From f9fbf1187516363a48fe2fe7bc33d00ae11f134f Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Fri, 6 Feb 2015 09:21:07 +0100 Subject: Update Input.php Added support for json input stream. (Not tested) --- system/core/Input.php | 55 ++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 9 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index 72425c1c1..3024fca78 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -103,6 +103,14 @@ class CI_Input { */ protected $headers = array(); + /** + * Raw input stream data + * + * @see CI_Input::input_stream() + * @var array + */ + protected $_raw_input_stream = NULL; + /** * Input stream data * @@ -111,7 +119,7 @@ class CI_Input { * @see CI_Input::input_stream() * @var array */ - protected $_input_stream = NULL; + protected $_input_stream = NULL; // Kept for backward compatible. /** * Class constructor @@ -298,6 +306,25 @@ class CI_Input { // ------------------------------------------------------------------------ + /** + * Fetch raw data from php://input stream + * + * Useful when data is not an array and might contain = and & symbols. + */ + public function raw_input_stream() + { + // Prior to PHP 5.6, the input stream can only be read once, + // so we'll need to check if we have already done that first. + if (is_null($this->_raw_input_stream)) + { + $this->_raw_input_stream = file_get_contents('php://input'); + } + + return $this->_raw_input_stream; + } + + // ------------------------------------------------------------------------ + /** * Fetch an item from the php://input stream * @@ -309,16 +336,26 @@ class CI_Input { */ public function input_stream($index = NULL, $xss_clean = NULL) { - // Prior to PHP 5.6, the input stream can only be read once, - // so we'll need to check if we have already done that first. - if ( ! is_array($this->_input_stream)) - { - parse_str(file_get_contents('php://input'), $this->_input_stream); - is_array($this->_input_stream) OR $this->_input_stream = array(); - } - + parse_str($this->raw_input_stream(), $this->_input_stream); return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); } + + // ------------------------------------------------------------------------ + + /** + * Fetch an item from the php://input stream + * + * Useful when you need to access input that's been send as raw json data' + * + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ + public function json_input_stream($index = NULL, $xss_clean = NULL) + { + $json_input_stream = json_decode($this->raw_input_stream(), true); + return $this->_fetch_from_array($json_input_stream, $index, $xss_clean); + } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From a8c964c5a1d48d9a70ed5826a086e9eba9963cc9 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 19 Feb 2015 01:26:06 +0100 Subject: documentation changes --- system/core/Input.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index 3024fca78..f181c27ce 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -104,9 +104,9 @@ class CI_Input { protected $headers = array(); /** - * Raw input stream data + * Raw input stream data as received from php://input * - * @see CI_Input::input_stream() + * @see CI_Input::raw_input_stream() * @var array */ protected $_raw_input_stream = NULL; @@ -114,12 +114,12 @@ class CI_Input { /** * Input stream data * - * Parsed from php://input at runtime + * Parsed from raw_input_stream at runtime * * @see CI_Input::input_stream() * @var array */ - protected $_input_stream = NULL; // Kept for backward compatible. + protected $_input_stream = NULL; /** * Class constructor @@ -309,7 +309,7 @@ class CI_Input { /** * Fetch raw data from php://input stream * - * Useful when data is not an array and might contain = and & symbols. + * Useful when data is not an array. */ public function raw_input_stream() { @@ -326,7 +326,7 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Fetch an item from the php://input stream + * Fetch an item from the input stream * * Useful when you need to access PUT, DELETE or PATCH request data. * @@ -343,9 +343,9 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Fetch an item from the php://input stream + * Fetch an item from the input stream * - * Useful when you need to access input that's been send as raw json data' + * Useful when you need to access input that's been send as json' * * @param string $index Index for item to be fetched * @param bool $xss_clean Whether to apply XSS filtering -- cgit v1.2.3-24-g4f1b From faf8fb3f88242a4c2b89d8cf61cb91d1b2b911fe Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Feb 2015 17:15:06 +0200 Subject: Allow failures for ext/mysql on PHP 5.5+ --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index 4f560442b..c98b45efb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,6 +31,10 @@ matrix: allow_failures: - php: 5.2 - php: hhvm + - php: 5.5 + env: DB=mysql + - php: 5.6 + env: DB=mysql exclude: - php: hhvm env: DB=pgsql -- cgit v1.2.3-24-g4f1b From 03bafe99fe982dbff7adc9e7ef04c55ec3a32fcb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Feb 2015 17:22:14 +0200 Subject: Revert last commit & just ignore E_DEPRECATED --- .travis.yml | 4 ---- tests/codeigniter/database/DB_test.php | 8 ++++++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index c98b45efb..4f560442b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,10 +31,6 @@ matrix: allow_failures: - php: 5.2 - php: hhvm - - php: 5.5 - env: DB=mysql - - php: 5.6 - env: DB=mysql exclude: - php: hhvm env: DB=pgsql diff --git a/tests/codeigniter/database/DB_test.php b/tests/codeigniter/database/DB_test.php index d5a9369e6..dc4fae986 100644 --- a/tests/codeigniter/database/DB_test.php +++ b/tests/codeigniter/database/DB_test.php @@ -26,6 +26,14 @@ class DB_test extends CI_TestCase { { $config = Mock_Database_DB::config(DB_DRIVER); $connection = new Mock_Database_DB($config); + + // E_DEPRECATED notices thrown by mysql_connect(), mysql_pconnect() + // on PHP 5.5+ cause the tests to fail + if (DB_DRIVER === 'mysql' && version_compare(PHP_VERSION, '5.5', '>=')) + { + error_reporting(E_ALL & ~E_DEPRECATED); + } + $db = Mock_Database_DB::DB($connection->set_dsn(DB_DRIVER), TRUE); $this->assertTrue($db instanceof CI_DB); -- cgit v1.2.3-24-g4f1b From c749bfbca99291fe64ca98d45a20d0735cb4e461 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 20 Feb 2015 15:14:14 +0200 Subject: [ci skip] Fix where_in() docs --- user_guide_src/source/database/query_builder.