From 8cf7d86ede61a5b16c12acf6269996623ae903e5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 1 May 2018 04:21:29 +0300 Subject: [ci skip] Close #5487 --- system/libraries/Session/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 9e762745f..aa1fafb5b 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -604,7 +604,7 @@ class CI_Session { // ------------------------------------------------------------------------ /** - * Unmark flash + * Unmark temp * * @param mixed $key Session data key(s) * @return void -- cgit v1.2.3-24-g4f1b From aa27dc0fd00d14456607da341df7493f0170abaa Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 1 Jun 2018 17:48:25 +0300 Subject: Merge pull request #5516 from wpyh/patch-1 Use Config::base_url() properly --- system/helpers/html_helper.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/helpers/html_helper.php b/system/helpers/html_helper.php index 5cec4597b..260afe9a2 100644 --- a/system/helpers/html_helper.php +++ b/system/helpers/html_helper.php @@ -200,7 +200,7 @@ if ( ! function_exists('img')) } else { - $img .= ' src="'.get_instance()->config->slash_item('base_url').$v.'"'; + $img .= ' src="'.get_instance()->config->base_url($v).'"'; } } else @@ -292,7 +292,7 @@ if ( ! function_exists('link_tag')) } else { - $link .= 'href="'.$CI->config->slash_item('base_url').$v.'" '; + $link .= 'href="'.$CI->config->base_url($v).'" '; } } else @@ -313,7 +313,7 @@ if ( ! function_exists('link_tag')) } else { - $link .= 'href="'.$CI->config->slash_item('base_url').$href.'" '; + $link .= 'href="'.$CI->config->base_url($href).'" '; } $link .= 'rel="'.$rel.'" type="'.$type.'" '; -- cgit v1.2.3-24-g4f1b From d248db4e71c97da0d03d717601fef3c58efebad6 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 1 Jun 2018 17:51:29 +0300 Subject: [ci skip] Add changelog entry for #5516 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index d2033ac39..f03794e78 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -20,6 +20,7 @@ Bug fixes for 3.1.9 - Fixed a regression (#5448) - :doc:`Query Builder ` methods ``like()``, ``or_like()`` (and siblings) didn't apply *dbprefix* or identifier escaping. - Fixed a regression (#5462) - :doc:`Query Builder ` methods ``like()``, ``or_like()`` (and siblings) produced incorrect SQL syntax when used with ``'before'`` as the third parameter. +- Fixed a bug (#5516) - :doc:`HTML Helper ` functions :php:func:`img()`, :php:func:`link_tag()` would output results with double slashes if a prefix slash was included in their path inputs. Version 3.1.8 ============= -- cgit v1.2.3-24-g4f1b From 246a9fae4138ffcc20889729cc9e6acf03abf005 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 4 Jun 2018 17:01:29 +0300 Subject: [ci skip] Merge pull request #5512 from gxgpet/develop mimes.php: 7z file types changes --- application/config/mimes.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/config/mimes.php b/application/config/mimes.php index 017653335..0ec9db0a0 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -155,7 +155,8 @@ return array( 'ics' => 'text/calendar', 'ical' => 'text/calendar', 'zsh' => 'text/x-scriptzsh', - '7zip' => array('application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'), + '7z' => array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'), + '7zip' => array('application/x-7z-compressed', 'application/x-compressed', 'application/x-zip-compressed', 'application/zip', 'multipart/x-zip'), 'cdr' => array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'), 'wma' => array('audio/x-ms-wma', 'video/x-ms-asf'), 'jar' => array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'), -- cgit v1.2.3-24-g4f1b From 6ec8737d96312be99f1e3b6dffaab584cc6204d4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 4 Jun 2018 17:04:51 +0300 Subject: [ci skip] Update upgrade instructions for PR #5512 --- user_guide_src/source/installation/upgrade_319.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/user_guide_src/source/installation/upgrade_319.rst b/user_guide_src/source/installation/upgrade_319.rst index 99a7347a0..3b8da3367 100644 --- a/user_guide_src/source/installation/upgrade_319.rst +++ b/user_guide_src/source/installation/upgrade_319.rst @@ -12,3 +12,10 @@ Replace all files and directories in your *system/* directory. .. note:: If you have any custom developed files in these directories, please make copies of them first. + +******************************** +Step 3: Replace config/mimes.php +******************************** + +This config file has received some updates. Please copy it to +*application/config/mimes.php*. -- cgit v1.2.3-24-g4f1b From 32f8c936898a3619f225f614d03b1cdf7a7e2750 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Jun 2018 16:25:44 +0300 Subject: Merge pull request #5510 from johndekroon/develop Only use the output of idn_to_ascii() if it worked properly --- system/libraries/Email.php | 12 ++++++++++-- system/libraries/Form_validation.php | 6 +++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/system/libraries/Email.php b/system/libraries/Email.php index a53e7e72a..cd74d6da1 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1038,7 +1038,11 @@ class CI_Email { $domain = defined('INTL_IDNA_VARIANT_UTS46') ? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46) : idn_to_ascii($domain); - $email = $account.'@'.$domain; + + if ($domain !== FALSE) + { + $email = $account.'