275cabaaac24ff2 Mon Sep 17 00:00:00 2001 From: Mian Saleem Date: Thu, 31 Jul 2014 18:16:20 +0800 Subject: anchor popup attribute missing Please add the menubar attribute to anchor popup --- system/helpers/url_helper.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 4493d5b97..f5a880c9b 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -213,7 +213,7 @@ if ( ! function_exists('anchor_popup')) $window_name = '_blank'; } - foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val) + foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'menubar' => 'yes', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val) { $atts[$key] = isset($attributes[$key]) ? $attributes[$key] : $val; unset($attributes[$key]); @@ -558,4 +558,4 @@ if ( ! function_exists('redirect')) } /* End of file url_helper.php */ -/* Location: ./system/helpers/url_helper.php */ \ No newline at end of file +/* Location: ./system/helpers/url_helper.php */ -- cgit v1.2.3-24-g4f1b From 5f0799aa859914cb6ed4428f023b8f46406218c3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 31 Jul 2014 13:32:41 +0300 Subject: Fix #3161 --- system/libraries/Cache/drivers/Cache_file.php | 12 ++++++++++-- system/libraries/Cache/drivers/Cache_redis.php | 8 ++------ user_guide_src/source/changelog.rst | 1 + 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php index c6aa848fe..aa2e8fa38 100644 --- a/system/libraries/Cache/drivers/Cache_file.php +++ b/system/libraries/Cache/drivers/Cache_file.php @@ -125,7 +125,11 @@ class CI_Cache_file extends CI_Driver { { $data = $this->_get($id); - if ($data === FALSE OR ! is_int($data['data'])) + if ($data === FALSE) + { + $data = array('data' => 0, 'ttl' => 60); + } + elseif ( ! is_int($data['data'])) { return FALSE; } @@ -149,7 +153,11 @@ class CI_Cache_file extends CI_Driver { { $data = $this->_get($id); - if ($data === FALSE OR ! is_int($data['data'])) + if ($data === FALSE) + { + $data = array('data' => 0, 'ttl' => 60); + } + elseif ( ! is_int($data['data'])) { return FALSE; } diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 1c76426c5..7a2b70382 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -113,9 +113,7 @@ class CI_Cache_redis extends CI_Driver */ public function increment($id, $offset = 1) { - return $this->_redis->exists($id) - ? $this->_redis->incr($id, $offset) - : FALSE; + return $this->_redis->incr($id, $offset); } // ------------------------------------------------------------------------ @@ -129,9 +127,7 @@ class CI_Cache_redis extends CI_Driver */ public function decrement($id, $offset = 1) { - return $this->_redis->exists($id) - ? $this->_redis->decr($id, $offset) - : FALSE; + return $this->_redis->decr($id, $offset); } // ------------------------------------------------------------------------ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index d2bb195b6..a1fe4d572 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -738,6 +738,7 @@ Bug fixes for 3.0 - Partially fixed a bug (#261) - UTF-8 class method ``clean_string()`` generating log messages and/or not producing the desired result due to an upstream bug in iconv. - Fixed a bug where ``CI_Xmlrpcs::parseRequest()`` could fail if ``$HTTP_RAW_POST_DATA`` is not populated. - Fixed a bug in :doc:`Zip Library ` internal method ``_get_mod_time()`` where it was not parsing result returned by ``filemtime()``. +- Fixed a bug (#3161) - :doc:`Cache Library ` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage. Version 2.2.0 ============= -- cgit v1.2.3-24-g4f1b From 25df7a98f013f6d2a49ad09eb754c606a4bc010f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 31 Jul 2014 13:42:07 +0300 Subject: Fix #3160 --- system/libraries/Cache/drivers/Cache_memcached.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php index bed606afb..55b769424 100644 --- a/system/libraries/Cache/drivers/Cache_memcached.php +++ b/system/libraries/Cache/drivers/Cache_memcached.php @@ -49,7 +49,7 @@ class CI_Cache_memcached extends CI_Driver { * * @var array */ - protected $_memcache_conf = array( + protected $_memcache_conf = array( 'default' => array( 'host' => '127.0.0.1', 'port' => 11211, @@ -202,12 +202,12 @@ class CI_Cache_memcached extends CI_Driver { { // Try to load memcached server info from the config file. $CI =& get_instance(); + $defaults = $this->_memcache_conf['default']; if ($CI->config->load('memcached', TRUE, TRUE)) { if (is_array($CI->config->config['memcached'])) { - $defaults = $this->_memcache_conf['default']; $this->_memcache_conf = array(); foreach ($CI->config->config['memcached'] as $name => $conf) -- cgit v1.2.3-24-g4f1b From fc88a5f319d4c32f3ce9429293549e6c90a68440 Mon Sep 17 00:00:00 2001 From: Mian Saleem Date: Thu, 31 Jul 2014 22:08:07 +0800 Subject: Update url_helper.php --- system/helpers/url_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index f5a880c9b..04aacede5 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -213,7 +213,7 @@ if ( ! function_exists('anchor_popup')) $window_name = '_blank'; } - foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'menubar' => 'yes', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val) + foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'menubar' => 'no', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val) { $atts[$key] = isset($attributes[$key]) ? $attributes[$key] : $val; unset($attributes[$key]); -- cgit v1.2.3-24-g4f1b From ec70152e37aeaee25b37d84e663ab52ad874ca42 Mon Sep 17 00:00:00 2001 From: Mian Saleem Date: Thu, 31 Jul 2014 22:40:25 +0800 Subject: Support for menubar attribute to the :func:`anchor_popup()` Now the menubar can be set to yes with anchor_popup() by adding new attribute array element 'menubar' => 'yes' The list of all available attribute for anchor_popup() function will be $atts = array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'menubar' => 'no', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0'); --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index d2bb195b6..0f56cc193 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -80,6 +80,7 @@ Release Date: Not Released - :func:`url_title()` will now trim extra dashes from beginning and end. - :func:`anchor_popup()` will now fill the *href* attribute with the URL and its JS code will return FALSE instead. - Added JS window name support to the :func:`anchor_popup()` function. + - Added support for menubar attribute to the :func:`anchor_popup()`. - Added support (auto-detection) for HTTP/1.1 response codes 303, 307 in :func:`redirect()`. - Changed :func:`redirect()` to choose the **refresh** method only on IIS servers, instead of all servers on Windows (when **auto** is used). - Changed :func:`anchor()`, :func:`anchor_popup()`, and :func:`redirect()` to support protocol-relative URLs (e.g. *//ellislab.com/codeigniter*). -- cgit v1.2.3-24-g4f1b -- cgit v1.2.3-24-g4f1b -- cgit v1.2.3-24-g4f1b From dc5fe5a179e41792a7fd4f2019e38bb13cddc675 Mon Sep 17 00:00:00 2001 From: Mian Saleem Date: Thu, 31 Jul 2014 23:30:24 +0800 Subject: Last empty line remove --- system/helpers/url_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index 04aacede5..0846472e7 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -558,4 +558,4 @@ if ( ! function_exists('redirect')) } /* End of file url_helper.php */ -/* Location: ./system/helpers/url_helper.php */ +/* Location: ./system/helpers/url_helper.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 8382157530c57be540492aff686a060b5bff03d8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 1 Aug 2014 12:08:56 +0300 Subject: Make CI_Pagination properties per_page, cur_page public Useful if you want to make calculations based on them. --- system/libraries/Pagination.php | 76 ++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php index 3c8baac36..b7df06292 100644 --- a/system/libraries/Pagination.php +++ b/system/libraries/Pagination.php @@ -51,45 +51,45 @@ class CI_Pagination { * * @var string */ - protected $prefix = ''; + protected $prefix = ''; /** * Suffix * * @var string */ - protected $suffix = ''; + protected $suffix = ''; /** * Total number of items * * @var int */ - protected $total_rows = 0; + protected $total_rows = 0; /** - * Items per page + * Number of links to show + * + * Relates to "digit" type links shown before/after + * the currently viewed page. * * @var int */ - protected $per_page = 10; + protected $num_links = 2; /** - * Number of links to show - * - * Relates to "digit" type links shown before/after - * the currently viewed page. + * Items per page * * @var int */ - protected $num_links = 2; + public $per_page = 10; /** * Current page * * @var int */ - protected $cur_page = 0; + public $cur_page = 0; /** * Use page numbers flag @@ -98,84 +98,84 @@ class CI_Pagination { * * @var bool */ - protected $use_page_numbers = FALSE; + protected $use_page_numbers = FALSE; /** * First link * * @var string */ - protected $first_link = '‹ First'; + protected $first_link = '‹ First'; /** * Next link * * @var string */ - protected $next_link = '>'; + protected $next_link = '>'; /** * Previous link * * @var string */ - protected $prev_link = '<'; + protected $prev_link = '<'; /** * Last link * * @var string */ - protected $last_link = 'Last ›'; + protected $last_link = 'Last ›'; /** * URI Segment * * @var int */ - protected $uri_segment = 0; + protected $uri_segment = 0; /** * Full tag open * * @var string */ - protected $full_tag_open = ''; + protected $full_tag_open = ''; /** * Full tag close * * @var string */ - protected $full_tag_close = ''; + protected $full_tag_close = ''; /** * First tag open * * @var string */ - protected $first_tag_open = ''; + protected $first_tag_open = ''; /** * First tag close * * @var string */ - protected $first_tag_close = ''; + protected $first_tag_close = ''; /** * Last tag open * * @var string */ - protected $last_tag_open = ''; + protected $last_tag_open = ''; /** * Last tag close * * @var string */ - protected $last_tag_close = ''; + protected $last_tag_close = ''; /** * First URL @@ -184,70 +184,70 @@ class CI_Pagination { * * @var string */ - protected $first_url = ''; + protected $first_url = ''; /** * Current tag open * * @var string */ - protected $cur_tag_open = ''; + protected $cur_tag_open = ''; /** * Current tag close * * @var string */ - protected $cur_tag_close = ''; + protected $cur_tag_close = ''; /** * Next tag open * * @var string */ - protected $next_tag_open = ''; + protected $next_tag_open = ''; /** * Next tag close * * @var string */ - protected $next_tag_close = ''; + protected $next_tag_close = ''; /** * Previous tag open * * @var string */ - protected $prev_tag_open = ''; + protected $prev_tag_open = ''; /** * Previous tag close * * @var string */ - protected $prev_tag_close = ''; + protected $prev_tag_close = ''; /** * Number tag open * * @var string */ - protected $num_tag_open = ''; + protected $num_tag_open = ''; /** * Number tag close * * @var string */ - protected $num_tag_close = ''; + protected $num_tag_close = ''; /** * Page query string flag * * @var bool */ - protected $page_query_string = FALSE; + protected $page_query_string = FALSE; /** * Query string segment @@ -261,14 +261,14 @@ class CI_Pagination { * * @var bool */ - protected $display_pages = TRUE; + protected $display_pages = TRUE; /** * Attributes * * @var string */ - protected $_attributes = ''; + protected $_attributes = ''; /** * Link types @@ -278,21 +278,21 @@ class CI_Pagination { * @see CI_Pagination::_attr_rel() * @var array */ - protected $_link_types = array(); + protected $_link_types = array(); /** * Reuse query string flag * * @var bool */ - protected $reuse_query_string = FALSE; + protected $reuse_query_string = FALSE; /** * Data page attribute * * @var string */ - protected $data_page_attr = 'data-ci-pagination-page'; + protected $data_page_attr = 'data-ci-pagination-page'; /** * CI Singleton -- cgit v1.2.3-24-g4f1b From 9b8286cf0320c8d8864ce4a5fc892c06787a9762 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 5 Aug 2014 11:46:57 +0300 Subject: Fix #3123 --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Security.php b/system/core/Security.php index 68e345c54..741ff229b 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -370,7 +370,7 @@ class CI_Security { * We only convert entities that are within tags since * these are the ones that will pose security problems. */ - $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); + $str = preg_replace_callback("/[^a-z0-9>]+[a-z0-9]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str); // Remove Invisible Characters Again! -- cgit v1.2.3-24-g4f1b From a8027ffc90ef80819fba01209fa57f810e2104af Mon Sep 17 00:00:00 2001 From: Joseba Juániz Date: Wed, 6 Aug 2014 20:03:25 +0200 Subject: Change name didn't work if reset initialization it's true If user initializes the upload library with the reset flag as true, the uploaded file doesn't change it's name, it's neccesary to initialize or change the $_file_name_override every time. --- system/libraries/Upload.php | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 75fc0624f..7946111cc 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -327,23 +327,26 @@ class CI_Upload { $this->$key = $defaults[$key]; } } - - return $this; + } - - foreach ($config as $key => &$value) + else { - if ($key[0] !== '_' && $reflection->hasProperty($key)) + + foreach ($config as $key => &$value) { - if ($reflection->hasMethod('set_'.$key)) - { - $this->{'set_'.$key}($value); - } - else + if ($key[0] !== '_' && $reflection->hasProperty($key)) { - $this->$key = $value; + if ($reflection->hasMethod('set_'.