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/user_guide_src/source/database/query_builder.rst b/user_guide_src/source/database/query_builder.rst index fa1e90353..9b4694710 100644 --- a/user_guide_src/source/database/query_builder.rst +++ b/user_guide_src/source/database/query_builder.rst @@ -1221,7 +1221,7 @@ Class Reference :param string $key: The field to search :param array $values: The values searched on - :param boolean $escape: Whether to escape values and identifiers + :param boolean $escape: Whether to escape identifiers :returns: DB_query_builder instance :rtype: object @@ -1232,7 +1232,7 @@ Class Reference :param string $key: The field to search :param array $values: The values searched on - :param boolean $escape: Whether to escape values and identifiers + :param boolean $escape: Whether to escape identifiers :returns: DB_query_builder instance :rtype: object @@ -1243,7 +1243,7 @@ Class Reference :param string $key: Name of field to examine :param array $values: Array of target values - :param boolean $escape: Whether to escape values and identifiers + :param boolean $escape: Whether to escape identifiers :returns: DB_query_builder instance :rtype: object @@ -1254,7 +1254,7 @@ Class Reference :param string $key: Name of field to examine :param array $values: Array of target values - :param boolean $escape: Whether to escape values and identifiers + :param boolean $escape: Whether to escape identifiers :returns: DB_query_builder instance :rtype: object -- cgit v1.2.3-24-g4f1b From cd99fb66967892900a1d2291c643058b1f9166c5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 20 Feb 2015 15:50:48 +0200 Subject: [ci skip] Tiny detail in 3.0.0 upgrade path --- user_guide_src/source/installation/upgrade_300.rst | 2 +- user_guide_src/source/installation/upgrading.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 73ed0f4c3..7cb94518d 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -1,5 +1,5 @@ ############################# -Upgrading from 2.2.1 to 3.0.0 +Upgrading from 2.2.x to 3.0.0 ############################# .. note:: These upgrade notes are for a version that is yet to be released. diff --git a/user_guide_src/source/installation/upgrading.rst b/user_guide_src/source/installation/upgrading.rst index ab36e9bfd..89e90e714 100644 --- a/user_guide_src/source/installation/upgrading.rst +++ b/user_guide_src/source/installation/upgrading.rst @@ -8,7 +8,7 @@ upgrading from. .. toctree:: :titlesonly: - Upgrading from 2.2.1 to 3.0.0 + Upgrading from 2.2.x to 3.0.0 Upgrading from 2.2.0 to 2.2.1 Upgrading from 2.1.4 to 2.2.0 Upgrading from 2.1.3 to 2.1.4 -- cgit v1.2.3-24-g4f1b From 0b5569f11b9eab01e3b1571eb6012308a3868f01 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Fri, 20 Feb 2015 17:56:55 +0100 Subject: Added support for raw_input_stream property. --- system/core/Input.php | 81 +++++++++++-------------------- user_guide_src/source/changelog.rst | 2 + user_guide_src/source/libraries/input.rst | 10 +++- 3 files changed, 38 insertions(+), 55 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index f181c27ce..97884d309 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -103,22 +103,16 @@ class CI_Input { */ protected $headers = array(); - /** - * Raw input stream data as received from php://input - * - * @see CI_Input::raw_input_stream() - * @var array - */ protected $_raw_input_stream = NULL; /** - * Input stream data - * - * Parsed from raw_input_stream at runtime - * - * @see CI_Input::input_stream() - * @var array - */ + * Input stream data + * + * Parsed from php://input at runtime + * + * @see CI_Input::input_stream() + * @var array + */ protected $_input_stream = NULL; /** @@ -307,54 +301,35 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Fetch raw data from php://input stream - * - * Useful when data is not an array. - */ - public function raw_input_stream() + * Fetch an item from the php://input stream + * + * Useful when you need to access PUT, DELETE or PATCH request data. + * + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ + public function input_stream($index = NULL, $xss_clean = NULL) { - // Prior to PHP 5.6, the input stream can only be read once, - // so we'll need to check if we have already done that first. - if (is_null($this->_raw_input_stream)) + // Prior to PHP 5.6, the input stream can only be read once, + // so we'll need to check if we have already done that first. + if ( ! is_array($this->_input_stream)) { - $this->_raw_input_stream = file_get_contents('php://input'); + parse_str($this->raw_input_stream, $this->_input_stream); + is_array($this->_input_stream) OR $this->_input_stream = array(); } - - return $this->_raw_input_stream; - } - - // ------------------------------------------------------------------------ - - /** - * Fetch an item from the input stream - * - * Useful when you need to access PUT, DELETE or PATCH request data. - * - * @param string $index Index for item to be fetched - * @param bool $xss_clean Whether to apply XSS filtering - * @return mixed - */ - public function input_stream($index = NULL, $xss_clean = NULL) - { - parse_str($this->raw_input_stream(), $this->_input_stream); return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); } - + // ------------------------------------------------------------------------ - /** - * Fetch an item from the input stream - * - * Useful when you need to access input that's been send as json' - * - * @param string $index Index for item to be fetched - * @param bool $xss_clean Whether to apply XSS filtering - * @return mixed - */ - public function json_input_stream($index = NULL, $xss_clean = NULL) + public function __get($name) { - $json_input_stream = json_decode($this->raw_input_stream(), true); - return $this->_fetch_from_array($json_input_stream, $index, $xss_clean); + if ($name === 'raw_input_stream') + { + isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); + return $this->_raw_input_stream; + } } // ------------------------------------------------------------------------ diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 5c5cd5e54..311aec20b 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -492,6 +492,8 @@ Release Date: Not Released - Added an option for ``_clean_input_keys()`` to return FALSE instead of terminating the whole script. - Deprecated the ``is_cli_request()`` method, it is now an alias for the new :php:func:`is_cli()` common function. - Added an ``$xss_clean`` parameter to method ``user_agent()`` and removed the ``$user_agent`` property. + - Added gettable property ``raw_input_stream`` to access the **php://input** data. + - Changed method ``input_stream()`` to obtain the data from ``raw_input_stream`` property. - :doc:`Common functions ` changes include: diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 967f69d13..2b71b348a 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -91,8 +91,14 @@ the ``$_POST`` array, because it will always exist and you can try and access multiple variables without caring that you might only have one shot at all of the POST data. -CodeIgniter will take care of that for you, and you can access data -from the **php://input** stream at any time, just by calling the +CodeIgniter will take care of that for you, and you can read the data +from the **php://input** stream at any time, just by using the +``raw_input_stream`` property:: + + $this->input->raw_input_stream; + +Additionally if the input stream is formated in a query string fashion +you can access it's values, just by calling the ``input_stream()`` method:: $this->input->input_stream('key'); -- cgit v1.2.3-24-g4f1b From c519b26d78edb21fd189e73f0feb12690aa34f2d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Feb 2015 19:20:03 +0200 Subject: Fix #3610 --- system/libraries/Session/drivers/Session_files_driver.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index 5852277e8..74528e9d2 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -299,7 +299,9 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle { if ($this->close()) { - return unlink($this->_file_path.$session_id) && $this->_cookie_destroy(); + return file_exists($this->_file_path.