From 52c10b68c275248eb7e12ec1d039876cd5f81f11 Mon Sep 17 00:00:00 2001 From: John Bellone Date: Sun, 21 Aug 2011 11:41:32 -0400 Subject: Making changes to stop remote spoofing --- system/core/Input.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index cfbef942d..365f779de 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -287,13 +287,13 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif ($this->server('REMOTE_ADDR') AND ! $this->server('HTTP_CLIENT_IP')) { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; + $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR')) + elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) { - $this->ip_address = $_SERVER['REMOTE_ADDR']; + $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } elseif ($this->server('HTTP_CLIENT_IP')) { -- cgit v1.2.3-24-g4f1b From 16f27b402049dc2ff0cc09faf4885aee944ba639 Mon Sep 17 00:00:00 2001 From: John Bellone Date: Sun, 21 Aug 2011 11:45:11 -0400 Subject: Changed order --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 365f779de..df9d2a5b7 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -287,7 +287,7 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND ! $this->server('HTTP_CLIENT_IP')) + elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } -- cgit v1.2.3-24-g4f1b From c9f84c1f916a7f3b92b02e45cc8c1cd9a040436b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 10:45:39 +0800 Subject: Update: if php version >= 5.2, use filter_var to check validate ip. --- system/core/Input.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 0dc2c4550..f99adad01 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -373,6 +373,12 @@ class CI_Input { */ function valid_ip($ip) { + // if php version >= 5.2, use filter_var to check validate ip. + if(is_php('5.2')) + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + } + $ip_segments = explode('.', $ip); // Always 4 segments needed -- cgit v1.2.3-24-g4f1b From 4db872f861dbf48b55749c53c504481f99db3551 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 10:52:37 +0800 Subject: Update: add public or private prefix. --- system/core/Input.php | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f99adad01..2395501f3 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -116,7 +116,7 @@ class CI_Input { * @param bool * @return string */ - function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + private function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { @@ -141,7 +141,7 @@ class CI_Input { * @param bool * @return string */ - function get($index = NULL, $xss_clean = FALSE) + public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL AND ! empty($_GET)) @@ -169,7 +169,7 @@ class CI_Input { * @param bool * @return string */ - function post($index = NULL, $xss_clean = FALSE) + public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL AND ! empty($_POST)) @@ -198,7 +198,7 @@ class CI_Input { * @param bool XSS cleaning * @return string */ - function get_post($index = '', $xss_clean = FALSE) + public function get_post($index = '', $xss_clean = FALSE) { if ( ! isset($_POST[$index]) ) { @@ -220,7 +220,7 @@ class CI_Input { * @param bool * @return string */ - function cookie($index = '', $xss_clean = FALSE) + public function cookie($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -243,7 +243,7 @@ class CI_Input { * @param bool true makes the cookie secure * @return void */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) { if (is_array($name)) { @@ -296,7 +296,7 @@ class CI_Input { * @param bool * @return string */ - function server($index = '', $xss_clean = FALSE) + public function server($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -309,7 +309,7 @@ class CI_Input { * @access public * @return string */ - function ip_address() + public function ip_address() { if ($this->ip_address !== FALSE) { @@ -371,7 +371,7 @@ class CI_Input { * @param string * @return string */ - function valid_ip($ip) + public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. if(is_php('5.2')) @@ -413,7 +413,7 @@ class CI_Input { * @access public * @return string */ - function user_agent() + public function user_agent() { if ($this->user_agent !== FALSE) { @@ -441,7 +441,7 @@ class CI_Input { * @access private * @return void */ - function _sanitize_globals() + private function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', @@ -542,7 +542,7 @@ class CI_Input { * @param string * @return string */ - function _clean_input_data($str) + private function _clean_input_data($str) { if (is_array($str)) { @@ -600,7 +600,7 @@ class CI_Input { * @param string * @return string */ - function _clean_input_keys($str) + private function _clean_input_keys($str) { if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) { @@ -624,6 +624,7 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * + * @access public * @param bool XSS cleaning * * @return array @@ -667,6 +668,7 @@ class CI_Input { * * Returns the value of a single member of the headers class member * + * @access public * @param string array key for $this->headers * @param boolean XSS Clean or not * @return mixed FALSE on failure, string on success @@ -698,6 +700,7 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * + * @access public * @return boolean */ public function is_ajax_request() @@ -712,6 +715,7 @@ class CI_Input { * * Test to see if a request was made from the command line * + * @access public * @return boolean */ public function is_cli_request() -- cgit v1.2.3-24-g4f1b From 4ddee144b3493eaceeed6ca9eb6138c881f43eac Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 14:35:32 +0800 Subject: Update: check filter_var function exist --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 2395501f3..2b36ea3c7 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -374,7 +374,7 @@ class CI_Input { public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. - if(is_php('5.2')) + if(function_exists('filter_var')) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 013c895e7f7e9122f8d2e8c80a3ac77f190c5171 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 15:03:44 +0800 Subject: Update: modified return bool value on comment --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 2b36ea3c7..1e37b11ea 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -369,7 +369,7 @@ class CI_Input { * * @access public * @param string - * @return string + * @return bool */ public function valid_ip($ip) { -- cgit v1.2.3-24-g4f1b From 47213794f2b09fb3540e1d0e53e50e8b084345e6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 13 Sep 2011 22:44:07 +0800 Subject: Update: change _fetch_from_array form private to protected --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 1e37b11ea..f39371fb0 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -110,13 +110,13 @@ class CI_Input { * * This is a helper function to retrieve values from global arrays * - * @access private + * @access protected * @param array * @param string * @param bool * @return string */ - private function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { @@ -374,7 +374,7 @@ class CI_Input { public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. - if(function_exists('filter_var')) + if (function_exists('filter_var')) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 8d263b02c56e25305621535e184333e8cdace9bd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 18:47:09 +0300 Subject: Suppress warnings generated by get_magic_quotes_gpc() (issue #467) --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f39371fb0..6f8442107 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -555,7 +555,7 @@ class CI_Input { } // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b From af7286251ec2c0dfd69ae764dbc0e3e8d0b736bf Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Oct 2011 10:11:59 +0300 Subject: get_magic_quotes_gpc() to be executed only if PHP version is 5.3 or lower --- system/core/Input.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6f8442107..f8e89066e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -554,8 +554,12 @@ class CI_Input { return $new_array; } - // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) + /* We strip slashes if magic quotes is on to keep things consistent + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b From f4a4bd8fac188ebc9cda822ffc811c218fd92b45 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 20 Oct 2011 12:18:42 -0500 Subject: adding new license file (OSL 3.0) and updating readme to ReST added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change --- system/core/Input.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f8e89066e..946d9296f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Input - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/input.html */ class CI_Input { -- cgit v1.2.3-24-g4f1b From 0defe5d33ee2633f377a109519ca818becc60f64 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 1 Jan 2012 18:46:41 -0600 Subject: Updating copyright date to 2012 --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 3cbbe787f..7cfa4c63f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From 64e98aab6ba2c692a881035245efb94a76deb428 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 20:29:10 +0200 Subject: Improve code Input & Model libraries --- system/core/Input.php | 97 ++++++++++++++++++--------------------------------- 1 file changed, 33 insertions(+), 64 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7cfa4c63f..07bb30b15 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -1,13 +1,13 @@ -_allow_get_array = (config_item('allow_get_array') === TRUE); - $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); - $this->_enable_csrf = (config_item('csrf_protection') === TRUE); + $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); + $this->_enable_csrf = (config_item('csrf_protection') === TRUE); global $SEC; $this->security =& $SEC; @@ -122,7 +122,6 @@ class CI_Input { * * This is a helper function to retrieve values from global arrays * - * @access protected * @param array * @param string * @param bool @@ -148,7 +147,6 @@ class CI_Input { /** * Fetch an item from the GET array * - * @access public * @param string * @param bool * @return string @@ -176,7 +174,6 @@ class CI_Input { /** * Fetch an item from the POST array * - * @access public * @param string * @param bool * @return string @@ -205,21 +202,15 @@ class CI_Input { /** * Fetch an item from either the GET array or the POST * - * @access public * @param string The index key * @param bool XSS cleaning * @return string */ public function get_post($index = '', $xss_clean = FALSE) { - if ( ! isset($_POST[$index]) ) - { - return $this->get($index, $xss_clean); - } - else - { - return $this->post($index, $xss_clean); - } + return ( ! isset($_POST[$index])) + ? $this->get($index, $xss_clean) + : $this->post($index, $xss_clean); } // -------------------------------------------------------------------- @@ -227,7 +218,6 @@ class CI_Input { /** * Fetch an item from the COOKIE array * - * @access public * @param string * @param bool * @return string @@ -245,7 +235,6 @@ class CI_Input { * Accepts six parameter, or you can submit an associative * array in the first parameter containing all the values. * - * @access public * @param mixed * @param string the value of the cookie * @param string the number of seconds until expiration @@ -303,7 +292,6 @@ class CI_Input { /** * Fetch an item from the SERVER array * - * @access public * @param string * @param bool * @return string @@ -318,7 +306,6 @@ class CI_Input { /** * Fetch the IP Address * - * @access public * @return string */ public function ip_address() @@ -335,7 +322,7 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } @@ -354,8 +341,7 @@ class CI_Input { if ($this->ip_address === FALSE) { - $this->ip_address = '0.0.0.0'; - return $this->ip_address; + return $this->ip_address = '0.0.0.0'; } if (strpos($this->ip_address, ',') !== FALSE) @@ -366,7 +352,7 @@ class CI_Input { if ( ! $this->valid_ip($this->ip_address)) { - $this->ip_address = '0.0.0.0'; + return $this->ip_address = '0.0.0.0'; } return $this->ip_address; @@ -379,7 +365,6 @@ class CI_Input { * * Updated version suggested by Geert De Deckere * - * @access public * @param string * @return bool */ @@ -394,7 +379,7 @@ class CI_Input { $ip_segments = explode('.', $ip); // Always 4 segments needed - if (count($ip_segments) != 4) + if (count($ip_segments) !== 4) { return FALSE; } @@ -422,7 +407,6 @@ class CI_Input { /** * User Agent * - * @access public * @return string */ public function user_agent() @@ -432,9 +416,7 @@ class CI_Input { return $this->user_agent; } - $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; - - return $this->user_agent; + return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; } // -------------------------------------------------------------------- @@ -444,22 +426,20 @@ class CI_Input { * * This function does the following: * - * Unsets $_GET data (if query strings are not enabled) - * - * Unsets all globals if register_globals is enabled + * - Unsets $_GET data (if query strings are not enabled) + * - Unsets all globals if register_globals is enabled + * - Standardizes newline characters to \n * - * Standardizes newline characters to \n - * - * @access private * @return void */ private function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', - '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', - 'system_folder', 'application_folder', 'BM', 'EXT', - 'CFG', 'URI', 'RTR', 'OUT', 'IN'); + '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', + 'system_folder', 'application_folder', 'BM', 'EXT', + 'CFG', 'URI', 'RTR', 'OUT', 'IN' + ); // Unset globals for securiy. // This is effectively the same as register_globals = off @@ -532,7 +512,6 @@ class CI_Input { // Sanitize PHP_SELF $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); - // CSRF Protection check if ($this->_enable_csrf == TRUE) { @@ -550,7 +529,6 @@ class CI_Input { * This is a helper function. It escapes data and * standardizes newline characters to \n * - * @access private * @param string * @return string */ @@ -592,12 +570,9 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE) + if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE) { - if (strpos($str, "\r") !