$key)) + { + $this->{'set_'.$key}($value); + } + else + { + $this->$key = $value; + } } } + } // if a file_name was provided in the config, use it instead of the user input -- cgit v1.2.3-24-g4f1b From 6854f87c384b2bcf549b9040413052ed67c3038b Mon Sep 17 00:00:00 2001 From: ET-NiK Date: Fri, 8 Aug 2014 18:43:02 +0400 Subject: Using ImagePNG in CAPTCHA helper Using ImagePNG function, if ImageJPG not exists --- system/helpers/captcha_helper.php | 18 ++++++++++++++++-- user_guide_src/source/changelog.rst | 1 + 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 74ab24ffb..36a53749f 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -216,8 +216,22 @@ if ( ! function_exists('create_captcha')) // Generate the image // ----------------------------------- $img_url = rtrim($img_url, '/').'/'; - $img_filename = $now.'.jpg'; - ImageJPEG($im, $img_path.$img_filename); + + if (function_exists('ImageJPEG')) + { + $img_filename = $now.'.jpg'; + ImageJPEG($im, $img_path.$img_filename); + } + elseif (function_exists('ImagePNG')) + { + $img_filename = $now.'.png'; + ImagePNG($im, $img_path.$img_filename); + } + else + { + return FALSE; + } + $img = ' '; ImageDestroy($im); diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 3215ae226..c37215d2d 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -137,6 +137,7 @@ Release Date: Not Released - Added *word_length* and *pool* options to allow customization of the generated word. - Added *colors* configuration to allow customization for the *background*, *border*, *text* and *grid* colors. - Added *filename* to the returned array elements. + - Using ImagePNG function, if ImageJPEG not exists. - :doc:`Text Helper ` changes include: -- cgit v1.2.3-24-g4f1b From 09546edca0645af6002caa00a2f9b7eaaae38f17 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Aug 2014 00:11:36 +0300 Subject: Polish changes following PR #3173 --- system/helpers/captcha_helper.php | 8 ++++---- user_guide_src/source/changelog.rst | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php index 36a53749f..f4ed6168f 100644 --- a/system/helpers/captcha_helper.php +++ b/system/helpers/captcha_helper.php @@ -217,15 +217,15 @@ if ( ! function_exists('create_captcha')) // ----------------------------------- $img_url = rtrim($img_url, '/').'/'; - if (function_exists('ImageJPEG')) + if (function_exists('imagejpeg')) { $img_filename = $now.'.jpg'; - ImageJPEG($im, $img_path.$img_filename); + imagejpeg($im, $img_path.$img_filename); } - elseif (function_exists('ImagePNG')) + elseif (function_exists('imagepng')) { $img_filename = $now.'.png'; - ImagePNG($im, $img_path.$img_filename); + imagepng($im, $img_path.$img_filename); } else { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index c37215d2d..2ed2275ac 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -137,7 +137,7 @@ Release Date: Not Released - Added *word_length* and *pool* options to allow customization of the generated word. - Added *colors* configuration to allow customization for the *background*, *border*, *text* and *grid* colors. - Added *filename* to the returned array elements. - - Using ImagePNG function, if ImageJPEG not exists. + - Updated to use `imagepng()` in case that `imagejpeg()` isn't available. - :doc:`Text Helper ` changes include: -- cgit v1.2.3-24-g4f1b From 2f4c3bc5c2fac164d1c58ac9aaa09ae070687443 Mon Sep 17 00:00:00 2001 From: Casey Hancock Date: Mon, 11 Aug 2014 12:52:20 -0400 Subject: CSRF whitelist supports regex Signed-off-by: Casey Hancock --- system/core/Security.php | 11 +++++++---- user_guide_src/source/changelog.rst | 2 +- user_guide_src/source/libraries/security.rst | 6 ++++++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index 741ff229b..a6fd75fa4 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -203,10 +203,13 @@ class CI_Security { if ($exclude_uris = config_item('csrf_exclude_uris')) { $uri = load_class('URI', 'core'); - if (in_array($uri->uri_string(), $exclude_uris)) - { - return $this; - } + foreach ($exclude_uris as $excluded) { + $excluded = str_replace(array(':any', ':num'), array('[^/]+', '[0-9]+'), $excluded); + if (preg_match('#^'.$excluded.'$#', $uri->uri_string())) + { + return $this; + } + } } // Do the tokens exist in both the _POST and _COOKIE arrays? diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 2ed2275ac..2d523e932 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -507,7 +507,7 @@ Release Date: Not Released - Added method ``strip_image_tags()``. - Added ``$config['csrf_regeneration']``, which makes token regeneration optional. - - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run. + - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run. Optionally allows regex. - Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list. - Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request. diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index fb875a0d9..566924398 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -97,6 +97,12 @@ by editing the 'csrf_exclude_uris' config parameter:: $config['csrf_exclude_uris'] = array('api/person/add'); +Optionally, you can use regular expressions as well as the ':any' and ':num' +wildcards in the URIs:: + + $config['csrf_exclude_uris'] = array('api/record/:num','api/title/[a-zA-Z]+'); + + *************** Class Reference *************** -- cgit v1.2.3-24-g4f1b From 927e508f9bb73eb4b1e3fe763d2f3b722d5e8a30 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Thu, 14 Aug 2014 04:07:39 +0300 Subject: Cache_redis: Adding serialization support. --- system/libraries/Cache/drivers/Cache_redis.php | 59 +++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 7a2b70382..33a28de71 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -37,6 +37,11 @@ defined('BASEPATH') OR exit('No direct script access allowed'); */ class CI_Cache_redis extends CI_Driver { + /** + * The name of the Redis set that is to store keys of serialized values. + */ + const KEY_SET_FOR_SERIALIZATION = '_ci_redis_serialization_set'; + /** * Default config * @@ -58,6 +63,13 @@ class CI_Cache_redis extends CI_Driver */ protected $_redis; + /** + * An internal cache for storing keys of serialized values. + * + * @var array + */ + protected $_serialized; + // ------------------------------------------------------------------------ /** @@ -68,7 +80,14 @@ class CI_Cache_redis extends CI_Driver */ public function get($key) { - return $this->_redis->get($key); + $value = $this->_redis->get($key); + + if ($value !== FALSE AND in_array($key, $this->_serialized)) + { + return unserialize($value); + } + + return $value; } // ------------------------------------------------------------------------ @@ -84,6 +103,27 @@ class CI_Cache_redis extends CI_Driver */ public function save($id, $data, $ttl = 60, $raw = FALSE) { + if (is_array($data) OR is_object($data)) + { + $data = serialize($data); + + if (($index_key = array_search($id, $this->_serialized)) === FALSE) + { + $this->_serialized[] = $id; + } + + $this->_redis->sAdd(self::KEY_SET_FOR_SERIALIZATION, $id); + } + else + { + if (($index_key = array_search($id, $this->_serialized)) !== FALSE) + { + unset($this->_serialized[$index_key]); + } + + $this->_redis->sRemove(self::KEY_SET_FOR_SERIALIZATION, $id); + } + return ($ttl) ? $this->_redis->setex($id, $ttl, $data) : $this->_redis->set($id, $data); @@ -99,6 +139,13 @@ class CI_Cache_redis extends CI_Driver */ public function delete($key) { + if (($index_key = array_search($key, $this->_serialized)) !== FALSE) + { + unset($this->_serialized[$index_key]); + } + + $this->_redis->sRemove(self::KEY_SET_FOR_SERIALIZATION, $key); + return ($this->_redis->delete($key) === 1); } @@ -255,13 +302,21 @@ class CI_Cache_redis extends CI_Driver $this->_redis->auth($config['password']); } + // Initialize the index of selialized values. + $this->_serialized = $this->_redis->sMembers(self::KEY_SET_FOR_SERIALIZATION); + + if (empty($this->_serialized)) + { + // On error FALSE is returned, ensure array type for empty index. + $this->_serialized = array(); + } + return TRUE; } // ------------------------------------------------------------------------ /** - * Class destructor * * Closes the connection to Redis if present. -- cgit v1.2.3-24-g4f1b From 43090cc12659eb523b53cb773b7f0d77d95dc7f4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 14 Aug 2014 12:22:07 +0300 Subject: Skip CI_Encrypt tests if MCrypt is not available Rel: #3185 --- tests/codeigniter/libraries/Encrypt_test.php | 34 +++++++--------------------- 1 file changed, 8 insertions(+), 26 deletions(-) diff --git a/tests/codeigniter/libraries/Encrypt_test.php b/tests/codeigniter/libraries/Encrypt_test.php index a08db8ed0..ced763301 100644 --- a/tests/codeigniter/libraries/Encrypt_test.php +++ b/tests/codeigniter/libraries/Encrypt_test.php @@ -1,15 +1,21 @@ encrypt = new Mock_Libraries_Encrypt(); $this->ci_instance_var('encrypt', $this->encrypt); $this->ci_set_config('encryption_key', "Encryptin'glike@boss!"); $this->msg = 'My secret message'; - $this->mcrypt = extension_loaded('mcrypt'); } // -------------------------------------------------------------------- @@ -40,12 +46,6 @@ class Encrypt_test extends CI_TestCase { public function test_default_cipher() { - if ( ! $this->mcrypt) - { - $this->markTestSkipped('MCrypt not available'); - return; - } - $this->assertEquals('rijndael-256', $this->encrypt->get_cipher()); } @@ -53,12 +53,6 @@ class Encrypt_test extends CI_TestCase { public function test_set_cipher() { - if ( ! $this->mcrypt) - { - $this->markTestSkipped('MCrypt not available'); - return; - } - $this->encrypt->set_cipher(MCRYPT_BLOWFISH); $this->assertEquals('blowfish', $this->encrypt->get_cipher()); } @@ -67,12 +61,6 @@ class Encrypt_test extends CI_TestCase { public function test_default_mode() { - if ( ! $this->mcrypt) - { - $this->markTestSkipped('MCrypt not available'); - return; - } - $this->assertEquals('cbc', $this->encrypt->get_mode()); } @@ -80,12 +68,6 @@ class Encrypt_test extends CI_TestCase { public function test_set_mode() { - if ( ! $this->mcrypt) - { - $this->markTestSkipped('MCrypt not available'); - return; - } - $this->encrypt->set_mode(MCRYPT_MODE_CFB); $this->assertEquals('cfb', $this->encrypt->get_mode()); } -- cgit v1.2.3-24-g4f1b From 22ce276f4f696d69c11ee1d7c8b8acee67a97b09 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 15 Aug 2014 11:59:16 +0300 Subject: Fix #3187 --- system/database/DB_forge.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php index 111546ecc..2dd243cae 100644 --- a/system/database/DB_forge.php +++ b/system/database/DB_forge.php @@ -929,7 +929,7 @@ abstract class CI_DB_forge { $field['default'] = empty($this->_null) ? '' : $this->_default.$this->_null; // Override the NULL attribute if that's our default - $attributes['NULL'] = NULL; + $attributes['NULL'] = TRUE; $field['null'] = empty($this->_null) ? '' : ' '.$this->_null; } else -- cgit v1.2.3-24-g4f1b From e838c836fbe5ff5859e7a4450032572af31323e6 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 09:56:05 +0300 Subject: Cache_redis: AND -> && correction, srrict in_array() check. --- system/libraries/Cache/drivers/Cache_redis.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 33a28de71..68d96334f 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -82,7 +82,7 @@ class CI_Cache_redis extends CI_Driver { $value = $this->_redis->get($key); - if ($value !== FALSE AND in_array($key, $this->_serialized)) + if ($value !== FALSE && in_array($key, $this->_serialized, TRUE)) { return unserialize($value); } -- cgit v1.2.3-24-g4f1b From c773a484301ba147b6e849114097152518b9d4ee Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 10:02:49 +0300 Subject: Cache_redis: Strinct array_search() for now. --- system/libraries/Cache/drivers/Cache_redis.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 68d96334f..c0200aab7 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -107,7 +107,7 @@ class CI_Cache_redis extends CI_Driver { $data = serialize($data); - if (($index_key = array_search($id, $this->_serialized)) === FALSE) + if (($index_key = array_search($id, $this->_serialized, TRUE)) === FALSE) { $this->_serialized[] = $id; } @@ -116,7 +116,7 @@ class CI_Cache_redis extends CI_Driver } else { - if (($index_key = array_search($id, $this->_serialized)) !== FALSE) + if (($index_key = array_search($id, $this->_serialized, TRUE)) !== FALSE) { unset($this->_serialized[$index_key]); } @@ -139,7 +139,7 @@ class CI_Cache_redis extends CI_Driver */ public function delete($key) { - if (($index_key = array_search($key, $this->_serialized)) !== FALSE) + if (($index_key = array_search($key, $this->_serialized, TRUE)) !== FALSE) { unset($this->_serialized[$index_key]); } -- cgit v1.2.3-24-g4f1b From 58531403e7b2a49ba7d723e8792e8656b5172d83 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 10:19:27 +0300 Subject: Cache_redis, delete() method: Removing code for updating the internal cache, it is useless. --- system/libraries/Cache/drivers/Cache_redis.php | 7 ------- 1 file changed, 7 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index c0200aab7..9fbdc6593 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -139,13 +139,6 @@ class CI_Cache_redis extends CI_Driver */ public function delete($key) { - if (($index_key = array_search($key, $this->_serialized, TRUE)) !