$session_id) + ? (unlink($this->_file_path.$session_id) && $this->_cookie_destroy()) + : TRUE; } elseif ($this->_file_path !== NULL) { -- cgit v1.2.3-24-g4f1b From 18c33eedd7b3cfb31f4bea728bc0fa43e15f4dbc Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Feb 2015 19:43:40 +0200 Subject: [ci skip] Update static pages tutorial --- user_guide_src/source/tutorial/static_pages.rst | 105 ++++++++++++------------ 1 file changed, 52 insertions(+), 53 deletions(-) diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index 8ba0486c1..53f286473 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -11,12 +11,16 @@ static pages. A controller is simply a class that helps delegate work. It is the glue of your web application. For example, when a call is made to: -``http://example.com/news/latest/10`` We might imagine that there is a -controller named "news". The method being called on news would be -"latest". The news method's job could be to grab 10 news items, and -render them on the page. Very often in MVC, you'll see URL patterns that -match: -``http://example.com/[controller-class]/[controller-method]/[arguments]`` + + http://example.com/news/latest/10 + +We might imagine that there is a controller named "news". The method +being called on news would be "latest". The news method's job could be to +grab 10 news items, and render them on the page. Very often in MVC, +you'll see URL patterns that match: + + http://example.com/[controller-class]/[controller-method]/[arguments] + As URL schemes become more complex, this may change. But for now, this is all we will need to know. @@ -25,15 +29,13 @@ code. :: - - - CodeIgniter Tutorial - - + + + CodeIgniter Tutorial + + -

CodeIgniter Tutorial

+

CodeIgniter Tutorial

The header contains the basic HTML code that you'll want to display before loading the main view, together with a heading. It will also @@ -72,16 +74,16 @@ includes the following code: :: - © 2014 - - + © 2014 + + Adding logic to the controller ------------------------------ -Earlier you set up a controller with a view() method. The method accepts -one parameter, which is the name of the page to be loaded. The static -page templates will be located in the application/views/pages/ +Earlier you set up a controller with a ``view()`` method. The method +accepts one parameter, which is the name of the page to be loaded. The +static page templates will be located in the application/views/pages/ directory. In that directory, create two files named home.php and about.php. Within @@ -93,43 +95,40 @@ page actually exists: :: - load->view('templates/header', $data); - $this->load->view('pages/'.$page, $data); - $this->load->view('templates/footer', $data); - - } + public function view($page = 'home') + { + if ( ! file_exists(APPPATH.'/views/pages/'.$page.'.php')) + { + // Whoops, we don't have a page for that! + show_404(); + } + + $data['title'] = ucfirst($page); // Capitalize the first letter + + $this->load->view('templates/header', $data); + $this->load->view('pages/'.$page, $data); + $this->load->view('templates/footer', $data); + } Now, when the page does exist, it is loaded, including the header and footer, and displayed to the user. If the page doesn't exist, a "404 Page not found" error is shown. The first line in this method checks whether the page actually exists. -PHP's native file\_exists() function is used to check whether the file -is where it's expected to be. show\_404() is a built-in CodeIgniter +PHP's native ``file_exists()`` function is used to check whether the file +is where it's expected to be. ``show_404()`` is a built-in CodeIgniter function that renders the default error page. -In the header template, the $title variable was used to customize the +In the header template, the ``$title`` variable was used to customize the page title. The value of title is defined in this method, but instead of assigning the value to a variable, it is assigned to the title element in the $data array. The last thing that has to be done is loading the views in the order -they should be displayed. The second parameter in the view() method is -used to pass values to the view. Each value in the $data array is +they should be displayed. The second parameter in the ``view()`` method is +used to pass values to the view. Each value in the ``$data`` array is assigned to a variable with the name of its key. So the value of -$data['title'] in the controller is equivalent to $title in the view. +``$data['title']`` in the controller is equivalent to $title in the view. Routing ------- @@ -149,8 +148,8 @@ all other code that sets any element in the $route array. :: - $route['default_controller'] = 'pages/view'; - $route['(:any)'] = 'pages/view/$1'; + $route['default_controller'] = 'pages/view'; + $route['(:any)'] = 'pages/view/$1'; CodeIgniter reads its routing rules from top to bottom and routes the request to the first matching rule. Each rule is a regular expression @@ -163,8 +162,8 @@ More information about routing can be found in the URI Routing `documentation <../general/routing.html>`_. Here, the second rule in the $routes array matches **any** request using -the wildcard string (:any). and passes the parameter to the view() +the wildcard string (:any). and passes the parameter to the ``view()`` method of the pages class. -Now visit index.php/about. Did it get routed correctly to the view() +Now visit index.php/about. Did it get routed correctly to the ``view()`` method in the pages controller? Awesome! -- cgit v1.2.3-24-g4f1b From 42c01bdff6beb40c291eb236c891ab5ae13b4ba5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Feb 2015 19:44:05 +0200 Subject: [ci skip] Fix a changelog entry --- user_guide_src/source/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 8f77f368f..b1c506715 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -768,7 +768,7 @@ Bug fixes for 3.0 - Fixed a bug (#3161) - :doc:`Cache Library ` methods `increment()`, `decrement()` didn't auto-create non-existent items when using redis and/or file storage. - Fixed a bug (#3189) - :doc:`Parser Library ` used double replacement on ``key->value`` pairs, exposing a potential template injection vulnerability. - Fixed a bug (#3573) - :doc:`Email Library ` violated `RFC5321 `_ by sending 'localhost.localdomain' as a hostname. -- Fixed a bug (#3572) - :doc:`CI_Security::_remove_evil_attributes()` failed for large-sized inputs due to *pcre.backtrack_limit* and didn't properly match HTML tags. +- Fixed a bug (#3572) - ``CI_Security::_remove_evil_attributes()`` failed for large-sized inputs due to *pcre.backtrack_limit* and didn't properly match HTML tags. Version 2.2.1 ============= -- cgit v1.2.3-24-g4f1b From 1701ad24e7b52df9e0dd51ef7a9a4bb9a99f28bf Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Feb 2015 23:28:23 +0200 Subject: [ci skip] Fix wrong example link in news tutorial The current URI being 'news/' itself, combined with relative links ... --- user_guide_src/source/tutorial/news_section.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/tutorial/news_section.rst b/user_guide_src/source/tutorial/news_section.rst index 80938de32..f436b2510 100644 --- a/user_guide_src/source/tutorial/news_section.rst +++ b/user_guide_src/source/tutorial/news_section.rst @@ -151,7 +151,7 @@ and add the next piece of code.