@'.$domain; + } } return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); @@ -1859,7 +1863,11 @@ class CI_Email { $domain = defined('INTL_IDNA_VARIANT_UTS46') ? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46) : idn_to_ascii($domain); - $email = $account.'@'.$domain; + + if ($domain !== FALSE) + { + $email = $account.'@'.$domain; + } } return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email)); diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 6a97ee599..27187df2c 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1234,7 +1234,11 @@ class CI_Form_validation { $domain = defined('INTL_IDNA_VARIANT_UTS46') ? idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46) : idn_to_ascii($matches[2]); - $str = $matches[1].'@'.$domain; + + if ($domain !== FALSE) + { + $str = $matches[1].'@'.$domain; + } } return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); -- cgit v1.2.3-24-g4f1b From 4d3fea4a628e7a9bc03192fb1a6e2e971f3f9d46 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Jun 2018 16:37:02 +0300 Subject: [ci skip] Add a changelog entry for PR #5510 --- user_guide_src/source/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index f03794e78..007e01cd8 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -14,6 +14,7 @@ Release Date: Not Released - General Changes - Updated :doc:`Query Builder ` method ``limit()`` to allow ``0`` values. + - Updated :doc:`Email Library ` and :doc:`Form Validation Library ` to discard the results of failed ``idn_to_ascii()`` calls while validating e-mail addresses. Bug fixes for 3.1.9 ------------------- -- cgit v1.2.3-24-g4f1b From a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Jun 2018 16:40:12 +0300 Subject: [ci skip] Prepare 3.1.9 release --- system/core/CodeIgniter.php | 2 +- system/libraries/Session/Session_driver.php | 17 ++++++++++++++ .../Session/drivers/Session_database_driver.php | 26 ++++++++++++++++++++++ .../Session/drivers/Session_files_driver.php | 18 +++++++++++++++ .../Session/drivers/Session_memcached_driver.php | 19 ++++++++++++++++ .../Session/drivers/Session_redis_driver.php | 18 +++++++++++++++ user_guide_src/source/changelog.rst | 3 ++- user_guide_src/source/conf.py | 4 ++-- user_guide_src/source/installation/downloads.rst | 2 +- 9 files changed, 104 insertions(+), 5 deletions(-) diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index c5aab6259..7b1dcc2f1 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @var string * */ - const CI_VERSION = '3.1.9-dev'; + const CI_VERSION = '3.1.9'; /* * ------------------------------------------------------ diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index bef5ee41f..2fe30b8a2 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -112,6 +112,23 @@ abstract class CI_Session_driver implements SessionHandlerInterface { // ------------------------------------------------------------------------ + /** + * PHP 5.x validate ID + * + * Enforces session.use_strict_mode on PHP 5.x (7+ does it by itself) + * + * @return void + */ + public function php5_validate_id() + { + if (PHP_VERSION_ID < 70000 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']])) + { + unset($_COOKIE[$this->_config['cookie_name']]); + } + } + + // ------------------------------------------------------------------------ + /** * Cookie destroy * diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index ae7a1b4a1..074accfe7 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -133,6 +133,8 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan return $this->_fail(); } + $this->php5_validate_id(); + return $this->_success; } @@ -340,6 +342,30 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan : $this->_fail(); } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + + $this->_db->select('1')->from($this->_config['save_path'])->where('id', $id); + empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); + $result = $this->_db->get(); + empty($result) OR $result = $result->row(); + + return ! empty($result); + } + // ------------------------------------------------------------------------ /** diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index c6d789aae..654f30010 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -148,6 +148,8 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle .$name // we'll use the session cookie name as a prefix to avoid collisions .($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : ''); + $this->php5_validate_id(); + return $this->_success; } @@ -391,6 +393,22 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle // -------------------------------------------------------------------- + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + return is_file($this->_file_path.$id); + } + + // -------------------------------------------------------------------- + /** * Byte-safe strlen() * diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index b109738c2..7d8e39022 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -145,6 +145,8 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa return $this->_fail(); } + $this->php5_validate_id(); + return $this->_success; } @@ -290,6 +292,23 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa return $this->_success; } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + $this->_memcached-get($this->_key_prefix.