== FALSE) - { - unset($this->_serialized[$index_key]); - } - - $this->_redis->sRemove(self::KEY_SET_FOR_SERIALIZATION, $key); - return ($this->_redis->delete($key) === 1); } -- cgit v1.2.3-24-g4f1b From 7c835578642341a01958961eaa5e36e74ea92deb Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 10:37:29 +0300 Subject: Cache_redis, Hardcoded name for the auxilary Redis set - '_ci_redis_serialized'. --- system/libraries/Cache/drivers/Cache_redis.php | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 9fbdc6593..21ef9919d 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -37,11 +37,6 @@ defined('BASEPATH') OR exit('No direct script access allowed'); */ class CI_Cache_redis extends CI_Driver { - /** - * The name of the Redis set that is to store keys of serialized values. - */ - const KEY_SET_FOR_SERIALIZATION = '_ci_redis_serialization_set'; - /** * Default config * @@ -112,7 +107,7 @@ class CI_Cache_redis extends CI_Driver $this->_serialized[] = $id; } - $this->_redis->sAdd(self::KEY_SET_FOR_SERIALIZATION, $id); + $this->_redis->sAdd('_ci_redis_serialized', $id); } else { @@ -121,7 +116,7 @@ class CI_Cache_redis extends CI_Driver unset($this->_serialized[$index_key]); } - $this->_redis->sRemove(self::KEY_SET_FOR_SERIALIZATION, $id); + $this->_redis->sRemove('_ci_redis_serialized', $id); } return ($ttl) @@ -296,7 +291,7 @@ class CI_Cache_redis extends CI_Driver } // Initialize the index of selialized values. - $this->_serialized = $this->_redis->sMembers(self::KEY_SET_FOR_SERIALIZATION); + $this->_serialized = $this->_redis->sMembers('_ci_redis_serialized'); if (empty($this->_serialized)) { -- cgit v1.2.3-24-g4f1b From bc417613f3ea8910a48fc0788a1f9c6d05577aa5 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 11:11:39 +0300 Subject: Cache_redis, delete() method: Bringing back a line of code. --- system/libraries/Cache/drivers/Cache_redis.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 21ef9919d..20378785a 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -134,6 +134,9 @@ class CI_Cache_redis extends CI_Driver */ public function delete($key) { + // This is for not leaving garbage keys within the Redis auxilary set. + $this->_redis->sRemove('_ci_redis_serialized', $key); + return ($this->_redis->delete($key) === 1); } -- cgit v1.2.3-24-g4f1b From d514d5c436e599942f9cb00475f0543e705c9a0f Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 12:04:27 +0300 Subject: Cache_redis, delete() method: Try to remove a key from Redis auxilary set only when the corresponding value is really deleted. --- system/libraries/Cache/drivers/Cache_redis.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 20378785a..b5387c064 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -134,10 +134,13 @@ class CI_Cache_redis extends CI_Driver */ public function delete($key) { - // This is for not leaving garbage keys within the Redis auxilary set. - $this->_redis->sRemove('_ci_redis_serialized', $key); + if ($result = ($this->_redis->delete($key) === 1)) + { + // This is for not leaving garbage keys within the Redis auxilary set. + $this->_redis->sRemove('_ci_redis_serialized', $key); + } - return ($this->_redis->delete($key) === 1); + return $result; } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From 5ac7c77ee60b108fb9dee84b5fc0acf04638c6f5 Mon Sep 17 00:00:00 2001 From: caseyh Date: Mon, 18 Aug 2014 05:10:24 -0400 Subject: Alter Pull #3176 to follow discussion --- system/core/Security.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index a6fd75fa4..39e4f7c24 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -203,9 +203,9 @@ class CI_Security { if ($exclude_uris = config_item('csrf_exclude_uris')) { $uri = load_class('URI', 'core'); - foreach ($exclude_uris as $excluded) { - $excluded = str_replace(array(':any', ':num'), array('[^/]+', '[0-9]+'), $excluded); - if (preg_match('#^'.$excluded.'$#', $uri->uri_string())) + foreach ($exclude_uris as $excluded) + { + if (preg_match('#^'.$excluded.'$#i'.(UTF8_ENABLED ? 'u' : ''), $uri->uri_string())) { return $this; } @@ -937,4 +937,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ \ No newline at end of file +/* Location: ./system/core/Security.php */ -- cgit v1.2.3-24-g4f1b From 8ef828129c559705447dd66a597071de5ae564a9 Mon Sep 17 00:00:00 2001 From: caseyh Date: Mon, 18 Aug 2014 05:13:11 -0400 Subject: Alter Pull #3176 - CSRF Whitelist --- user_guide_src/source/libraries/security.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 566924398..19480b4f8 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -97,10 +97,9 @@ by editing the 'csrf_exclude_uris' config parameter:: $config['csrf_exclude_uris'] = array('api/person/add'); -Optionally, you can use regular expressions as well as the ':any' and ':num' -wildcards in the URIs:: +Optionally, you can use regular expressions in the URIs:: - $config['csrf_exclude_uris'] = array('api/record/:num','api/title/[a-zA-Z]+'); + $config['csrf_exclude_uris'] = array('api/record/[0-9]+','api/title/[a-zA-Z]+'); *************** @@ -162,4 +161,4 @@ Class Reference This method acts a lot like PHP's own native ``html_entity_decode()`` function in ENT_COMPAT mode, only it tries to detect HTML entities that don't end in a semicolon because some browsers allow that. - If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used. \ No newline at end of file + If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used. -- cgit v1.2.3-24-g4f1b From 6c52096f4f9147244e9631b8040088025ae6e79d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 18 Aug 2014 12:24:42 +0300 Subject: [ci skip] Polish changes from PR #3176 --- system/core/Security.php | 12 ++++++------ user_guide_src/source/changelog.rst | 4 ++-- user_guide_src/source/libraries/security.rst | 10 ++++++---- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index 39e4f7c24..bb0670500 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -205,11 +205,11 @@ class CI_Security { $uri = load_class('URI', 'core'); foreach ($exclude_uris as $excluded) { - if (preg_match('#^'.$excluded.'$#i'.(UTF8_ENABLED ? 'u' : ''), $uri->uri_string())) - { - return $this; - } - } + if (preg_match('#^'.$excluded.'$#i'.(UTF8_ENABLED ? 'u' : ''), $uri->uri_string())) + { + return $this; + } + } } // Do the tokens exist in both the _POST and _COOKIE arrays? @@ -937,4 +937,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ +/* Location: ./system/core/Security.php */ \ No newline at end of file diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 2d523e932..c4360aae4 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -506,8 +506,8 @@ Release Date: Not Released - :doc:`Security Library ` changes include: - Added method ``strip_image_tags()``. - - Added ``$config['csrf_regeneration']``, which makes token regeneration optional. - - Added ``$config['csrf_exclude_uris']``, which allows you list URIs which will not have the CSRF validation methods run. Optionally allows regex. + - Added ``$config['csrf_regeneration']``, which makes CSRF token regeneration optional. + - Added ``$config['csrf_exclude_uris']``, allowing for exclusion of URIs from the CSRF protection (regular expressions are supported). - Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list. - Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request. diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index 19480b4f8..c8d69d16f 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -97,10 +97,12 @@ by editing the 'csrf_exclude_uris' config parameter:: $config['csrf_exclude_uris'] = array('api/person/add'); -Optionally, you can use regular expressions in the URIs:: +Regular expressions are also supported (case-insensitive):: - $config['csrf_exclude_uris'] = array('api/record/[0-9]+','api/title/[a-zA-Z]+'); - + $config['csrf_exclude_uris'] = array( + 'api/record/[0-9]+', + 'api/title/[a-z]+' + ); *************** Class Reference @@ -161,4 +163,4 @@ Class Reference This method acts a lot like PHP's own native ``html_entity_decode()`` function in ENT_COMPAT mode, only it tries to detect HTML entities that don't end in a semicolon because some browsers allow that. - If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used. + If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used. \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 52b32530a8503d7da29c24ff72701b6eef28742d Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 12:30:04 +0300 Subject: Cache_redis, save() method: An optimization, moving sRemove call. --- system/libraries/Cache/drivers/Cache_redis.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index b5387c064..26de61db8 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -114,9 +114,8 @@ class CI_Cache_redis extends CI_Driver if (($index_key = array_search($id, $this->_serialized, TRUE)) !== FALSE) { unset($this->_serialized[$index_key]); + $this->_redis->sRemove('_ci_redis_serialized', $id); } - - $this->_redis->sRemove('_ci_redis_serialized', $id); } return ($ttl) -- cgit v1.2.3-24-g4f1b From ff4d114346a9c09df6d877e7d683155e5868d9e0 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 12:40:26 +0300 Subject: Cache_redis: Refactoring if delete() method. --- system/libraries/Cache/drivers/Cache_redis.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 26de61db8..c1f593d27 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -133,13 +133,13 @@ class CI_Cache_redis extends CI_Driver */ public function delete($key) { - if ($result = ($this->_redis->delete($key) === 1)) + if ($this->_redis->delete($key) === 1 && array_search($key, $this->_serialized, TRUE) !== FALSE) { - // This is for not leaving garbage keys within the Redis auxilary set. $this->_redis->sRemove('_ci_redis_serialized', $key); + return TRUE; } - return $result; + return FALSE; } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From d245f0610cb8dc0f559866a85286b39c35d5d910 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 13:52:44 +0300 Subject: Cache_redis: Polishing. --- system/libraries/Cache/drivers/Cache_redis.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index c1f593d27..9cb789eb0 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -109,13 +109,10 @@ class CI_Cache_redis extends CI_Driver $this->_redis->sAdd('_ci_redis_serialized', $id); } - else + elseif (($index_key = array_search($id, $this->_serialized, TRUE)) !== FALSE) { - if (($index_key = array_search($id, $this->_serialized, TRUE)) !== FALSE) - { - unset($this->_serialized[$index_key]); - $this->_redis->sRemove('_ci_redis_serialized', $id); - } + unset($this->_serialized[$index_key]); + $this->_redis->sRemove('_ci_redis_serialized', $id); } return ($ttl) @@ -295,7 +292,7 @@ class CI_Cache_redis extends CI_Driver $this->_redis->auth($config['password']); } - // Initialize the index of selialized values. + // Initialize the index of serialized values. $this->_serialized = $this->_redis->sMembers('_ci_redis_serialized'); if (empty($this->_serialized)) -- cgit v1.2.3-24-g4f1b From 73f930214780f975c1afe929dd287e219b291830 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 14:41:49 +0300 Subject: Cache_redis: Optimizations. --- system/libraries/Cache/drivers/Cache_redis.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 9cb789eb0..4a8ad5d67 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -102,7 +102,7 @@ class CI_Cache_redis extends CI_Driver { $data = serialize($data); - if (($index_key = array_search($id, $this->_serialized, TRUE)) === FALSE) + if (! in_array($id, $this->_serialized, TRUE)) { $this->_serialized[] = $id; } @@ -130,7 +130,7 @@ class CI_Cache_redis extends CI_Driver */ public function delete($key) { - if ($this->_redis->delete($key) === 1 && array_search($key, $this->_serialized, TRUE) !== FALSE) + if ($this->_redis->delete($key) === 1 && in_array($key, $this->_serialized, TRUE)) { $this->_redis->sRemove('_ci_redis_serialized', $key); return TRUE; -- cgit v1.2.3-24-g4f1b From 2dcdd060fe8b4abdbb77d0535b9fc9ebf9f9f311 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 18 Aug 2014 15:01:58 +0300 Subject: Cache_redis: A code-styling correction.. --- system/libraries/Cache/drivers/Cache_redis.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index 4a8ad5d67..b8f3f5d9a 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -102,7 +102,7 @@ class CI_Cache_redis extends CI_Driver { $data = serialize($data); - if (! in_array($id, $this->_serialized, TRUE)) + if ( ! in_array($id, $this->_serialized, TRUE)) { $this->_serialized[] = $id; } -- cgit v1.2.3-24-g4f1b From 2492b500c1b0f20569b34a0848e977f8a722a86b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 18 Aug 2014 16:20:05 +0300 Subject: Optimize Redis serialized values support Rel: PR #3186 --- system/libraries/Cache/drivers/Cache_redis.php | 36 ++++++++++++++------------ 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index b8f3f5d9a..ab4fd0da9 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -63,7 +63,7 @@ class CI_Cache_redis extends CI_Driver * * @var array */ - protected $_serialized; + protected $_serialized = array(); // ------------------------------------------------------------------------ @@ -77,7 +77,7 @@ class CI_Cache_redis extends CI_Driver { $value = $this->_redis->get($key); - if ($value !== FALSE && in_array($key, $this->_serialized, TRUE)) + if ($value !== FALSE && isset($this->_serialized[$key])) { return unserialize($value); } @@ -100,18 +100,17 @@ class CI_Cache_redis extends CI_Driver { if (is_array($data) OR is_object($data)) { - $data = serialize($data); - - if ( ! in_array($id, $this->_serialized, TRUE)) + if ( ! $this->_redis->sAdd('_ci_redis_serialized', $id)) { - $this->_serialized[] = $id; + return FALSE; } - $this->_redis->sAdd('_ci_redis_serialized', $id); + isset($this->_serialized[$id]) OR $this->_serialized[$id] = TRUE; + $data = serialize($data); } - elseif (($index_key = array_search($id, $this->_serialized, TRUE)) !