-

View article

+

View article

-- cgit v1.2.3-24-g4f1b From bc834c327407184867f363ad58a24e6733a85b66 Mon Sep 17 00:00:00 2001 From: Fieah Date: Sun, 22 Feb 2015 17:08:35 +0800 Subject: Cache: is_supported 1. Cache_redis: Standardize the style as other driver. 2. Cache_wincache: Also check wincache.ucenabled --- system/libraries/Cache/drivers/Cache_redis.php | 8 +++----- system/libraries/Cache/drivers/Cache_wincache.php | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/system/libraries/Cache/drivers/Cache_redis.php b/system/libraries/Cache/drivers/Cache_redis.php index f2a41cc67..5236556d9 100644 --- a/system/libraries/Cache/drivers/Cache_redis.php +++ b/system/libraries/Cache/drivers/Cache_redis.php @@ -243,15 +243,13 @@ class CI_Cache_redis extends CI_Driver */ public function is_supported() { - if (extension_loaded('redis')) - { - return $this->_setup_redis(); - } - else + if ( ! extension_loaded('redis')) { log_message('debug', 'The Redis extension must be loaded to use Redis cache.'); return FALSE; } + + return $this->_setup_redis(); } // ------------------------------------------------------------------------ diff --git a/system/libraries/Cache/drivers/Cache_wincache.php b/system/libraries/Cache/drivers/Cache_wincache.php index 528b2b9bf..9cc6ff016 100644 --- a/system/libraries/Cache/drivers/Cache_wincache.php +++ b/system/libraries/Cache/drivers/Cache_wincache.php @@ -194,7 +194,7 @@ class CI_Cache_wincache extends CI_Driver { */ public function is_supported() { - if ( ! extension_loaded('wincache')) + if ( ! extension_loaded('wincache') OR ! ini_get('wincache.ucenabled')) { log_message('debug', 'The Wincache PHP extension must be loaded to use Wincache Cache.'); return FALSE; -- cgit v1.2.3-24-g4f1b From b4ebb39d68797466cac74f4c2c61ea1908ce61cd Mon Sep 17 00:00:00 2001 From: Fieah Date: Sun, 22 Feb 2015 23:55:15 +0800 Subject: Common.php: set_status_header: Improve 1. Verify $code before define $stati 2. Only convert $code to int and define $stati when needed, possibly can save some memory. --- system/core/Common.php | 91 +++++++++++++++++++++++++------------------------- 1 file changed, 45 insertions(+), 46 deletions(-) diff --git a/system/core/Common.php b/system/core/Common.php index 7035c18ff..ee5a705b2 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -497,59 +497,58 @@ if ( ! function_exists('set_status_header')) return; } - $stati = array( - 200 => 'OK', - 201 => 'Created', - 202 => 'Accepted', - 203 => 'Non-Authoritative Information', - 204 => 'No Content', - 205 => 'Reset Content', - 206 => 'Partial Content', - - 300 => 'Multiple Choices', - 301 => 'Moved Permanently', - 302 => 'Found', - 303 => 'See Other', - 304 => 'Not Modified', - 305 => 'Use Proxy', - 307 => 'Temporary Redirect', - - 400 => 'Bad Request', - 401 => 'Unauthorized', - 403 => 'Forbidden', - 404 => 'Not Found', - 405 => 'Method Not Allowed', - 406 => 'Not Acceptable', - 407 => 'Proxy Authentication Required', - 408 => 'Request Timeout', - 409 => 'Conflict', - 410 => 'Gone', - 411 => 'Length Required', - 412 => 'Precondition Failed', - 413 => 'Request Entity Too Large', - 414 => 'Request-URI Too Long', - 415 => 'Unsupported Media Type', - 416 => 'Requested Range Not Satisfiable', - 417 => 'Expectation Failed', - 422 => 'Unprocessable Entity', - - 500 => 'Internal Server Error', - 501 => 'Not Implemented', - 502 => 'Bad Gateway', - 503 => 'Service Unavailable', - 504 => 'Gateway Timeout', - 505 => 'HTTP Version Not Supported' - ); - if (empty($code) OR ! is_numeric($code)) { show_error('Status codes must be numeric', 500); } - is_int($code) OR $code = (int) $code; - if (empty($text)) { + is_int($code) OR $code = (int) $code; + $stati = array( + 200 => 'OK', + 201 => 'Created', + 202 => 'Accepted', + 203 => 'Non-Authoritative Information', + 204 => 'No Content', + 205 => 'Reset Content', + 206 => 'Partial Content', + + 300 => 'Multiple Choices', + 301 => 'Moved Permanently', + 302 => 'Found', + 303 => 'See Other', + 304 => 'Not Modified', + 305 => 'Use Proxy', + 307 => 'Temporary Redirect', + + 400 => 'Bad Request', + 401 => 'Unauthorized', + 403 => 'Forbidden', + 404 => 'Not Found', + 405 => 'Method Not Allowed', + 406 => 'Not Acceptable', + 407 => 'Proxy Authentication Required', + 408 => 'Request Timeout', + 409 => 'Conflict', + 410 => 'Gone', + 411 => 'Length Required', + 412 => 'Precondition Failed', + 413 => 'Request Entity Too Large', + 414 => 'Request-URI Too Long', + 415 => 'Unsupported Media Type', + 416 => 'Requested Range Not Satisfiable', + 417 => 'Expectation Failed', + 422 => 'Unprocessable Entity', + + 500 => 'Internal Server Error', + 501 => 'Not Implemented', + 502 => 'Bad Gateway', + 503 => 'Service Unavailable', + 504 => 'Gateway Timeout', + 505 => 'HTTP Version Not Supported' + ); + if (isset($stati[$code])) { $text = $stati[$code]; -- cgit v1.2.3-24-g4f1b From abc8f00465beb4cb99cc533ab2dbf3cb4191cbbe Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 23 Feb 2015 08:38:06 +0200 Subject: [ci skip] Fix #3618 --- system/libraries/Session/drivers/Session_redis_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index 1cc4d75d7..5fbb5222c 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -272,7 +272,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle { if (isset($this->_redis, $this->_lock_key)) { - if ($this->_redis->delete($this->_key_prefix.$session_id) !== 1) + if (($result = $this->_redis->delete($this->_key_prefix.$session_id)) !== 1) { log_message('debug', 'Session: Redis::delete() expected to return 1, got '.var_export($result, TRUE).' instead.'); } -- cgit v1.2.3-24-g4f1b From f1ca865e0a7aea02061be5d59a49b2a222a27085 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 24 Feb 2015 20:25:16 +0200 Subject: [ci skip] Add a note about pbkdf2 in security guide --- user_guide_src/source/general/security.