From d63e40138e675df40f3a17e04972e82e7a748307 Mon Sep 17 00:00:00 2001 From: Kevin Cupp Date: Sun, 5 Feb 2012 14:14:32 -0500 Subject: Adding in a few 503 status codes for common errors in response to this ExpressionEngine bug about errors getting cached by reverse proxies who cache 200 responses: http://expressionengine.com/bug_tracker/bug/17420 --- index.php | 2 ++ system/core/Common.php | 3 +++ system/core/Input.php | 1 + 3 files changed, 6 insertions(+) diff --git a/index.php b/index.php index 1712a7d66..a37826690 100644 --- a/index.php +++ b/index.php @@ -218,6 +218,7 @@ if (defined('ENVIRONMENT')) { if ( ! is_dir(BASEPATH.$application_folder.'/')) { + header('HTTP/1.1 503 Service Unavailable.', TRUE, '503'); exit('Your application folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF); } @@ -233,6 +234,7 @@ if (defined('ENVIRONMENT')) { if ( ! is_dir(APPPATH.'views/')) { + header('HTTP/1.1 503 Service Unavailable.', TRUE, '503'); exit('Your view folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF); } diff --git a/system/core/Common.php b/system/core/Common.php index 2f9c4ff43..225227d17 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -177,6 +177,7 @@ if ( ! function_exists('load_class')) { // Note: We use exit() rather then show_error() in order to avoid a // self-referencing loop with the Excptions class + set_status_header(503); exit('Unable to locate the specified class: '.$class.'.php'); } @@ -243,6 +244,7 @@ if ( ! function_exists('get_config')) // Fetch the config file if ( ! file_exists($file_path)) { + set_status_header(503); exit('The configuration file does not exist.'); } @@ -251,6 +253,7 @@ if ( ! function_exists('get_config')) // Does the $config array exist in the file? if ( ! isset($config) OR ! is_array($config)) { + set_status_header(503); exit('Your config file does not appear to be formatted correctly.'); } diff --git a/system/core/Input.php b/system/core/Input.php index 7a16e51ab..3339d97c5 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -592,6 +592,7 @@ class CI_Input { { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { + set_status_header(503); exit('Disallowed Key Characters.'); } -- cgit v1.2.3-24-g4f1b From 9448afb6da995098ce4ca2d24eb3d82b26434b4b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Feb 2012 19:49:19 +0200 Subject: Fix CI_Input::is_ajax_request() --- system/core/Input.php | 66 ++++++++++++++++--------------------- user_guide_src/source/changelog.rst | 1 + 2 files changed, 30 insertions(+), 37 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index 3339d97c5..670f7a11f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Input Class * @@ -152,7 +150,7 @@ class CI_Input { public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_GET)) + if ($index === NULL && ! empty($_GET)) { $get = array(); @@ -179,7 +177,7 @@ class CI_Input { public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_POST)) + if ($index === NULL && ! empty($_POST)) { $post = array(); @@ -206,9 +204,9 @@ class CI_Input { */ public function get_post($index = '', $xss_clean = FALSE) { - return ( ! isset($_POST[$index])) - ? $this->get($index, $xss_clean) - : $this->post($index, $xss_clean); + return isset($_POST[$index]) + ? $this->post($index, $xss_clean) + : $this->get($index, $xss_clean); } // -------------------------------------------------------------------- @@ -256,19 +254,19 @@ class CI_Input { } } - if ($prefix == '' AND config_item('cookie_prefix') != '') + if ($prefix == '' && config_item('cookie_prefix') != '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' AND config_item('cookie_domain') != '') + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } - if ($path == '/' AND config_item('cookie_path') != '/') + if ($path == '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE AND config_item('cookie_secure') != FALSE) + if ($secure == FALSE && config_item('cookie_secure') != FALSE) { $secure = config_item('cookie_secure'); } @@ -320,11 +318,11 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif ($this->server('REMOTE_ADDR') && $this->server('HTTP_CLIENT_IP')) { $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } @@ -414,7 +412,7 @@ class CI_Input { return $this->user_agent; } - return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; + return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : FALSE; } // -------------------------------------------------------------------- @@ -469,19 +467,16 @@ class CI_Input { { $_GET = array(); } - else + elseif (is_array($_GET) && count($_GET) > 0) { - if (is_array($_GET) AND count($_GET) > 0) + foreach ($_GET as $key => $val) { - foreach ($_GET as $key => $val) - { - $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); - } + $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } } // Clean $_POST Data - if (is_array($_POST) AND count($_POST) > 0) + if (is_array($_POST) && count($_POST) > 0) { foreach ($_POST as $key => $val) { @@ -490,7 +485,7 @@ class CI_Input { } // Clean $_COOKIE Data - if (is_array($_COOKIE) AND count($_COOKIE) > 0) + if (is_array($_COOKIE) && count($_COOKIE) > 0) { // Also get rid of specially treated cookies that might be set by a server // or silly application, that are of no use to a CI application anyway @@ -568,7 +563,7 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE) { return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } @@ -625,7 +620,7 @@ class CI_Input { } else { - $headers['Content-Type'] = (isset($_SERVER['CONTENT_TYPE'])) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { @@ -655,9 +650,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers - * @param boolean XSS Clean or not - * @return mixed FALSE on failure, string on success + * @param string array key for $this->headers + * @param bool XSS Clean or not + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { @@ -671,12 +666,9 @@ class CI_Input { return FALSE; } - if ($xss_clean === TRUE) - { - return $this->security->xss_clean($this->headers[$index]); - } - - return $this->headers[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($this->headers[$index]) + : $this->headers[$index]; } // -------------------------------------------------------------------- @@ -686,11 +678,11 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @return boolean + * @return bool */ public function is_ajax_request() { - return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest'); + return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'); } // -------------------------------------------------------------------- @@ -700,11 +692,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @return boolean + * @return bool */ public function is_cli_request() { - return (php_sapi_name() === 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli' OR defined('STDIN')); } } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index c9354dea4..385eb4825 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -101,6 +101,7 @@ Bug fixes for 3.0 - Fixed a bug (#904) - ``CI_Loader::initialize()`` caused a PHP Fatal error to be triggered if error level E_STRICT is used. - Fixed a hosting edge case where an empty $_SERVER['HTTPS'] variable would evaluate to 'on' - Fixed a bug (#154) - ``CI_Session::sess_update()`` caused the session to be destroyed on pages where multiple AJAX requests were executed at once. +- Fixed a possible bug in ``CI_Input::is_ajax_request()`` where some clients might not send the X-Requested-With HTTP header value exactly as 'XmlHttpRequest'. Version 2.1.0 ============= -- cgit v1.2.3-24-g4f1b From 773e117f0bfd103116397d26f0ea1d1854de5ca8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Feb 2012 23:02:19 +0200 Subject: Remove a few spaces --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index 670f7a11f..ee15f4013 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -650,9 +650,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers + * @param string array key for $this->headers * @param bool XSS Clean or not - * @return mixed FALSE on failure, string on success + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { -- cgit v1.2.3-24-g4f1b