== FALSE) + elseif (isset($this->_serialized[$id])) { - unset($this->_serialized[$index_key]); + $this->_serialized[$id] = NULL; $this->_redis->sRemove('_ci_redis_serialized', $id); } @@ -130,13 +129,18 @@ class CI_Cache_redis extends CI_Driver */ public function delete($key) { - if ($this->_redis->delete($key) === 1 && in_array($key, $this->_serialized, TRUE)) + if ($this->_redis->delete($key) !== 1) { + return FALSE; + } + + if (isset($this->_serialized[$key])) + { + $this->_serialized[$key] = NULL; $this->_redis->sRemove('_ci_redis_serialized', $key); - return TRUE; } - return FALSE; + return TRUE; } // ------------------------------------------------------------------------ @@ -293,12 +297,10 @@ class CI_Cache_redis extends CI_Driver } // Initialize the index of serialized values. - $this->_serialized = $this->_redis->sMembers('_ci_redis_serialized'); - - if (empty($this->_serialized)) + $serialized = $this->_redis->sMembers('_ci_redis_serialized'); + if ( ! empty($serialized)) { - // On error FALSE is returned, ensure array type for empty index. - $this->_serialized = array(); + $this->_serialized = array_flip($this->_serialized); } return TRUE; -- cgit v1.2.3-24-g4f1b From 1b634f8b10de437a18982a91ccc78aee4be1c685 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 18 Aug 2014 16:21:11 +0300 Subject: Fix a wrong variable name from previous commit Rel: #3186 --- system/libraries/Cache/drivers/Cache_redis.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index ab4fd0da9..7c9da3d2e 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -300,7 +300,7 @@ class CI_Cache_redis extends CI_Driver $serialized = $this->_redis->sMembers('_ci_redis_serialized'); if ( ! empty($serialized)) { - $this->_serialized = array_flip($this->_serialized); + $this->_serialized = array_flip($serialized); } return TRUE; -- cgit v1.2.3-24-g4f1b From d07daa54d991e38ccdcf41c4f9d90f307c5ecbc1 Mon Sep 17 00:00:00 2001 From: hArpanet Date: Thu, 21 Aug 2014 11:26:42 +0100 Subject: ibase_driver returning whitespace in table/column names Currently all Table and Field names are returned padded with whitespace up to string(124). --- system/database/drivers/ibase/ibase_driver.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/database/drivers/ibase/ibase_driver.php b/system/database/drivers/ibase/ibase_driver.php index b19985c37..8f10c1f1d 100644 --- a/system/database/drivers/ibase/ibase_driver.php +++ b/system/database/drivers/ibase/ibase_driver.php @@ -219,11 +219,11 @@ class CI_DB_ibase_driver extends CI_DB { */ protected function _list_tables($prefix_limit = FALSE) { - $sql = 'SELECT "RDB$RELATION_NAME" FROM "RDB$RELATIONS" WHERE "RDB$RELATION_NAME" NOT LIKE \'RDB$%\' AND "RDB$RELATION_NAME" NOT LIKE \'MON$%\''; + $sql = 'SELECT TRIM("RDB$RELATION_NAME") FROM "RDB$RELATIONS" WHERE "RDB$RELATION_NAME" NOT LIKE \'RDB$%\' AND "RDB$RELATION_NAME" NOT LIKE \'MON$%\''; if ($prefix_limit !== FALSE && $this->dbprefix !== '') { - return $sql.' AND "RDB$RELATION_NAME" LIKE \''.$this->escape_like_str($this->dbprefix)."%' " + return $sql.' AND TRIM("RDB$RELATION_NAME") LIKE \''.$this->escape_like_str($this->dbprefix)."%' " .sprintf($this->_like_escape_str, $this->_like_escape_chr); } @@ -242,7 +242,7 @@ class CI_DB_ibase_driver extends CI_DB { */ protected function _list_columns($table = '') { - return 'SELECT "RDB$FIELD_NAME" FROM "RDB$RELATION_FIELDS" WHERE "RDB$RELATION_NAME" = '.$this->escape($table); + return 'SELECT TRIM("RDB$FIELD_NAME") FROM "RDB$RELATION_FIELDS" WHERE "RDB$RELATION_NAME" = '.$this->escape($table); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 7e6aba1484f1b9a32bf97f2a9a654a503c8eb86f Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Thu, 21 Aug 2014 20:04:52 +0300 Subject: Query builder: IS NOT NULL support implementation, see #3194 --- system/database/DB_query_builder.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 085c615e5..c75a46908 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -661,6 +661,15 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // value appears not to have been set, assign the test to IS NULL $k .= ' IS NULL'; } + else + { + $operator = trim($this->_get_operator($k)); + + if ($operator == '<>' OR $operator == '!=') + { + $k = str_replace($operator, ' IS NOT NULL', $k); + } + } $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); if ($this->qb_caching === TRUE) -- cgit v1.2.3-24-g4f1b From a3cc8084a73e2c58a9ac38963bf7f60ba50d213e Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Fri, 22 Aug 2014 12:00:05 +0300 Subject: Query builder, IS NOT NULL support #3194: Strict comparison. --- system/database/DB_query_builder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index c75a46908..69dc8c2d1 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -665,7 +665,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { $operator = trim($this->_get_operator($k)); - if ($operator == '<>' OR $operator == '!=') + if ($operator === '<>' OR $operator === '!=') { $k = str_replace($operator, ' IS NOT NULL', $k); } -- cgit v1.2.3-24-g4f1b From 8b583995309ca0f2ce6fad52fd18f4c59fad9cb6 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Fri, 22 Aug 2014 12:01:14 +0300 Subject: Query builder, IS NOT NULL support #3194: Adding a changelog entry. --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index c4360aae4..6619ae971 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -187,6 +187,7 @@ Release Date: Not Released - Changed ``limit()`` to ignore NULL values instead of always casting to integer. - Changed ``offset()`` to ignore empty values instead of always casting to integer. - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. + - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert the operators *<>* and *!=* into *IS NOT NULL* when the supplied for comparison value is equal to *NULL*. - :doc:`Database Results ` changes include: -- cgit v1.2.3-24-g4f1b From 191550a6cdf4e01448b55ae08f7eee1d47a4e810 Mon Sep 17 00:00:00 2001 From: Rougin Royce Gutib Date: Sun, 24 Aug 2014 16:19:08 +0800 Subject: Fixed typo error --- system/database/DB_query_builder.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 69dc8c2d1..c3836ae14 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -635,7 +635,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $key = array($key => $value); } - // If the escape value was not set will will base it on the global setting + // If the escape value was not set will base it on the global setting is_bool($escape) OR $escape = $this->_protect_identifiers; foreach ($key as $k => $v) @@ -2716,4 +2716,4 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } /* End of file DB_query_builder.php */ -/* Location: ./system/database/DB_query_builder.php */ \ No newline at end of file +/* Location: ./system/database/DB_query_builder.php */ -- cgit v1.2.3-24-g4f1b From 4f45858c0ab3165c59bad9dbae6b8fb43a18d56e Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 25 Aug 2014 11:20:22 +0300 Subject: Upgrading the function html_escape(), escaping twice can be prevented by setting the second argument to FALSE. --- system/core/Common.php | 12 ++++++++---- user_guide_src/source/changelog.rst | 1 + 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/system/core/Common.php b/system/core/Common.php index 752a2e7f1..fd248e9b9 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -690,16 +690,20 @@ if ( ! function_exists('remove_invisible_characters')) if ( ! function_exists('html_escape')) { /** - * Returns HTML escaped variable + * Returns HTML escaped variable. + * $double_encode set to FALSE prevents escaping twice. * * @param mixed + * @param bool * @return mixed */ - function html_escape($var) + function html_escape($var, $double_encode = TRUE) { + $double_encode = (bool) $double_encode; + return is_array($var) - ? array_map('html_escape', $var) - : htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + ? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var)) + : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 6619ae971..4ff71a525 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -489,6 +489,7 @@ Release Date: Not Released - Removed the third (`$php_error`) argument from function :func:`log_message()`. - Changed internal function ``load_class()`` to accept a constructor parameter instead of (previously unused) class name prefix. - Removed default parameter value of :func:`is_php()`. + - Added a second optional argument ``$double_encode`` to :func:`html_escape()`. When ``$double_encode`` is set to FALSE, escaping twice is prevented. - :doc:`Output Library ` changes include: -- cgit v1.2.3-24-g4f1b From 993f98c09c80ebad3328b7aa4182a941174d1d4a Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 25 Aug 2014 12:13:31 +0300 Subject: Upgrading the function html_escape() - documentation corrections. --- system/core/Common.php | 7 +++---- user_guide_src/source/changelog.rst | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/system/core/Common.php b/system/core/Common.php index fd248e9b9..74864ec56 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -691,11 +691,10 @@ if ( ! function_exists('html_escape')) { /** * Returns HTML escaped variable. - * $double_encode set to FALSE prevents escaping twice. * - * @param mixed - * @param bool - * @return mixed + * @param mixed $var The input string or array of strings to be escaped. + * @param bool $double_encode $double_encode set to FALSE prevents escaping twice. + * @return mixed The escaped string or array of strings as a result. */ function html_escape($var, $double_encode = TRUE) { diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 4ff71a525..165ef424f 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -489,7 +489,7 @@ Release Date: Not Released - Removed the third (`$php_error`) argument from function :func:`log_message()`. - Changed internal function ``load_class()`` to accept a constructor parameter instead of (previously unused) class name prefix. - Removed default parameter value of :func:`is_php()`. - - Added a second optional argument ``$double_encode`` to :func:`html_escape()`. When ``$double_encode`` is set to FALSE, escaping twice is prevented. + - Added a second argument ``$double_encode`` to :func:`html_escape()`. - :doc:`Output Library ` changes include: -- cgit v1.2.3-24-g4f1b From e7f55bf4afccbfa65bca16be63d6987ef3224431 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 25 Aug 2014 12:19:11 +0300 Subject: Upgrading the function html_escape() - readability improvement. --- system/core/Common.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/system/core/Common.php b/system/core/Common.php index 74864ec56..93f0f0a99 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -701,7 +701,9 @@ if ( ! function_exists('html_escape')) $double_encode = (bool) $double_encode; return is_array($var) - ? ($double_encode === FALSE ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) : array_map('html_escape', $var)) + ? ($double_encode === FALSE + ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) + : array_map('html_escape', $var)) : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } -- cgit v1.2.3-24-g4f1b From 6222437cfec313a33bc1d6546c4de139c4688188 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Mon, 25 Aug 2014 15:48:33 +0300 Subject: Upgrading the function html_escape() - Readability Improvement 2. --- system/core/Common.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/system/core/Common.php b/system/core/Common.php index 93f0f0a99..ec44ea815 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -700,11 +700,17 @@ if ( ! function_exists('html_escape')) { $double_encode = (bool) $double_encode; - return is_array($var) - ? ($double_encode === FALSE - ? array_map('html_escape', $var, array_fill(0, count($var), FALSE)) - : array_map('html_escape', $var)) - : htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); + if (is_array($var)) + { + if ($double_encode) + { + return array_map('html_escape', $var); + } + + return array_map('html_escape', $var, array_fill(0, count($var), FALSE)); + } + + return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); } } -- cgit v1.2.3-24-g4f1b From c851dc511b92d87002d1f338a31eaf76b7cb4350 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Tue, 26 Aug 2014 01:49:11 +0300 Subject: Upgraded html_escape() - The simplest version. --- system/core/Common.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/system/core/Common.php b/system/core/Common.php index ec44ea815..b5a696c68 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -698,16 +698,9 @@ if ( ! function_exists('html_escape')) */ function html_escape($var, $double_encode = TRUE) { - $double_encode = (bool) $double_encode; - if (is_array($var)) { - if ($double_encode) - { - return array_map('html_escape', $var); - } - - return array_map('html_escape', $var, array_fill(0, count($var), FALSE)); + return array_map('html_escape', $var, array_fill(0, count($var), $double_encode)); } return htmlspecialchars($var, ENT_QUOTES, config_item('charset'), $double_encode); -- cgit v1.2.3-24-g4f1b From 516f59c855c969cfcdbc83bb1a2f4180e8cf9271 Mon Sep 17 00:00:00 2001 From: hArpanet Date: Tue, 26 Aug 2014 09:46:52 +0100 Subject: ibase_driver add table/column aliases to satisfy DB_driver expectations --- system/database/drivers/ibase/ibase_driver.