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst index 0c58f96b4..efc821f2b 100644 --- a/user_guide_src/source/general/security.rst +++ b/user_guide_src/source/general/security.rst @@ -133,6 +133,10 @@ with that. Please read below. provides them for you as long as you're running at least PHP version 5.3.7 (and if you don't meet that requirement - please, upgrade). + If you're one of the really unlucky people who can't even upgrade to a + more recent PHP version, use `hash_pbkdf() `, + which we also provide in our compatibility layer. + - DO NOT ever display or send a password in plain-text format! Even to the password's owner, if you need a "Forgotten password" -- cgit v1.2.3-24-g4f1b From 7127f973a161a21a50819993b8cf5eda7b9cbeff Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 25 Feb 2015 18:39:30 +0200 Subject: Add PHP7 to automated builds Just read that Travis has added support for "nightly" PHP7. --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index 4f560442b..26b194f6f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,7 @@ php: - 5.4 - 5.5 - 5.6 + - 7 - hhvm env: @@ -31,11 +32,14 @@ matrix: allow_failures: - php: 5.2 - php: hhvm + - php: 7 exclude: - php: hhvm env: DB=pgsql - php: hhvm env: DB=pdo/pgsql + - php: 7 + env: mysql - php: 5.2 env: DB=sqlite - php: 5.2 -- cgit v1.2.3-24-g4f1b From cae95883a03b686d24b1d62191f38723ae958960 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 26 Feb 2015 02:46:14 +0100 Subject: funny tabs & spaces added and removed. --- system/core/Input.php | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index 97884d309..14f3e1083 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -103,16 +103,16 @@ class CI_Input { */ protected $headers = array(); - protected $_raw_input_stream = NULL; + protected $_raw_input_stream; /** - * Input stream data - * - * Parsed from php://input at runtime - * - * @see CI_Input::input_stream() - * @var array - */ + * Input stream data + * + * Parsed from php://input at runtime + * + * @see CI_Input::input_stream() + * @var array + */ protected $_input_stream = NULL; /** @@ -301,23 +301,25 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Fetch an item from the php://input stream - * - * Useful when you need to access PUT, DELETE or PATCH request data. - * - * @param string $index Index for item to be fetched - * @param bool $xss_clean Whether to apply XSS filtering - * @return mixed - */ + * Fetch an item from the php://input stream + * + * Useful when you need to access PUT, DELETE or PATCH request data. + * + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ public function input_stream($index = NULL, $xss_clean = NULL) { - // Prior to PHP 5.6, the input stream can only be read once, - // so we'll need to check if we have already done that first. + // Prior to PHP 5.6, the input stream can only be read once, + // so we'll need to check if we have already done that first. if ( ! is_array($this->_input_stream)) { + // $this->raw_input_stream will trigger __get(). parse_str($this->raw_input_stream, $this->_input_stream); is_array($this->_input_stream) OR $this->_input_stream = array(); } + return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From 7325fce4f6ea6454c948539598d10eb319244939 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 26 Feb 2015 02:49:39 +0100 Subject: Update changelog.rst --- user_guide_src/source/changelog.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 311aec20b..9ed55809e 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -492,8 +492,7 @@ Release Date: Not Released - Added an option for ``_clean_input_keys()`` to return FALSE instead of terminating the whole script. - Deprecated the ``is_cli_request()`` method, it is now an alias for the new :php:func:`is_cli()` common function. - Added an ``$xss_clean`` parameter to method ``user_agent()`` and removed the ``$user_agent`` property. - - Added gettable property ``raw_input_stream`` to access the **php://input** data. - - Changed method ``input_stream()`` to obtain the data from ``raw_input_stream`` property. + - Added property ``$raw_input_stream`` to access **php://input** data. - :doc:`Common functions ` changes include: -- cgit v1.2.3-24-g4f1b From 54b42d6c00f25152b6502be4cf64f2fe342b5fb7 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 26 Feb 2015 03:16:12 +0100 Subject: Update input.rst --- user_guide_src/source/libraries/input.rst | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 2b71b348a..274e49af4 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -93,12 +93,12 @@ one shot at all of the POST data. CodeIgniter will take care of that for you, and you can read the data from the **php://input** stream at any time, just by using the -``raw_input_stream`` property:: +``$raw_input_stream`` property:: $this->input->raw_input_stream; -Additionally if the input stream is formated in a query string fashion -you can access it's values, just by calling the +Additionally if the input stream is form-encoded like $_POST you can +access its values by calling the ``input_stream()`` method:: $this->input->input_stream('key'); @@ -120,6 +120,12 @@ Class Reference .. php:class:: CI_Input + .. attribute:: $raw_input_stream + + Read only property that will return php://input data as is. + + The property can be read multiple times. + .. php:method:: post([$index = NULL[, $xss_clean = NULL]]) :param mixed $index: POST parameter name -- cgit v1.2.3-24-g4f1b From b5925ec58a43b85bffb0d3aea6032f0b909b1121 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 26 Feb 2015 10:06:54 +0200 Subject: Fix .travis.yml for PHP7 and try to fix a DB test --- .travis.yml | 2 +- tests/codeigniter/database/DB_driver_test.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 26b194f6f..258ad76f1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,7 +39,7 @@ matrix: - php: hhvm env: DB=pdo/pgsql - php: 7 - env: mysql + env: DB=mysql - php: 5.2 env: DB=sqlite - php: 5.2 diff --git a/tests/codeigniter/database/DB_driver_test.php b/tests/codeigniter/database/DB_driver_test.php index c04c42b09..26416d3fc 100644 --- a/tests/codeigniter/database/DB_driver_test.php +++ b/tests/codeigniter/database/DB_driver_test.php @@ -6,7 +6,7 @@ class DB_driver_test extends CI_TestCase { { $config = Mock_Database_DB::config(DB_DRIVER); sscanf(DB_DRIVER, '%[^/]/', $driver_name); - $driver = $this->$driver_name($config[DB_DRIVER]); + $driver = $this->{$driver_name}($config[DB_DRIVER]); $this->assertTrue($driver->initialize()); } -- cgit v1.2.3-24-g4f1b From ba213cd6f6be272d8e51b9eaf7d4039671458868 Mon Sep 17 00:00:00 2001 From: Fu Xu Date: Thu, 26 Feb 2015 20:01:31 +0800 Subject: fix wrong step count --- user_guide_src/source/installation/upgrade_300.