$id); + return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS); + } + // ------------------------------------------------------------------------ /** diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index 413c30d67..d7a57550a 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -153,6 +153,8 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle return $this->_success; } + $this->php5_validate_id(); + return $this->_fail(); } @@ -310,6 +312,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle return $this->_success; } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + return (bool) $this->_redis->exists($this->_key_prefix.$id); + } + // ------------------------------------------------------------------------ /** diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 007e01cd8..512480969 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -5,11 +5,12 @@ Change Log Version 3.1.9 ============= -Release Date: Not Released +Release Date: Jun 12, 2018 - **Security** - Updated :doc:`URL Helper ` function :php:func:`auto_link()` to add ``rel="noopener"`` to generated links in order to prevent tab hijacking. + - Fixed a possible session fixation vulnerability where the :doc:`Session Library ` enabled ``session.use_strict_mode`` but it didn't actually do anything (thanks to Aamer Shah, Prasanna Kumar). - General Changes diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index 7e1e52035..e396217de 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -48,9 +48,9 @@ copyright = u'2014 - 2018, British Columbia Institute of Technology' # built documents. # # The short X.Y version. -version = '3.1.9-dev' +version = '3.1.9' # The full version, including alpha/beta/rc tags. -release = '3.1.9-dev' +release = '3.1.9' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst index 6147f4dfd..e2c764c82 100644 --- a/user_guide_src/source/installation/downloads.rst +++ b/user_guide_src/source/installation/downloads.rst @@ -2,7 +2,7 @@ Downloading CodeIgniter ####################### -- `CodeIgniter v3.1.9-dev (Current version) `_ +- `CodeIgniter v3.1.9 (Current version) `_ - `CodeIgniter v3.1.8 `_ - `CodeIgniter v3.1.7 `_ - `CodeIgniter v3.1.6 `_ -- cgit v1.2.3-24-g4f1b From 44f53fb063eed55c79d31d0d19eef7ba973b6054 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Jun 2018 16:54:47 +0300 Subject: [ci skip] Mark the start of 3.1.10 development --- system/core/CodeIgniter.php | 2 +- user_guide_src/source/changelog.rst | 5 +++++ user_guide_src/source/conf.py | 4 ++-- user_guide_src/source/installation/downloads.rst | 3 ++- user_guide_src/source/installation/upgrade_3110.rst | 14 ++++++++++++++ user_guide_src/source/installation/upgrading.rst | 1 + 6 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 user_guide_src/source/installation/upgrade_3110.rst diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 7b1dcc2f1..b4e41c86a 100644 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @var string * */ - const CI_VERSION = '3.1.9'; + const CI_VERSION = '3.1.10-dev'; /* * ------------------------------------------------------ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 512480969..4780505f5 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -2,6 +2,11 @@ Change Log ########## +Version 3.1.10 +============== + + + Version 3.1.9 ============= diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index e396217de..35b732693 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -48,9 +48,9 @@ copyright = u'2014 - 2018, British Columbia Institute of Technology' # built documents. # # The short X.Y version. -version = '3.1.9' +version = '3.1.10-dev' # The full version, including alpha/beta/rc tags. -release = '3.1.9' +release = '3.1.10-dev' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/user_guide_src/source/installation/downloads.rst b/user_guide_src/source/installation/downloads.rst index e2c764c82..5407e44e1 100644 --- a/user_guide_src/source/installation/downloads.rst +++ b/user_guide_src/source/installation/downloads.rst @@ -2,7 +2,8 @@ Downloading CodeIgniter ####################### -- `CodeIgniter v3.1.9 (Current version) `_ +- `CodeIgniter v3.1.10-dev (Current version) `_ +- `CodeIgniter v3.1.9 `_ - `CodeIgniter v3.1.8 `_ - `CodeIgniter v3.1.7 `_ - `CodeIgniter v3.1.6 `_ diff --git a/user_guide_src/source/installation/upgrade_3110.rst b/user_guide_src/source/installation/upgrade_3110.rst new file mode 100644 index 000000000..a19f1e68e --- /dev/null +++ b/user_guide_src/source/installation/upgrade_3110.rst @@ -0,0 +1,14 @@ +############################## +Upgrading from 3.1.9 to 3.1.10 +############################## + +Before performing an update you should take your site offline by +replacing the index.php file with a static one. + +Step 1: Update your CodeIgniter files +===================================== + +Replace all files and directories in your *system/* directory. + +.. note:: If you have any custom developed files in these directories, + please make copies of them first. diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst index 95525a7c6..c35cc05ff 100644 --- a/user_guide_src/source/installation/upgrading.rst +++ b/user_guide_src/source/installation/upgrading.rst @@ -8,6 +8,7 @@ upgrading from. .. toctree:: :titlesonly: + Upgrading from 3.1.9 to 3.1.10 Upgrading from 3.1.8 to 3.1.9 Upgrading from 3.1.7 to 3.1.8 Upgrading from 3.1.6 to 3.1.7 -- cgit v1.2.3-24-g4f1b