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/database/drivers/ibase/ibase_driver.php b/system/database/drivers/ibase/ibase_driver.php index 8f10c1f1d..f4e5aef7c 100644 --- a/system/database/drivers/ibase/ibase_driver.php +++ b/system/database/drivers/ibase/ibase_driver.php @@ -219,11 +219,11 @@ class CI_DB_ibase_driver extends CI_DB { */ protected function _list_tables($prefix_limit = FALSE) { - $sql = 'SELECT TRIM("RDB$RELATION_NAME") FROM "RDB$RELATIONS" WHERE "RDB$RELATION_NAME" NOT LIKE \'RDB$%\' AND "RDB$RELATION_NAME" NOT LIKE \'MON$%\''; + $sql = 'SELECT TRIM("RDB$RELATION_NAME") AS TABLE_NAME FROM "RDB$RELATIONS" WHERE "RDB$RELATION_NAME" NOT LIKE \'RDB$%\' AND "RDB$RELATION_NAME" NOT LIKE \'MON$%\''; if ($prefix_limit !== FALSE && $this->dbprefix !== '') { - return $sql.' AND TRIM("RDB$RELATION_NAME") LIKE \''.$this->escape_like_str($this->dbprefix)."%' " + return $sql.' AND TRIM("RDB$RELATION_NAME") AS TABLE_NAME LIKE \''.$this->escape_like_str($this->dbprefix)."%' " .sprintf($this->_like_escape_str, $this->_like_escape_chr); } @@ -242,7 +242,7 @@ class CI_DB_ibase_driver extends CI_DB { */ protected function _list_columns($table = '') { - return 'SELECT TRIM("RDB$FIELD_NAME") FROM "RDB$RELATION_FIELDS" WHERE "RDB$RELATION_NAME" = '.$this->escape($table); + return 'SELECT TRIM("RDB$FIELD_NAME") AS COLUMN_NAME FROM "RDB$RELATION_FIELDS" WHERE "RDB$RELATION_NAME" = '.$this->escape($table); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b -- cgit v1.2.3-24-g4f1b From a7d3250df769da74f76b04ae477ef067180f1fa3 Mon Sep 17 00:00:00 2001 From: Rougin Gutib Date: Wed, 27 Aug 2014 10:52:49 +0800 Subject: Removed empty line --- system/database/DB_query_builder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index c3836ae14..f11f84627 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2716,4 +2716,4 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } /* End of file DB_query_builder.php */ -/* Location: ./system/database/DB_query_builder.php */ +/* Location: ./system/database/DB_query_builder.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From b27338ac9710cfcf69c4c99028f474aae8b28b49 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 12:16:52 +0300 Subject: Fix #3189 --- system/libraries/Parser.php | 66 ++++++++++++++++++------------------- user_guide_src/source/changelog.rst | 1 + 2 files changed, 34 insertions(+), 33 deletions(-) diff --git a/system/libraries/Parser.php b/system/libraries/Parser.php index d23a53423..8d802d2aa 100644 --- a/system/libraries/Parser.php +++ b/system/libraries/Parser.php @@ -128,13 +128,20 @@ class CI_Parser { return FALSE; } + $replace = array(); foreach ($data as $key => $val) { - $template = is_array($val) + $replace = array_merge( + $replace, + is_array($val) ? $this->_parse_pair($key, $val, $template) - : $template = $this->_parse_single($key, (string) $val, $template); + : $this->_parse_single($key, (string) $val, $template) + ); } + unset($data); + $template = strtr($template, $replace); + if ($return === FALSE) { $this->CI->output->append_output($template); @@ -170,7 +177,7 @@ class CI_Parser { */ protected function _parse_single($key, $val, $string) { - return str_replace($this->l_delim.$key.$this->r_delim, (string) $val, $string); + return array($this->l_delim.$key.$this->r_delim => (string) $val); } // -------------------------------------------------------------------- @@ -187,50 +194,43 @@ class CI_Parser { */ protected function _parse_pair($variable, $data, $string) { - if (FALSE === ($matches = $this->_match_pair($string, $variable))) - { - return $string; - } + $replace = array(); + preg_match_all( + '#'.preg_quote($this->l_delim.$variable.$this->r_delim).'(.+?)'.preg_quote($this->l_delim.'/'.$variable.$this->r_delim).'#s', + $string, + $matches, + PREG_SET_ORDER + ); - $str = ''; - $search = $replace = array(); foreach ($matches as $match) { $str = ''; foreach ($data as $row) { - $temp = $match[1]; + $temp = array(); foreach ($row as $key => $val) { - $temp = is_array($val) - ? $this->_parse_pair($key, $val, $temp) - : $this->_parse_single($key, $val, $temp); + if (is_array($val)) + { + $pair = $this->_parse_pair($key, $val, $temp); + if ( ! empty($pair)) + { + $temp = array_merge($temp, $pair); + } + + continue; + } + + $temp[$this->l_delim.$key.$this->r_delim] = $val; } - $str .= $temp; + $str .= strtr($match[1], $temp); } - $search[] = $match[0]; - $replace[] = $str; + $replace[$match[0]] = $str; } - return str_replace($search, $replace, $string); - } - - // -------------------------------------------------------------------- - - /** - * Matches a variable pair - * - * @param string $string - * @param string $variable - * @return mixed - */ - protected function _match_pair($string, $variable) - { - return preg_match_all('|'.preg_quote($this->l_delim).$variable.preg_quote($this->r_delim).'(.+?)'.preg_quote($this->l_delim).'/'.$variable.preg_quote($this->r_delim).'|s', - $string, $match, PREG_SET_ORDER) - ? $match : FALSE; + return $replace; } } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 165ef424f..766cb3172 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -743,6 +743,7 @@ Bug fixes for 3.0 - Fixed a bug where ``CI_Xmlrpcs::parseRequest()`` could fail if ``$HTTP_RAW_POST_DATA`` is not populated. - Fixed a bug in :doc:`Zip Library ` internal method ``_get_mod_time()`` where it was not parsing result returned by ``filemtime()``. - Fixed a bug (#3161) - :doc:`Cache Library ` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage. +- Fixed a bug (#3189) - :doc:`Parser Library ` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability. Version 2.2.0 ============= -- cgit v1.2.3-24-g4f1b From fc4db348999fe9cc8d568eeba7602a11d449e2b8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 14:18:19 +0300 Subject: [ci skip] Update a comment block description --- system/libraries/Encrypt.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index 2541a4467..995bf0bbe 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -29,7 +29,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Encryption Class * - * Provides two-way keyed encoding using XOR Hashing and Mcrypt + * Provides two-way keyed encoding using Mcrypt * * @package CodeIgniter * @subpackage Libraries -- cgit v1.2.3-24-g4f1b From f38c9c29e32e86d453c820bdc13abdd9c2a1a765 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 14:56:31 +0300 Subject: Close #3205 --- system/libraries/Upload.php | 22 ++++------------------ user_guide_src/source/changelog.rst | 1 + 2 files changed, 5 insertions(+), 18 deletions(-) diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 7946111cc..49c69a32c 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1158,28 +1158,14 @@ class CI_Upload { */ protected function _prep_filename($filename) { - if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR strpos($filename, '.') === FALSE) + if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR ($ext_pos = strrpos($filename, '.')) === FALSE) { return $filename; } - $parts = explode('.', $filename); - $ext = array_pop($parts); - $filename = array_shift($parts); - - foreach ($parts as $part) - { - if ( ! in_array(strtolower($part), $this->allowed_types) OR ! isset($this->_mimes[strtolower($part)])) - { - $filename .= '.'.$part.'_'; - } - else - { - $filename .= '.'.$part; - } - } - - return $filename.'.'.$ext; + $ext = substr($filename, $ext_pos); + $filename = substr($filename, 0, $ext_pos); + return str_replace('.', '_', $filename).$ext; } // -------------------------------------------------------------------- diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 766cb3172..5c233efac 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -306,6 +306,7 @@ Release Date: Not Released - Added a ``$reset`` parameter to method ``initialize()``. - Removed method ``clean_file_name()`` and its usage in favor of :doc:`Security Library `'s ``sanitize_filename()``. - Removed method ``mimes_types()``. + - Changed ``CI_Upload::_prep_filename()`` to simply replace all (but the last) dots in the filename with underscores, instead of suffixing them. - :doc:`Calendar Library ` changes include: -- cgit v1.2.3-24-g4f1b From d4afe4a074015af109f1ab482f486d71e0b883f4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 15:29:31 +0300 Subject: [ci skip] Fix routing documentation (#3192) It described a feature that doesn't exist. --- user_guide_src/source/general/routing.rst | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/user_guide_src/source/general/routing.rst b/user_guide_src/source/general/routing.rst index 0b91d3fa9..766e0b2ab 100644 --- a/user_guide_src/source/general/routing.rst +++ b/user_guide_src/source/general/routing.rst @@ -116,15 +116,13 @@ call the "shirts" controller class and the "id_123" method. With regular expressions, you can also catch a segment containing a forward slash ('/'), which would usually represent the delimiter between multiple segments. + For example, if a user accesses a password protected area of your web application and you wish to be able to redirect them back to the same page after they log in, you may find this example useful:: $route['login/(.+)'] = 'auth/login/$1'; -That will call the "auth" controller class and its ``login()`` method, -passing everything contained in the URI after *login/* as a parameter. - For those of you who don't know regular expressions and want to learn more about them, `regular-expressions.info ` might be a good starting point. -- cgit v1.2.3-24-g4f1b From 487ccc9c8a21cb6338aab7173b3adda194d29c26 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 16:26:23 +0300 Subject: Add CI_Security::get_random_bytes() for CSRF & XSS token generation --- system/core/Security.php | 61 ++++++++++++++++++++++++---- user_guide_src/source/changelog.rst | 3 +- user_guide_src/source/libraries/security.rst | 17 +++++++- 3 files changed, 72 insertions(+), 9 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index bb0670500..bc224e7e3 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -77,7 +77,7 @@ class CI_Security { * * @var string */ - protected $_xss_hash = ''; + protected $_xss_hash; /** * CSRF Hash @@ -86,7 +86,7 @@ class CI_Security { * * @var string */ - protected $_csrf_hash = ''; + protected $_csrf_hash; /** * CSRF Expire time @@ -227,7 +227,7 @@ class CI_Security { { // Nothing should last forever unset($_COOKIE[$this->_csrf_cookie_name]); - $this->_csrf_hash = ''; + $this->_csrf_hash = NULL; } $this->_csrf_set_hash(); @@ -538,9 +538,12 @@ class CI_Security { */ public function xss_hash() { - if ($this->_xss_hash === '') + if ($this->_xss_hash === NULL) { - $this->_xss_hash = md5(uniqid(mt_rand())); + $rand = $this->get_random_bytes(16); + $this->_xss_hash = ($rand === FALSE) + ? md5(uniqid(mt_rand(), TRUE)) + : bin2hex($rand); } return $this->_xss_hash; @@ -548,6 +551,46 @@ class CI_Security { // -------------------------------------------------------------------- + /** + * Get random bytes + * + * @param int $length Output length + * @return string + */ + public function get_random_bytes($length) + { + if (empty($length) OR ! ctype_digit($length)) + { + return FALSE; + } + + // Unfortunately, none of the following PRNGs is guaranteed to exist ... + if (defined(MCRYPT_DEV_URANDOM) && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE) + { + return $output; + } + + + if (is_readable('/dev/urandom') && ($fp = fopen('/dev/urandom', 'rb')) !== FALSE) + { + $output = fread($fp, $length); + fclose($fp); + if ($output !== FALSE) + { + return $output; + } + } + + if (function_exists('openssl_random_pseudo_bytes')) + { + return openssl_random_pseudo_bytes($length); + } + + return FALSE; + } + + // -------------------------------------------------------------------- + /** * HTML Entities Decode * @@ -915,7 +958,7 @@ class CI_Security { */ protected function _csrf_set_hash() { - if ($this->_csrf_hash === '') + if ($this->_csrf_hash === NULL) { // If the cookie exists we will use its value. // We don't necessarily want to regenerate it with @@ -927,7 +970,11 @@ class CI_Security { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } - $this->_csrf_hash = md5(uniqid(mt_rand(), TRUE)); + $rand = $this->get_random_bytes(16); + $this->_csrf_hash = ($rand === FALSE) + ? md5(uniqid(mt_rand(), TRUE)) + : bin2hex($rand); + $this->csrf_set_cookie(); } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 5c233efac..64a768977 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -508,9 +508,10 @@ Release Date: Not Released - :doc:`Security Library ` changes include: - - Added method ``strip_image_tags()``. - Added ``$config['csrf_regeneration']``, which makes CSRF token regeneration optional. - Added ``$config['csrf_exclude_uris']``, allowing for exclusion of URIs from the CSRF protection (regular expressions are supported). + - Added method ``strip_image_tags()``. + - Added method ``get_random_bytes()`` and switched CSRF & XSS token generation to use it. - Modified method ``sanitize_filename()`` to read a public ``$filename_bad_chars`` property for getting the invalid characters list. - Return status code of 403 instead of a 500 if CSRF protection is enabled but a token is missing from a request. diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst index c8d69d16f..0c51e342b 100644 --- a/user_guide_src/source/libraries/security.rst +++ b/user_guide_src/source/libraries/security.rst @@ -163,4 +163,19 @@ Class Reference This method acts a lot like PHP's own native ``html_entity_decode()`` function in ENT_COMPAT mode, only it tries to detect HTML entities that don't end in a semicolon because