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 7cb94518d..90d56c25c 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -795,7 +795,7 @@ It is now deprecated and scheduled for removal in CodeIgniter 3.1+. sooner rather than later. *********************************************************** -Step 18: Check your usage of Text helper highlight_phrase() +Step 20: Check your usage of Text helper highlight_phrase() *********************************************************** The default HTML tag used by :doc:`Text Helper <../helpers/text_helper>` function -- cgit v1.2.3-24-g4f1b From 1e35792cc2d231cba11c2faefd71717ab67a46d2 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 26 Feb 2015 18:02:45 +0100 Subject: Update Input.php --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index 14f3e1083..a72c4ac1e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -305,8 +305,8 @@ class CI_Input { * * Useful when you need to access PUT, DELETE or PATCH request data. * - * @param string $index Index for item to be fetched - * @param bool $xss_clean Whether to apply XSS filtering + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ public function input_stream($index = NULL, $xss_clean = NULL) @@ -319,7 +319,7 @@ class CI_Input { parse_str($this->raw_input_stream, $this->_input_stream); is_array($this->_input_stream) OR $this->_input_stream = array(); } - + return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From d0ac8b132390387d08bcaa5a20fbea35a350c9d3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 27 Feb 2015 11:41:52 +0200 Subject: Fix an E_NOTICE caused by #3604 --- system/core/Input.php | 43 ++++++++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/system/core/Input.php b/system/core/Input.php index c3382b4d9..3e792fc13 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -103,17 +103,26 @@ class CI_Input { */ protected $headers = array(); + /** + * Raw input stream data + * + * Holds a cache of php://input contents + * + * @var string + */ protected $_raw_input_stream; /** - * Input stream data + * Parsed input stream data * * Parsed from php://input at runtime * * @see CI_Input::input_stream() * @var array */ - protected $_input_stream = NULL; + protected $_input_stream; + + // -------------------------------------------------------------------- /** * Class constructor @@ -325,17 +334,6 @@ class CI_Input { // ------------------------------------------------------------------------ - public function __get($name) - { - if ($name === 'raw_input_stream') - { - isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); - return $this->_raw_input_stream; - } - } - - // ------------------------------------------------------------------------ - /** * Set cookie * @@ -860,4 +858,23 @@ class CI_Input { : strtolower($this->server('REQUEST_METHOD')); } + // ------------------------------------------------------------------------ + + /** + * Magic __get() + * + * Allows read access to protected properties + * + * @param string $name + * @return mixed + */ + public function __get($name) + { + if ($name === 'raw_input_stream') + { + isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); + return $this->_raw_input_stream; + } + } + } -- cgit v1.2.3-24-g4f1b From 88fd8e4548eb50d8307757b8e37333ded8f221e9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 27 Feb 2015 11:43:01 +0200 Subject: Eh ... really fix that notice (#3604) --- system/core/Input.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/system/core/Input.php b/system/core/Input.php index 3e792fc13..484397d63 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -122,6 +122,8 @@ class CI_Input { */ protected $_input_stream; + protected $security; + // -------------------------------------------------------------------- /** -- cgit v1.2.3-24-g4f1b From 7d365dcc8bdf69534b54401cc862be105e1a8a28 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 27 Feb 2015 14:32:15 +0200 Subject: Fix #3633 --- system/core/Input.php | 1 + 1 file changed, 1 insertion(+) diff --git a/system/core/Input.php b/system/core/Input.php index 484397d63..be9f3c169 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -123,6 +123,7 @@ class CI_Input { protected $_input_stream; protected $security; + protected $uni; // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 52caf59f244e0c1363ac0ce6ba61a7f5001603df Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 27 Feb 2015 15:09:34 +0200 Subject: Make CI_Input:: read-only as well --- system/core/Input.php | 6 +++++- tests/mocks/core/input.php | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/system/core/Input.php b/system/core/Input.php index be9f3c169..6be4b9a6c 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -55,7 +55,7 @@ class CI_Input { * * @var string */ - public $ip_address = FALSE; + protected $ip_address = FALSE; /** * Allow GET array flag @@ -878,6 +878,10 @@ class CI_Input { isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); return $this->_raw_input_stream; } + elseif ($name === 'ip_address') + { + return $this->ip_address; + } } } diff --git a/tests/mocks/core/input.php b/tests/mocks/core/input.php index 0d1873849..40e27441f 100644 --- a/tests/mocks/core/input.php +++ b/tests/mocks/core/input.php @@ -38,4 +38,12 @@ class Mock_Core_Input extends CI_Input { return FALSE; } + public function __set($name, $value) + { + if ($name === 'ip_address') + { + $this->ip_address = $value; + } + } + } \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 9187ed3516ba403d09fc88ebcf6ead7364f75c4d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 28 Feb 2015 19:54:17 +0200 Subject: [ci skip] Formally deprecate 'global_xss_filtering' --- application/config/config.php | 3 +++ user_guide_src/source/changelog.rst | 1 + user_guide_src/source/installation/upgrade_300.rst | 16 ++++++++++++++++ user_guide_src/source/libraries/input.rst | 4 ++++ 4 files changed, 24 insertions(+) diff --git a/application/config/config.php b/application/config/config.php index 7d5c24c84..7be482b85 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -404,6 +404,9 @@ $config['standardize_newlines'] = FALSE; | Determines whether the XSS filter is always active when GET, POST or | COOKIE data is encountered | +| WARNING: This feature is DEPRECATED and currently available only +| for backwards compatibility purposes! +| */ $config['global_xss_filtering'] = FALSE; diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 42eed8034..ef3d2af39 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -480,6 +480,7 @@ Release Date: Not Released - :doc:`Input Library ` changes include: + - Deprecated the ``$config['global_xss_filtering']`` setting. - Added ``method()`` to retrieve ``$_SERVER['REQUEST_METHOD']``. - Added support for arrays and network addresses (e.g. 192.168.1.1/24) for use with the *proxy_ips* setting. - Added method ``input_stream()`` to aid in using **php://input** stream data such as one passed via PUT, DELETE and PATCH requests. diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 90d56c25c..2f806cccf 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -551,6 +551,22 @@ PHP's native ``hash()`` function. It is deprecated and scheduled for removal in .. note:: This function is still available, but