some browsers allow that. - If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used. \ No newline at end of file + If the ``$charset`` parameter is left empty, then your configured ``$config['charset']`` value will be used. + + .. method:: get_random_bytes($length) + + :param int $length: Output length + :returns: A binary stream of random bytes or FALSE on failure + :rtype: string + + A convenience method for getting proper random bytes via ``mcrypt_create_iv()``, + ``/dev/urandom`` or ``openssl_random_pseudo_bytes()`` (in that order), if one + of them is available. + + Used for generating CSRF and XSS tokens. + + .. note:: The output is NOT guaranteed to be cryptographically secure, + just the best attempt at that. \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 459657415189f4fe3f8d4eb05b209ab78409f9b0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 20:40:11 +0300 Subject: Fix #2963 Changed all file permissions settings throught the framework and the documentation. Also added configuration settings for CI_Log and CI_Image_lib --- application/config/config.php | 12 ++++++++++ application/config/constants.php | 2 +- system/core/Log.php | 30 +++++++++++++++++------- system/core/Output.php | 2 +- system/database/DB_cache.php | 11 +++------ system/libraries/Cache/drivers/Cache_file.php | 2 +- system/libraries/Image_lib.php | 23 ++++++++++-------- user_guide_src/source/changelog.rst | 7 +++++- user_guide_src/source/helpers/captcha_helper.rst | 2 +- user_guide_src/source/helpers/file_helper.rst | 4 ++-- user_guide_src/source/libraries/ftp.rst | 6 ++--- user_guide_src/source/libraries/image_lib.rst | 2 ++ user_guide_src/source/libraries/zip.rst | 2 +- 13 files changed, 67 insertions(+), 38 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index b6b3c9fdf..e8d30b625 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -262,6 +262,18 @@ $config['log_path'] = ''; */ $config['log_file_extension'] = ''; +/* +|-------------------------------------------------------------------------- +| Log File Permissions +|-------------------------------------------------------------------------- +| +| The file system permissions to be applied on newly created log files. +| +| IMPORTANT: This MUST be an integer (no quotes) and you MUST use octal +| integer notation (i.e. 0700, 0644, etc.) +*/ +$config['log_file_permissions'] = 0644; + /* |-------------------------------------------------------------------------- | Date Format for Logs diff --git a/application/config/constants.php b/application/config/constants.php index 239fd46fb..c19f044ab 100644 --- a/application/config/constants.php +++ b/application/config/constants.php @@ -42,7 +42,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); define('FILE_READ_MODE', 0644); define('FILE_WRITE_MODE', 0666); define('DIR_READ_MODE', 0755); -define('DIR_WRITE_MODE', 0777); +define('DIR_WRITE_MODE', 0755); /* |-------------------------------------------------------------------------- diff --git a/system/core/Log.php b/system/core/Log.php index a949c3f39..57505b526 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -44,33 +44,40 @@ class CI_Log { */ protected $_log_path; + /** + * File permissions + * + * @var int + */ + protected $_file_permissions = 0644; + /** * Level of logging * * @var int */ - protected $_threshold = 1; + protected $_threshold = 1; /** * Highest level of logging * * @var int */ - protected $_threshold_max = 0; + protected $_threshold_max = 0; /** * Array of threshold levels to log * * @var array */ - protected $_threshold_array = array(); + protected $_threshold_array = array(); /** * Format of timestamp for log files * * @var string */ - protected $_date_fmt = 'Y-m-d H:i:s'; + protected $_date_fmt = 'Y-m-d H:i:s'; /** * Filename extension @@ -84,14 +91,14 @@ class CI_Log { * * @var bool */ - protected $_enabled = TRUE; + protected $_enabled = TRUE; /** * Predefined logging levels * * @var array */ - protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4); + protected $_levels = array('ERROR' => 1, 'DEBUG' => 2, 'INFO' => 3, 'ALL' => 4); // -------------------------------------------------------------------- @@ -108,7 +115,7 @@ class CI_Log { $this->_file_ext = (isset($config['log_file_extension']) && $config['log_file_extension'] !== '') ? ltrim($config['log_file_extension'], '.') : 'php'; - file_exists($this->_log_path) OR mkdir($this->_log_path, 0777, TRUE); + file_exists($this->_log_path) OR mkdir($this->_log_path, 0755, TRUE); if ( ! is_dir($this->_log_path) OR ! is_really_writable($this->_log_path)) { @@ -125,10 +132,15 @@ class CI_Log { $this->_threshold_array = array_flip($config['log_threshold']); } - if ($config['log_date_format'] !== '') + if ( ! empty($config['log_date_format'])) { $this->_date_fmt = $config['log_date_format']; } + + if (is_int($config['log_file_permissions'])) + { + $this->_file_permissions = $config['log_file_permissions']; + } } // -------------------------------------------------------------------- @@ -192,7 +204,7 @@ class CI_Log { if (isset($newfile) && $newfile === TRUE) { - @chmod($filepath, 0666); + chmod($filepath, $this->_file_permissions); } return is_int($result); diff --git a/system/core/Output.php b/system/core/Output.php index 238d223e2..de07125ad 100644 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -606,7 +606,7 @@ class CI_Output { if (is_int($result)) { - @chmod($cache_path, 0666); + chmod($cache_path, 0640); log_message('debug', 'Cache file written: '.$cache_path); // Send HTTP cache-control headers to browser to match file cache settings. diff --git a/system/database/DB_cache.php b/system/database/DB_cache.php index b855ff24e..2efb42c5c 100644 --- a/system/database/DB_cache.php +++ b/system/database/DB_cache.php @@ -156,14 +156,9 @@ class CI_DB_Cache { $dir_path = $this->db->cachedir.$segment_one.'+'.$segment_two.'/'; $filename = md5($sql); - if ( ! is_dir($dir_path)) + if ( ! is_dir($dir_path) && ! @mkdir($dir_path, 0750)) { - if ( ! @mkdir($dir_path, 0777)) - { - return FALSE; - } - - @chmod($dir_path, 0777); + return FALSE; } if (write_file($dir_path.$filename, serialize($object)) === FALSE) @@ -171,7 +166,7 @@ class CI_DB_Cache { return FALSE; } - @chmod($dir_path.$filename, 0666); + chmod($dir_path.$filename, 0640); return TRUE; } diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php index aa2e8fa38..29898040a 100644 --- a/system/libraries/Cache/drivers/Cache_file.php +++ b/system/libraries/Cache/drivers/Cache_file.php @@ -92,7 +92,7 @@ class CI_Cache_file extends CI_Driver { if (write_file($this->_cache_path.$id, serialize($contents))) { - @chmod($this->_cache_path.$id, 0660); + chmod($this->_cache_path.$id, 0640); return TRUE; } diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index f1339b57a..39753705b 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -326,6 +326,13 @@ class CI_Image_lib { */ public $full_dst_path = ''; + /** + * File permissions + * + * @var int + */ + public $file_permissions = 0644; + /** * Name of function to create image * @@ -734,7 +741,7 @@ class CI_Image_lib { { if ($this->source_image !== $this->new_image && @copy($this->full_src_path, $this->full_dst_path)) { - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); } return TRUE; @@ -810,8 +817,7 @@ class CI_Image_lib { imagedestroy($dst_img); imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -880,8 +886,7 @@ class CI_Image_lib { return FALSE; } - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -969,7 +974,7 @@ class CI_Image_lib { // we have to rename the temp file. copy($this->dest_folder.'netpbm.tmp', $this->full_dst_path); unlink($this->dest_folder.'netpbm.tmp'); - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -1013,8 +1018,7 @@ class CI_Image_lib { imagedestroy($dst_img); imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } @@ -1086,8 +1090,7 @@ class CI_Image_lib { // Kill the file handles imagedestroy($src_img); - // Set the file to 666 - @chmod($this->full_dst_path, 0666); + chmod($this->full_dst_path, $this->file_permissions); return TRUE; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 64a768977..bcee73a92 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -333,6 +333,7 @@ Release Date: Not Released - If property *maintain_ratio* is set to TRUE, ``image_reproportion()`` now doesn't need both width and height to be specified. - Property *maintain_ratio* is now taken into account when resizing images using ImageMagick library. - Added support for maintaining transparency for PNG images in method ``text_watermark()``. + - Added a **file_permissions** setting. - :doc:`Form Validation Library ` changes include: @@ -533,6 +534,11 @@ Release Date: Not Released - Changed method ``clean_string()`` to utilize ``mb_convert_encoding()`` if it is available. - Renamed method ``_is_ascii()`` to ``is_ascii()`` and made it public. + - Log Library changes include: + + - Added a ``$config['log_file_permissions']`` setting. + - Changed the library constructor to try to create the **log_path** directory if it doesn't exist. + - Added `compatibility layers ` for: - `Multibyte String `_ (limited support). @@ -541,7 +547,6 @@ Release Date: Not Released - `Standard Functions ``array_column()``, ``array_replace()``, ``array_replace_recursive()``, ``hex2bin()``, ``quoted_printable_encode()``. - Removed ``CI_CORE`` boolean constant from *CodeIgniter.php* (no longer Reactor and Core versions). - - Log Library will now try to create the **log_path** directory if it doesn't exist. - Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE). - ``$config['time_reference']`` now supports all timezone strings supported by PHP. - Fatal PHP errors are now also passed to ``_exception_handler()``, so they can be logged. diff --git a/user_guide_src/source/helpers/captcha_helper.rst b/user_guide_src/source/helpers/captcha_helper.rst index d83490b8e..1b74d08ad 100644 --- a/user_guide_src/source/helpers/captcha_helper.rst +++ b/user_guide_src/source/helpers/captcha_helper.rst @@ -54,7 +54,7 @@ Once loaded you can generate a CAPTCHA like this:: can draw randomly from. - If you do not specify a path to a TRUE TYPE font, the native ugly GD font will be used. -- The "captcha" folder must be writable (666, or 777) +- The "captcha" directory must be writable - The **expiration** (in seconds) signifies how long an image will remain in the captcha folder before it will be deleted. The default is two hours. diff --git a/user_guide_src/source/helpers/file_helper.rst b/user_guide_src/source/helpers/file_helper.rst index 59cabcce2..013b583a0 100644 --- a/user_guide_src/source/helpers/file_helper.rst +++ b/user_guide_src/source/helpers/file_helper.rst @@ -80,8 +80,8 @@ The following functions are available: for mode options. .. note: In order for this function to write data to a file, its permissions must - be set such that it is writable (666, 777, etc.). If the file does not - already exist, the directory containing it must be writable. + be set such that it is writable. If the file does not already exist, + then the directory containing it must be writable. .. note:: The path is relative to your main site index.php file, NOT your controller or view files. CodeIgniter uses a front controller so paths diff --git a/user_guide_src/source/libraries/ftp.rst b/user_guide_src/source/libraries/ftp.rst index dd9440443..4be1a6ea4 100644 --- a/user_guide_src/source/libraries/ftp.rst +++ b/user_guide_src/source/libraries/ftp.rst @@ -270,7 +270,7 @@ Class Reference :: // Creates a folder named "bar" - $this->ftp->mkdir('/public_html/foo/bar/', DIR_WRITE_MODE); + $this->ftp->mkdir('/public_html/foo/bar/', 0755); .. method:: chmod($path, $perm) @@ -282,8 +282,8 @@ Class Reference Permits you to set file permissions. Supply the path to the file or directory you wish to alter permissions on:: - // Chmod "bar" to 777 - $this->ftp->chmod('/public_html/foo/bar/', DIR_WRITE_MODE); + // Chmod "bar" to 755 + $this->ftp->chmod('/public_html/foo/bar/', 0755); .. method:: changedir($path[, $suppress_debug = FALSE]) diff --git a/user_guide_src/source/libraries/image_lib.rst b/user_guide_src/source/libraries/image_lib.rst index 16acf090b..a52cf3e02 100644 --- a/user_guide_src/source/libraries/image_lib.rst +++ b/user_guide_src/source/libraries/image_lib.rst @@ -137,6 +137,8 @@ Preference Default Value Options image can be shown at a time, and it can't be positioned on the page. It simply outputs the raw image dynamically to your browser, along with image headers. +**file_permissions** 0644 (integer) File system permissions to apply on the resulting image file, R, C, X, W + writing it to the disk. WARNING: Use octal integer notation! **quality** 90% 1 - 100% Sets the quality of the image. The higher the quality the larger the R, C, X, W file size. **new_image** None None Sets the destination image name/path. You'll use this preference when R, C, X, W diff --git a/user_guide_src/source/libraries/zip.rst b/user_guide_src/source/libraries/zip.rst index 5ff7d07d6..4ca14086a 100644 --- a/user_guide_src/source/libraries/zip.rst +++ b/user_guide_src/source/libraries/zip.rst @@ -173,7 +173,7 @@ Class Reference :rtype: bool Writes the Zip-encoded file to a directory on your server. Submit a valid server path ending in the file name. - Make sure the directory is writable (660 or 666 is usually OK). Example:: + Make sure the directory is writable (755 is usually OK). Example:: $this->zip->archive('/path/to/folder/myarchive.zip'); // Creates a file named myarchive.zip -- cgit v1.2.3-24-g4f1b From 