you're strongly encouraged to remove its usage sooner rather than later. +The $config['global_xss_filtering'] setting +=========================================== + +As already explained above, XSS filtering should not be done on input data, +but on output instead. Therefore, the ``$config['global_xss_filtering']``, +which automatically filters *input* data, is considered a bad practice and +is now deprecated. + +Instead, you should manually escape any user-provided data via the +:php:func:`xss_clean()` function when you need to output it, or use a +library like `HTML Purifier `_ that does that +for you. + +.. note:: The setting is still available, but you're strongly encouraged to + remove its usage sooner rather than later. + File helper read_file() ======================= diff --git a/user_guide_src/source/libraries/input.rst b/user_guide_src/source/libraries/input.rst index 274e49af4..d9c6c2dd1 100644 --- a/user_guide_src/source/libraries/input.rst +++ b/user_guide_src/source/libraries/input.rst @@ -53,6 +53,10 @@ this:: Please refer to the :doc:`Security class ` documentation for information on using XSS Filtering in your application. +.. important:: The 'global_xss_filtering' setting is DEPRECATED and kept + solely for backwards-compatibility purposes. XSS escaping should + be performed on *output*, not *input*! + ******************* Accessing form data ******************* -- cgit v1.2.3-24-g4f1b From 43ba5a2da25ff1e0af527da92d89063a3f9d4263 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 1 Mar 2015 18:17:28 +0200 Subject: [ci skip] Fix a typo in config.php --- application/config/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/config.php b/application/config/config.php index 7be482b85..cc1307ca9 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -203,7 +203,7 @@ $config['directory_trigger'] = 'd'; | 3 = Informational Messages | 4 = All Messages | -| You can also pass in a array with threshold levels to show individual error types +| You can also pass an array with threshold levels to show individual error types | | array(2) = Debug Messages, without Error Messages | -- cgit v1.2.3-24-g4f1b From 4b25348e06a7587c64b97811208352c5c9478ab8 Mon Sep 17 00:00:00 2001 From: Heesung Ahn Date: Sun, 1 Mar 2015 23:21:44 -0500 Subject: test_strip_omage_tags Signed-off-by:Heesung Ahn --- tests/codeigniter/core/Security_test.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index d967613b5..bf1714622 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -126,5 +126,24 @@ class Security_test extends CI_TestCase { $this->assertEquals('foo', $safe_filename); } + + // -------------------------------------------------------------------- + public function test_strip_image_tags() + { + $imgtags = Array( + 'Smiley face', + '' + ); + + $urls = Array( + 'smiley.gif', + 'http://www.w3schools.com/images/w3schools_green.jpg' + ); + + for($i = 0; $i < count($imgtags); $i++) + { + $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i])); + } + } } \ No newline at end of file -- cgit v1.2.3-24-g4f1b From d829a5fe5cd8116f22d757e0aaa8b88d71576aa0 Mon Sep 17 00:00:00 2001 From: sv3tli0 Date: Mon, 2 Mar 2015 17:22:01 +0200 Subject: Small typo Missed variable.. --- user_guide_src/source/database/results.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/database/results.rst b/user_guide_src/source/database/results.rst index a22c2e8c3..ac44566d3 100644 --- a/user_guide_src/source/database/results.rst +++ b/user_guide_src/source/database/results.rst @@ -102,7 +102,7 @@ You can also add a second String parameter, which is the name of a class to instantiate the row with:: $query = $this->db->query("SELECT * FROM users LIMIT 1;"); - $query->row(0, 'User'); + $row = $query->row(0, 'User'); echo $row->name; // access attributes echo $row->reverse_name(); // or methods defined on the 'User' class @@ -431,4 +431,4 @@ Class Reference :rtype: array Returns an array containing the field names in the - result set. \ No newline at end of file + result set. -- cgit v1.2.3-24-g4f1b From fd08d02b1984d8f27a5e447a5c9d5e190271ab5e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 3 Mar 2015 12:36:11 +0200 Subject: Remove an unused var in CI_Log Was suggested as part of PR #3630, which was rejected due to numerous other changes --- system/core/Log.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/system/core/Log.php b/system/core/Log.php index 833316273..e8cb401f5 100644 --- a/system/core/Log.php +++ b/system/core/Log.php @@ -69,13 +69,6 @@ class CI_Log { */ protected $_threshold = 1; - /** - * Highest level of logging - * - * @var int - */ - protected $_threshold_max = 0; - /** * Array of threshold levels to log * @@ -139,7 +132,7 @@ class CI_Log { } elseif (is_array($config['log_threshold'])) { - $this->_threshold = $this->_threshold_max; + $this->_threshold = 0; $this->_threshold_array = array_flip($config['log_threshold']); } -- cgit v1.2.3-24-g4f1b From e1a5bb345b1b30ea777348efa9cade21c1f2e2fb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 4 Mar 2015 13:33:39 +0200 Subject: Fix #3627: Keep timed locks for more than 5 seconds Emulated locks for Redis and Memcached now have a TTL of 300 seconds (the default HTTP request timeout value on many environments) and 30 attemps, each separated by sleep(1), are made by the blocked request to try and obtain a lock if it has been freed. Additionaly, the blocking time for MySQL's locks, which are also timed, is also set to 300 seconds. --- .../Session/drivers/Session_database_driver.php | 2 +- .../Session/drivers/Session_memcached_driver.php | 30 +++++----------- .../Session/drivers/Session_redis_driver.php | 40 +++++++--------------- user_guide_src/source/libraries/sessions.rst | 6 ++-- 4 files changed, 25 insertions(+), 53 deletions(-) diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index f496b4fe0..76c1cf34e 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -319,7 +319,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan if ($this->_platform === 'mysql') { $arg = $session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''); - if ($this->_db->query("SELECT GET_LOCK('".$arg."', 10) AS ci_session_lock")->row()->ci_session_lock) + if ($this->_db->query("SELECT GET_LOCK('".$arg."', 300) AS ci_session_lock")->row()->ci_session_lock) { $this->_lock = $arg; return TRUE; diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index f1a6e2400..938a612d9 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -204,7 +204,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa if (isset($this->_lock_key)) { - $this->_memcached->replace($this->_lock_key, time(), 5); + $this->_memcached->replace($this->_lock_key, time(), 300); if ($this->_fingerprint !