47c21c65c04b433fc4de98c6db385bd609975866 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 28 Aug 2014 01:01:32 +0300 Subject: CI_Parser: Fix a regression from b27338ac9710cfcf69c4c99028f474aae8b28b49 (#3189) --- system/libraries/Parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Parser.php b/system/libraries/Parser.php index 8d802d2aa..2c2fc73b6 100644 --- a/system/libraries/Parser.php +++ b/system/libraries/Parser.php @@ -212,7 +212,7 @@ class CI_Parser { { if (is_array($val)) { - $pair = $this->_parse_pair($key, $val, $temp); + $pair = $this->_parse_pair($key, $val, $match[1]); if ( ! empty($pair)) { $temp = array_merge($temp, $pair); -- cgit v1.2.3-24-g4f1b From efe33a2187ceb501e3c2038016c89f8423b8bcaa Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 28 Aug 2014 09:53:44 +0300 Subject: Fix CI_Security::get_random_bytes() length validation --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Security.php b/system/core/Security.php index bc224e7e3..782d3e83c 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -559,7 +559,7 @@ class CI_Security { */ public function get_random_bytes($length) { - if (empty($length) OR ! ctype_digit($length)) + if (empty($length) OR ! ctype_digit((string) $length)) { return FALSE; } -- cgit v1.2.3-24-g4f1b From 60726ef7dc7a70a41a6a8944525d25c4476edea9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 8 Sep 2014 11:31:48 +0300 Subject: Add 'named callable' rules to Form validation library Requested in issue #3183 Supersedes PR #3220 --- system/libraries/Form_validation.php | 20 +++++++++++--- .../source/libraries/form_validation.rst | 31 +++++++++++++++++++++- 2 files changed, 46 insertions(+), 5 deletions(-) diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 1d654d9f7..b640f1ec1 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -701,6 +701,12 @@ class CI_Form_validation { { $callable = TRUE; } + elseif (is_array($rule) && isset($rule[0], $rule[1]) && is_callable($rule[1])) + { + // We have a "named" callable, so save the name + $callable = $rule[0]; + $rule = $rule[1]; + } // Strip the parameter (if exists) from the rule // Rules can contain a parameter: max_length[5] @@ -712,7 +718,7 @@ class CI_Form_validation { } // Call the function that corresponds to the rule - if ($callback OR $callable) + if ($callback OR $callable !== FALSE) { if ($callback) { @@ -730,8 +736,14 @@ class CI_Form_validation { else { $result = is_array($rule) - ? $rule[0]->{$rule[1]}($postdata, $param) - : $rule($postdata, $param); + ? $rule[0]->{$rule[1]}($postdata) + : $rule($postdata); + + // Is $callable set to a rule name? + if ($callable !== FALSE) + { + $rule = $callable; + } } // Re-assign the result to the master data array @@ -791,7 +803,7 @@ class CI_Form_validation { // Did the rule test negatively? If so, grab the error. if ($result === FALSE) { - // Callable rules don't have named error messages + // Callable rules might not have named error messages if ( ! is_string($rule)) { return; diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 2ae56d29a..2b7780ff2 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -505,11 +505,40 @@ function:: 'required', function($value) { - // Check $value and return TRUE/FALSE + // Check $value } ) ); +Of course, since a Callable rule by itself is not a string, it isn't +a rule name either. That is a problem when you want to set error messages +for them. In order to get around that problem, you can put such rules as +the second element of an array, with the first one being the rule name:: + + $this->form_validation->set_rules( + 'username', 'Username', + array( + 'required', + array('username_callable', array($this->users_model', 'valid_username')) + ) + ); + +Anonymous function (PHP 5.3+) version:: + + $this->form_validation->set_rules( + 'username', 'Username', + array( + 'required', + array( + 'username_callable', + function($str) + { + // Check validity of $str and return TRUE or FALSE + } + ) + ) + ); + .. _setting-error-messages: Setting Error Messages -- cgit v1.2.3-24-g4f1b From 03eeb366a6e71d184f448353e5b2ce2a9a42b812 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 8 Sep 2014 11:35:52 +0300 Subject: Add svg to config/mimes.php Close #3199 --- application/config/mimes.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/config/mimes.php b/application/config/mimes.php index ccca69220..a014cb459 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -174,7 +174,8 @@ return array( '7zip' => array('application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'), 'cdr' => array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'), 'wma' => array('audio/x-ms-wma', 'video/x-ms-asf'), - 'jar' => array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed') + 'jar' => array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'), + 'svg' => array('image/svg+xml', 'application/xml', 'text/xml') ); /* End of file mimes.php */ -- cgit v1.2.3-24-g4f1b From 4b73882124dfe5e9aec9686fef168be1fc590dfe Mon Sep 17 00:00:00 2001 From: Ahmad Anbar Date: Thu, 11 Sep 2014 16:34:24 +0300 Subject: Added vcard mime-type --- application/config/mimes.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/config/mimes.php b/application/config/mimes.php index a014cb459..bab431f77 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -175,7 +175,8 @@ return array( 'cdr' => array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'), 'wma' => array('audio/x-ms-wma', 'video/x-ms-asf'), 'jar' => array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'), - 'svg' => array('image/svg+xml', 'application/xml', 'text/xml') + 'svg' => array('image/svg+xml', 'application/xml', 'text/xml'), + 'vcf' => 'text/x-vcard' ); /* End of file mimes.php */ -- cgit v1.2.3-24-g4f1b From a135a18fe99ccf4f27dabc6c4a045e42cd239cea Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 12 Sep 2014 10:57:02 +0300 Subject: Fix #3228 --- system/core/Security.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index 782d3e83c..0dc74a284 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -974,8 +974,6 @@ class CI_Security { $this->_csrf_hash = ($rand === FALSE) ? md5(uniqid(mt_rand(), TRUE)) : bin2hex($rand); - - $this->csrf_set_cookie(); } return $this->_csrf_hash; -- cgit v1.2.3-24-g4f1b From cbde7d4762bdfa1d476e01bb33bd56fa962ad140 Mon Sep 17 00:00:00 2001 From: Ahmad Anbar Date: Mon, 15 Sep 2014 18:22:08 +0300 Subject: removed extra quote --- user_guide_src/source/libraries/form_validation.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/libraries/form_validation.rst b/user_guide_src/source/libraries/form_validation.rst index 2b7780ff2..aae9e3b89 100644 --- a/user_guide_src/source/libraries/form_validation.rst +++ b/user_guide_src/source/libraries/form_validation.rst @@ -519,7 +519,7 @@ the second element of an array, with the first one being the rule name:: 'username', 'Username', array( 'required', - array('username_callable', array($this->users_model', 'valid_username')) + array('username_callable', array($this->users_model, 'valid_username')) ) ); -- cgit v1.2.3-24-g4f1b From dc0ad20329ed3c3f800f3fe0b68f73cff970cdb2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 17 Sep 2014 10:34:04 +0300 Subject: Don't assume that log_file_permissions exists --- system/core/Log.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Log.php b/system/core/Log.php index 57505b526..1dca1bf3b 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -137,7 +137,7 @@ class CI_Log { $this->_date_fmt = $config['log_date_format']; } - if (is_int($config['log_file_permissions'])) + if ( ! empty($config['log_file_permissions']) && is_int($config['log_file_permissions'])) { $this->_file_permissions = $config['log_file_permissions']; } -- cgit v1.2.3-24-g4f1b From 2c6cdd7d3ac4c929bf6fa172b6ba48c282e3a831 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 17 Sep 2014 11:13:46 +0300 Subject: Fix #3238 Close #3239 --- system/database/DB_driver.php | 5 ++--- system/database/DB_query_builder.php | 12 ++++++++---- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 12ab5bb2a..62cea758e 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1440,7 +1440,7 @@ abstract class CI_DB_driver { */ protected function _has_operator($str) { - return (bool) preg_match('/(<|>|!|=|\sIS NULL|\sIS NOT NULL|\sEXISTS|\sBETWEEN|\sLIKE|\sIN\s*\(|\s)/i', trim($str)); + return (bool) preg_match('/(<|>|!|=|\sIS\s|\sEXISTS|\sBETWEEN|\sLIKE|\sIN\s*\(|\s)/i', trim($str)); } // -------------------------------------------------------------------- @@ -1464,8 +1464,7 @@ abstract class CI_DB_driver { '\s*(?:<|>|!)?=\s*', // =, <=, >=, != '\s*<>?\s*', // <, <> '\s*>\s*', // > - '\s+IS NULL', // IS NULL - '\s+IS NOT NULL', // IS NOT NULL + '\s+IS(?:\sNOT)?(?:\sNULL)?', // IS[ NOT] NULL '\s+EXISTS\s*\([^\)]+\)', // EXISTS(sql) '\s+NOT EXISTS\s*\([^\)]+\)', // NOT EXISTS(sql) '\s+BETWEEN\s+\S+\s+AND\s+\S+', // BETWEEN value AND value diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index f11f84627..4e37e4c03 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -663,11 +663,15 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } else { - $operator = trim($this->_get_operator($k)); - - if ($operator === '<>' OR $operator === '!=') + $operator = $this->_get_operator($k); + if (stripos($operator, 'NULL') === FALSE) { - $k = str_replace($operator, ' IS NOT NULL', $k); + $op = strrpos($k, $operator); + if (strlen($k) === ($op + strlen($operator))) + { + $operator = strtr($operator, array('<>' => 'IS NOT', '!=' => 'IS NOT')); + $k = substr($k, 0, $op).rtrim($operator).' NULL'; + } } } -- cgit v1.2.3-24-g4f1b From 607d5e287a24403e4578a69f8065d0ede8cce56e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 17 Sep 2014 14:54:05 +0300 Subject: Fix a defined() check Close #3233 --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Security.php b/system/core/Security.php index 0dc74a284..181ace20b 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -565,7 +565,7 @@ class CI_Security { } // Unfortunately, none of the following PRNGs is guaranteed to exist ... - if (defined(MCRYPT_DEV_URANDOM) && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE) + if (defined('MCRYPT_DEV_URANDOM') && ($output = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)) !== FALSE) { return $output; } -- cgit v1.2.3-24-g4f1b From f186e1f0af1dc0941b21e1667ff2a22f739a0dcb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 18 Sep 2014 12:05:59 +0300 Subject: Fix #3242 --- system/database/DB_query_builder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 4e37e4c03..4b3aa4d6c 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -664,7 +664,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { else { $operator = $this->_get_operator($k); - if (stripos($operator, 'NULL') === FALSE) + if (stripos($operator, 'NULL') === FALSE && strncasecmp(ltrim($operator), 'IN', 2) !== 0) { $op = strrpos($k, $operator); if (strlen($k) === ($op + strlen($operator))) -- cgit v1.2.3-24-g4f1b From 891855d79986b21158907f85c74c81660b3091b4 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Sat, 20 Sep 2014 08:48:27 +0200 Subject: Fix examples in documentation --- user_guide_src/source/general/ancillary_classes.rst | 2 +- user_guide_src/source/general/creating_libraries.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/general/ancillary_classes.rst b/user_guide_src/source/general/ancillary_classes.rst index edb3a14fb..f9b6ba231 100644 --- a/user_guide_src/source/general/ancillary_classes.rst +++ b/user_guide_src/source/general/ancillary_classes.rst @@ -78,7 +78,7 @@ Example:: public function bar() { - $this->CI->config_item('base_url'); + $this->CI->config->item('base_url'); } } diff --git a/user_guide_src/source/general/creating_libraries.rst b/user_guide_src/source/general/creating_libraries.rst index a1e1b3e78..0e3ae4c85 100644 --- a/user_guide_src/source/general/creating_libraries.rst +++ b/user_guide_src/source/general/creating_libraries.rst @@ -170,7 +170,7 @@ methods, you're encouraged to assign it to a property instead:: public function bar() { - echo $this->CI->config_item('base_url'); + echo $this->CI->config->item('base_url'); } } -- cgit v1.2.3-24-g4f1b From d5eb732192b638436d1a67ed1cda6002001bdafa Mon Sep 17 00:00:00 2001 From: Amir Saboury Date: Wed, 24 Sep 2014 10:54:54 -0400 Subject: fixed a typo in changelog Signed-off-by: Amir Saboury --- user_guide_src/source/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index bcee73a92..db73e22ed 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -807,7 +807,7 @@ Bug fixes for 2.1.3 - Fixed a bug (#227) - :doc:`Input Library ` allowed unconditional spoofing of HTTP clients' IP addresses through the *HTTP_CLIENT_IP* header. - Fixed a bug (#907) - :doc:`Input Library ` ignored *HTTP_X_CLUSTER_CLIENT_IP* and *HTTP_X_CLIENT_IP* headers when checking for proxies. - Fixed a bug (#940) - ``csrf_verify()`` used to set the CSRF cookie while processing a POST request with no actual POST data, which resulted in validating a request that should be considered invalid. -- Fixed a bug (#499) - :doc:`Security Library ` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set tot FALSE. +- Fixed a bug (#499) - :doc:`Security Library ` where a CSRF cookie was created even if ``$config['csrf_protection']`` is set to FALSE. - Fixed a bug (#1715) - :doc:`Input Library ` triggered ``csrf_verify()`` on CLI requests. - Fixed a bug (#751) - :doc:`Query Builder ` didn't properly handle cached field escaping overrides. - Fixed a bug (#2004) - :doc:`Query Builder ` didn't properly merge cached calls with non-cache ones. -- cgit v1.2.3-24-g4f1b From f9a615a5a304a2ead573d6e2869ee4ec7620511e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 28 Sep 2014 20:24:06 +0300 Subject: [ci skip] Remove references to 'PHP5' from comments --- system/core/Security.php | 2 +- system/helpers/file_helper.