== ($fingerprint = md5($session_data))) { if ($this->_memcached->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration'])) @@ -299,34 +299,21 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa { if (isset($this->_lock_key)) { - return $this->_memcached->replace($this->_lock_key, time(), 5); + return $this->_memcached->replace($this->_lock_key, time(), 300); } + // 30 attempts to obtain a lock, in case another request already has it $lock_key = $this->_key_prefix.$session_id.':lock'; - if ( ! ($ts = $this->_memcached->get($lock_key))) - { - if ( ! $this->_memcached->set($lock_key, TRUE, 5)) - { - log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); - return FALSE; - } - - $this->_lock_key = $lock_key; - $this->_lock = TRUE; - return TRUE; - } - - // Another process has the lock, we'll try to wait for it to free itself ... $attempt = 0; - while ($attempt++ < 5) + do { - usleep(((time() - $ts) * 1000000) - 20000); - if (($ts = $this->_memcached->get($lock_key)) < time()) + if ($this->_memcached->get($lock_key)) { + sleep(1); continue; } - if ( ! $this->_memcached->set($lock_key, time(), 5)) + if ( ! $this->_memcached->set($lock_key, time(), 300)) { log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); return FALSE; @@ -335,8 +322,9 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa $this->_lock_key = $lock_key; break; } + while ($attempt++ < 30); - if ($attempt === 5) + if ($attempt === 30) { log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 5 attempts, aborting.'); return FALSE; diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index 5fbb5222c..1ce101daf 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -205,7 +205,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle if (isset($this->_lock_key)) { - $this->_redis->setTimeout($this->_lock_key, 5); + $this->_redis->setTimeout($this->_lock_key, 300); if ($this->_fingerprint !== ($fingerprint = md5($session_data))) { if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration'])) @@ -313,40 +313,21 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle { if (isset($this->_lock_key)) { - return $this->_redis->setTimeout($this->_lock_key, 5); + return $this->_redis->setTimeout($this->_lock_key, 300); } + // 30 attempts to obtain a lock, in case another request already has it $lock_key = $this->_key_prefix.$session_id.':lock'; - if (($ttl = $this->_redis->ttl($lock_key)) < 1) - { - if ( ! $this->_redis->setex($lock_key, 5, time())) - { - log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); - return FALSE; - } - - $this->_lock_key = $lock_key; - - if ($ttl === -1) - { - log_message('debug', 'Session: Lock for '.$this->_key_prefix.$session_id.' had no TTL, overriding.'); - } - - $this->_lock = TRUE; - return TRUE; - } - - // Another process has the lock, we'll try to wait for it to free itself ... $attempt = 0; - while ($attempt++ < 5) + do { - usleep(($ttl * 1000000) - 20000); if (($ttl = $this->_redis->ttl($lock_key)) > 0) { + sleep(1); continue; } - if ( ! $this->_redis->setex($lock_key, 5, time())) + if ( ! $this->_redis->setex($lock_key, 300, time())) { log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); return FALSE; @@ -355,12 +336,17 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle $this->_lock_key = $lock_key; break; } + while ($attempt++ < 30); - if ($attempt === 5) + if ($attempt === 30) { - log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 5 attempts, aborting.'); + log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 30 attempts, aborting.'); return FALSE; } + elseif ($ttl === -1) + { + log_message('debug', 'Session: Lock for '.$this->_key_prefix.$session_id.' had no TTL, overriding.'); + } $this->_lock = TRUE; return TRUE; diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst index 9fc33247b..104adb631 100644 --- a/user_guide_src/source/libraries/sessions.rst +++ b/user_guide_src/source/libraries/sessions.rst @@ -632,8 +632,7 @@ Redis Driver .. note:: Since Redis doesn't have a locking mechanism exposed, locks for this driver are emulated by a separate value that is kept for up - to 5 seconds. You may experience issues if your page loads take - longer than that! + to 300 seconds. Redis is a storage engine typically used for caching and popular because of its high performance, which is also probably your reason to use the @@ -670,8 +669,7 @@ Memcached Driver .. note:: Since Memcache doesn't have a locking mechanism exposed, locks for this driver are emulated by a separate value that is kept for - up to 5 seconds. You may experience issues if your page loads take - longer than that! + up to 300 seconds. The 'memcached' driver is very similar to the 'redis' one in all of its properties, except perhaps for availability, because PHP's `Memcached -- cgit v1.2.3-24-g4f1b From 137aa20e0b0fd71ff8f672c57c07c4972c91c6a4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 5 Mar 2015 11:36:25 +0200 Subject: Fix #3642 --- system/core/Config.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/system/core/Config.php b/system/core/Config.php index a191a7727..b9af8e3b2 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -126,7 +126,6 @@ class CI_Config { foreach (array($file, ENVIRONMENT.'/'.$file) as $location) { $file_path = $path.'config/'.$location.'.php'; - if (in_array($file_path, $this->is_loaded, TRUE)) { return TRUE; @@ -165,14 +164,13 @@ class CI_Config { $loaded = TRUE; log_message('debug', 'Config file loaded: '.$file_path); } - - if ($loaded === TRUE) - { - return TRUE; - } } - if ($fail_gracefully === TRUE) + if ($loaded === TRUE) + { + return TRUE; + } + elseif ($fail_gracefully === TRUE) { return FALSE; } -- cgit v1.2.3-24-g4f1b From 588a0e3774d1397b9cd0b5f9d0ba2f4793243267 Mon Sep 17 00:00:00 2001 From: Heesung Ahn Date: Thu, 5 Mar 2015 11:03:48 -0500 Subject: adding more img tags Signed-off-by:Heesung Ahn --- tests/codeigniter/core/Security_test.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index bf1714622..c96eecf02 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -133,12 +133,24 @@ class Security_test extends CI_TestCase { { $imgtags = Array( 'Smiley face', - '' + 'Smiley face', + '', + '', + 'MD Logo', + '', + '', + '' ); $urls = Array( 'smiley.gif', - 'http://www.w3schools.com/images/w3schools_green.jpg' + 'smiley.gif', + 'http://www.w3schools.com/images/w3schools_green.jpg', + '/img/sunset.gif', + 'mdn-logo-sm.png', + '', + '', + '' ); for($i = 0; $i < count($imgtags); $i++) -- cgit v1.2.3-24-g4f1b