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index 181ace20b..4b204ad95 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -439,7 +439,7 @@ class CI_Security { /* * Remove disallowed Javascript in links or img tags - * We used to do some version comparisons and use of stripos for PHP5, + * We used to do some version comparisons and use of stripos(), * but it is dog slow compared to these simplified non-capturing * preg_match(), especially if the pattern exists in the string * diff --git a/system/helpers/file_helper.php b/system/helpers/file_helper.php index 8fdb5f7cc..7d2253ef0 100644 --- a/system/helpers/file_helper.php +++ b/system/helpers/file_helper.php @@ -225,7 +225,7 @@ if ( ! function_exists('get_dir_file_info')) $source_dir = rtrim(realpath($source_dir), DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR; } - // foreach (scandir($source_dir, 1) as $file) // In addition to being PHP5+, scandir() is simply not as fast + // Used to be foreach (scandir($source_dir, 1) as $file), but scandir() is simply not as fast while (FALSE !== ($file = readdir($fp))) { if (is_dir($source_dir.$file) && $file[0] !== '.' && $top_level_only === FALSE) -- cgit v1.2.3-24-g4f1b From 970b3836071f1b74d2c98bdc0656c2d9699c9ac0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 29 Sep 2014 11:43:48 +0300 Subject: Revert #3194 This has caused way too many BC breaks (#3238, #3242, #3257). Close #3257 --- system/database/DB_query_builder.php | 13 ------------- user_guide_src/source/changelog.rst | 1 - 2 files changed, 14 deletions(-) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 4b3aa4d6c..30882fadc 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -661,19 +661,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // value appears not to have been set, assign the test to IS NULL $k .= ' IS NULL'; } - else - { - $operator = $this->_get_operator($k); - if (stripos($operator, 'NULL') === FALSE && strncasecmp(ltrim($operator), 'IN', 2) !== 0) - { - $op = strrpos($k, $operator); - if (strlen($k) === ($op + strlen($operator))) - { - $operator = strtr($operator, array('<>' => 'IS NOT', '!=' => 'IS NOT')); - $k = substr($k, 0, $op).rtrim($operator).' NULL'; - } - } - } $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); if ($this->qb_caching === TRUE) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index db73e22ed..2b807eb49 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -187,7 +187,6 @@ Release Date: Not Released - Changed ``limit()`` to ignore NULL values instead of always casting to integer. - Changed ``offset()`` to ignore empty values instead of always casting to integer. - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. - - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert the operators *<>* and *!=* into *IS NOT NULL* when the supplied for comparison value is equal to *NULL*. - :doc:`Database Results ` changes include: -- cgit v1.2.3-24-g4f1b From 5bf4dcde18ae0d584c2dc701ccc8e43124549130 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 29 Sep 2014 20:07:15 +0300 Subject: Close #3194 --- system/database/DB_query_builder.php | 4 ++++ user_guide_src/source/changelog.rst | 1 + 2 files changed, 5 insertions(+) diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 30882fadc..2096ffd60 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -661,6 +661,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // value appears not to have been set, assign the test to IS NULL $k .= ' IS NULL'; } + elseif (preg_match('/\s*(!?=|<>)\s*$/i', $k, $match, PREG_OFFSET_CAPTURE)) + { + $k = substr($k, 0, $match[0][1]).($match[1][0] === '=' ? ' IS NULL' : ' IS NOT NULL'); + } $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); if ($this->qb_caching === TRUE) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 2b807eb49..a3b354961 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -187,6 +187,7 @@ Release Date: Not Released - Changed ``limit()`` to ignore NULL values instead of always casting to integer. - Changed ``offset()`` to ignore empty values instead of always casting to integer. - Methods ``insert_batch()`` and ``update_batch()`` now return an integer representing the number of rows affected by them. + - Methods ``where()``, ``or_where()``, ``having()`` and ``or_having()`` now convert trailing ``=`` and ``<>``, ``!=`` SQL operators to ``IS NULL`` and ``IS NOT NULL`` respectively when the supplied comparison value is ``NULL``. - :doc:`Database Results ` changes include: -- cgit v1.2.3-24-g4f1b From b627430ae60d7c5f13ecc2f289bce8185c218be0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 30 Sep 2014 20:30:06 +0300 Subject: Make sure we don't waste entropy --- system/core/Security.php | 1 + system/core/compat/password.php | 1 + 2 files changed, 2 insertions(+) diff --git a/system/core/Security.php b/system/core/Security.php index 4b204ad95..b97df4647 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -573,6 +573,7 @@ class CI_Security { if (is_readable('/dev/urandom') && ($fp = fopen('/dev/urandom', 'rb')) !== FALSE) { + stream_set_chunk_size($fp, $length); $output = fread($fp, $length); fclose($fp); if ($output !== FALSE) diff --git a/system/core/compat/password.php b/system/core/compat/password.php index a8bc756f0..60aa578db 100644 --- a/system/core/compat/password.php +++ b/system/core/compat/password.php @@ -121,6 +121,7 @@ if ( ! function_exists('password_hash')) return FALSE; } + stream_set_chunk_size($fp, 16); $options['salt'] = ''; for ($read = 0; $read < 16; $read = ($func_override) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt'])) { -- cgit v1.2.3-24-g4f1b From e4b9cd64e2e7185ddf874ddf9861fe21961edb79 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 2 Oct 2014 02:19:06 +0300 Subject: stream_set_chunk_size() requires PHP 5.4 --- system/core/Security.php | 3 ++- system/core/compat/password.php | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/system/core/Security.php b/system/core/Security.php index b97df4647..15a66430a 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -573,7 +573,8 @@ class CI_Security { if (is_readable('/dev/urandom') && ($fp = fopen('/dev/urandom', 'rb')) !== FALSE) { - stream_set_chunk_size($fp, $length); + // Try not to waste entropy ... + is_php('5.4') && stream_set_chunk_size($fp, $length); $output = fread($fp, $length); fclose($fp); if ($output !== FALSE) diff --git a/system/core/compat/password.php b/system/core/compat/password.php index 60aa578db..1f67a5269 100644 --- a/system/core/compat/password.php +++ b/system/core/compat/password.php @@ -121,7 +121,9 @@ if ( ! function_exists('password_hash')) return FALSE; } - stream_set_chunk_size($fp, 16); + // Try not to waste entropy ... + is_php('5.4') && stream_set_chunk_size($fp, 16); + $options['salt'] = ''; for ($read = 0; $read < 16; $read = ($func_override) ? mb_strlen($options['salt'], '8bit') : strlen($options['salt'])) { -- cgit v1.2.3-24-g4f1b From f112e4a4aea6b1b6694fd1a420adecaba6d9a1ec Mon Sep 17 00:00:00 2001 From: Adriano Rosa Date: Fri, 3 Oct 2014 13:15:46 -0300 Subject: fix doc block get_request_header() This method does not return FALSE as said in doc block, the correct return is STRING or NULL. --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/core/Input.php b/system/core/Input.php index 544b7c08b..ada9fc680 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -766,7 +766,7 @@ class CI_Input { * * @param string $index Header name * @param bool $xss_clean Whether to apply XSS filtering - * @return string|bool The requested header on success or FALSE on failure + * @return string|null The requested header on success or NULL on failure */ public function get_request_header($index, $xss_clean = FALSE) { -- cgit v1.2.3-24-g4f1b From d444d445ed0458a352ecb9ff79ffd158677ee805 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 6 Oct 2014 00:00:08 +0300 Subject: config_item() to return NULL instead of FALSE for non-existing items Close #3001 Close #3232 Related: #3244 --- system/core/Common.php | 2 +- system/core/Exceptions.php | 16 ++++++++++------ system/core/Input.php | 2 +- system/core/Security.php | 6 +++--- system/libraries/Encrypt.php | 2 +- tests/mocks/core/common.php | 2 +- user_guide_src/source/changelog.rst | 1 + user_guide_src/source/general/common_functions.rst | 2 +- user_guide_src/source/installation/upgrade_300.rst | 4 ++++ 9 files changed, 23 insertions(+), 14 deletions(-) diff --git a/system/core/Common.php b/system/core/Common.php index b5a696c68..504e22571 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -289,7 +289,7 @@ if ( ! function_exists('config_item')) $_config[0] =& get_config(); } - return isset($_config[0][$item]) ? $_config[0][$item] : FALSE; + return isset($_config[0][$item]) ? $_config[0][$item] : NULL; } } diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index cb4bc3cd6..49c2217c9 100644 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -145,9 +145,11 @@ class CI_Exceptions { */ public function show_error($heading, $message, $template = 'error_general', $status_code = 500) { - $templates_path = config_item('error_views_path') - ? config_item('error_views_path') - : VIEWPATH.'errors'.DIRECTORY_SEPARATOR; + $templates_path = config_item('error_views_path'); + if (empty($templates_path)) + { + $templates_path = VIEWPATH.'errors'.DIRECTORY_SEPARATOR; + } if (is_cli()) { @@ -185,9 +187,11 @@ class CI_Exceptions { */ public function show_php_error($severity, $message, $filepath, $line) { - $templates_path = config_item('error_views_path') - ? config_item('error_views_path') - : VIEWPATH.'errors'.DIRECTORY_SEPARATOR; + $templates_path = config_item('error_views_path'); + if (empty($templates_path)) + { + $templates_path = VIEWPATH.'errors'.DIRECTORY_SEPARATOR; + } $severity = isset($this->levels[$severity]) ? $this->levels[$severity] : $severity; diff --git a/system/core/Input.php b/system/core/Input.php index ada9fc680..9ae2f6d6f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -353,7 +353,7 @@ class CI_Input { $path = config_item('cookie_path'); } - if ($secure === FALSE && config_item('cookie_secure') !== FALSE) + if ($secure === FALSE && config_item('cookie_secure') === TRUE) { $secure = config_item('cookie_secure'); } diff --git a/system/core/Security.php b/system/core/Security.php index 15a66430a..cffdb9ad9 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -158,7 +158,7 @@ class CI_Security { public function __construct() { // Is CSRF protection enabled? - if (config_item('csrf_protection') === TRUE) + if (config_item('csrf_protection')) { // CSRF config foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) @@ -170,9 +170,9 @@ class CI_Security { } // Append application specific cookie prefix - if (config_item('cookie_prefix')) + if ($cookie_prefix = config_item('cookie_prefix')) { - $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; + $this->_csrf_cookie_name = $cookie_prefix.$this->_csrf_cookie_name; } // Set the CSRF hash diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index 995bf0bbe..1af42ed1f 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -111,7 +111,7 @@ class CI_Encrypt { $key = config_item('encryption_key'); - if ($key === FALSE) + if ( ! strlen($key)) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } diff --git a/tests/mocks/core/common.php b/tests/mocks/core/common.php index 5c32ca5c2..2e8265b15 100644 --- a/tests/mocks/core/common.php +++ b/tests/mocks/core/common.php @@ -32,7 +32,7 @@ if ( ! function_exists('config_item')) if ( ! isset($config[$item])) { - return FALSE; + return NULL; } return $config[$item]; diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index a3b354961..0e4930289 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -492,6 +492,7 @@ Release Date: Not Released - Changed internal function ``load_class()`` to accept a constructor parameter instead of (previously unused) class name prefix. - Removed default parameter value of :func:`is_php()`. - Added a second argument ``$double_encode`` to :func:`html_escape()`. + - Changed function ``config_item()`` to return NULL instead of FALSE when no value is found. - :doc:`Output Library ` changes include: diff --git a/user_guide_src/source/general/common_functions.rst b/user_guide_src/source/general/common_functions.rst index 9c0a7cbe1..399a323cc 100644 --- a/user_guide_src/source/general/common_functions.rst +++ b/user_guide_src/source/general/common_functions.rst @@ -63,7 +63,7 @@ loading any libraries or helpers. .. function:: config_item($key) :param string $key: Config item key - :returns: Configuration key value or FALSE if not found + :returns: Configuration key value or NULL if not found :rtype: mixed The :doc:`Config Library <../libraries/config>` is the preferred way of diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 6915fafe2..81340e6ad 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -158,6 +158,10 @@ Step 10: Many functions now return NULL instead of FALSE on missing items Many methods and functions now return NULL instead of FALSE when the required items don't exist: + - :doc:`Common functions <../general/common_functions>` + + - config_item() + - :doc:`Config Class <../libraries/config>` - config->item() -- cgit v1.2.3-24-g4f1b