== FALSE) - { - $str = str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); - } + return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } return $str; @@ -612,13 +587,12 @@ class CI_Input { * from trying to exploit keys we make sure that keys are * only named with alpha-numeric text and a few other items. * - * @access private * @param string * @return string */ private function _clean_input_keys($str) { - if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) + if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { exit('Disallowed Key Characters.'); } @@ -626,7 +600,7 @@ class CI_Input { // Clean UTF-8 if supported if (UTF8_ENABLED === TRUE) { - $str = $this->uni->clean_string($str); + return $this->uni->clean_string($str); } return $str; @@ -640,10 +614,8 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * - * @access public * @param bool XSS cleaning - * - * @return array + * @return array */ public function request_headers($xss_clean = FALSE) { @@ -658,7 +630,7 @@ class CI_Input { foreach ($_SERVER as $key => $val) { - if (strncmp($key, 'HTTP_', 5) === 0) + if (strpos($key, 'HTTP_') === 0) { $headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); } @@ -684,7 +656,6 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @access public * @param string array key for $this->headers * @param boolean XSS Clean or not * @return mixed FALSE on failure, string on success @@ -716,7 +687,6 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @access public * @return boolean */ public function is_ajax_request() @@ -731,12 +701,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @access public * @return boolean */ public function is_cli_request() { - return (php_sapi_name() == 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli') or defined('STDIN'); } } -- cgit v1.2.3-24-g4f1b From 137749793d6cce57e03904f05239fa80eec48d13 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 04:30:33 +0200 Subject: Switch some public properties to protected --- system/core/Input.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 07bb30b15..13bf76fd6 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -57,20 +57,20 @@ class CI_Input { * * @var bool */ - public $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; /** * If TRUE, then newlines are standardized * * @var bool */ - public $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered * Set automatically based on config setting * * @var bool */ - public $_enable_xss = FALSE; + protected $_enable_xss = FALSE; /** * Enables a CSRF cookie token to be set. * Set automatically based on config setting @@ -85,17 +85,15 @@ class CI_Input { */ protected $headers = array(); - /** * Constructor * * Sets whether to globally enable the XSS processing * and whether to allow the $_GET array - * */ public function __construct() { - log_message('debug', "Input Class Initialized"); + log_message('debug', 'Input Class Initialized'); $this->_allow_get_array = (config_item('allow_get_array') === TRUE); $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); -- cgit v1.2.3-24-g4f1b From 90cfe14b8458a3c84825a741cd750c5a02690f3b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 04:46:42 +0200 Subject: Switch private methods to protected --- system/core/Input.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 13bf76fd6..7a16e51ab 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -391,7 +391,7 @@ class CI_Input { { // IP segments must be digits and can not be // longer than 3 digits or greater then 255 - if ($segment == '' OR preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3) + if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3) { return FALSE; } @@ -430,7 +430,7 @@ class CI_Input { * * @return void */ - private function _sanitize_globals() + protected function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', @@ -516,7 +516,7 @@ class CI_Input { $this->security->csrf_verify(); } - log_message('debug', "Global POST and COOKIE data sanitized"); + log_message('debug', 'Global POST and COOKIE data sanitized'); } // -------------------------------------------------------------------- @@ -530,7 +530,7 @@ class CI_Input { * @param string * @return string */ - private function _clean_input_data($str) + protected function _clean_input_data($str) { if (is_array($str)) { @@ -588,7 +588,7 @@ class CI_Input { * @param string * @return string */ - private function _clean_input_keys($str) + protected function _clean_input_keys($str) { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { -- cgit v1.2.3-24-g4f1b From d63e40138e675df40f3a17e04972e82e7a748307 Mon Sep 17 00:00:00 2001 From: Kevin Cupp Date: Sun, 5 Feb 2012 14:14:32 -0500 Subject: Adding in a few 503 status codes for common errors in response to this ExpressionEngine bug about errors getting cached by reverse proxies who cache 200 responses: http://expressionengine.com/bug_tracker/bug/17420 --- system/core/Input.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7a16e51ab..3339d97c5 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -592,6 +592,7 @@ class CI_Input { { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { + set_status_header(503); exit('Disallowed Key Characters.'); } -- cgit v1.2.3-24-g4f1b From 9448afb6da995098ce4ca2d24eb3d82b26434b4b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Feb 2012 19:49:19 +0200 Subject: Fix CI_Input::is_ajax_request() --- system/core/Input.php | 66 ++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 37 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 3339d97c5..670f7a11f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Input Class * @@ -152,7 +150,7 @@ class CI_Input { public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_GET)) + if ($index === NULL && ! empty($_GET)) { $get = array(); @@ -179,7 +177,7 @@ class CI_Input { public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_POST)) + if ($index === NULL && ! empty($_POST)) { $post = array(); @@ -206,9 +204,9 @@ class CI_Input { */ public function get_post($index = '', $xss_clean = FALSE) { - return ( ! isset($_POST[$index])) - ? $this->get($index, $xss_clean) - : $this->post($index, $xss_clean); + return isset($_POST[$index]) + ? $this->post($index, $xss_clean) + : $this->get($index, $xss_clean); } // -------------------------------------------------------------------- @@ -256,19 +254,19 @@ class CI_Input { } } - if ($prefix == '' AND config_item('cookie_prefix') != '') + if ($prefix == '' && config_item('cookie_prefix') != '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' AND config_item('cookie_domain') != '') + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } - if ($path == '/' AND config_item('cookie_path') != '/') + if ($path == '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE AND config_item('cookie_secure') != FALSE) + if ($secure == FALSE && config_item('cookie_secure') != FALSE) { $secure = config_item('cookie_secure'); } @@ -320,11 +318,11 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif ($this->server('REMOTE_ADDR') && $this->server('HTTP_CLIENT_IP')) { $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } @@ -414,7 +412,7 @@ class CI_Input { return $this->user_agent; } - return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; + return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : FALSE; } // -------------------------------------------------------------------- @@ -469,19 +467,16 @@ class CI_Input { { $_GET = array(); } - else + elseif (is_array($_GET) && count($_GET) > 0) { - if (is_array($_GET) AND count($_GET) > 0) + foreach ($_GET as $key => $val) { - foreach ($_GET as $key => $val) - { - $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); - } + $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } } // Clean $_POST Data - if (is_array($_POST) AND count($_POST) > 0) + if (is_array($_POST) && count($_POST) > 0) { foreach ($_POST as $key => $val) { @@ -490,7 +485,7 @@ class CI_Input { } // Clean $_COOKIE Data - if (is_array($_COOKIE) AND count($_COOKIE) > 0) + if (is_array($_COOKIE) && count($_COOKIE) > 0) { // Also get rid of specially treated cookies that might be set by a server // or silly application, that are of no use to a CI application anyway @@ -568,7 +563,7 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE) { return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } @@ -625,7 +620,7 @@ class CI_Input { } else { - $headers['Content-Type'] = (isset($_SERVER['CONTENT_TYPE'])) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { @@ -655,9 +650,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers - * @param boolean XSS Clean or not - * @return mixed FALSE on failure, string on success + * @param string array key for $this->headers + * @param bool XSS Clean or not + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { @@ -671,12 +666,9 @@ class CI_Input { return FALSE; } - if ($xss_clean === TRUE) - { - return $this->security->xss_clean($this->headers[$index]); - } - - return $this->headers[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($this->headers[$index]) + : $this->headers[$index]; } // -------------------------------------------------------------------- @@ -686,11 +678,11 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @return boolean + * @return bool */ public function is_ajax_request() { - return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest'); + return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'); } // -------------------------------------------------------------------- @@ -700,11 +692,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @return boolean + * @return bool */ public function is_cli_request() { - return (php_sapi_name() === 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli' OR defined('STDIN')); } } -- cgit v1.2.3-24-g4f1b From 773e117f0bfd103116397d26f0ea1d1854de5ca8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Feb 2012 23:02:19 +0200 Subject: Remove a few spaces --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 670f7a11f..ee15f4013 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -650,9 +650,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers + * @param string array key for $this->headers * @param bool XSS Clean or not - * @return mixed FALSE on failure, string on success + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { -- cgit v1.2.3-24-g4f1b From be0ca26c9006981eced5d938060ba5bad4145e3b Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 19:09:51 +0100 Subject: added method() and is_method() --- system/core/Input.php | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ee15f4013..e8e3b1d9c 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -699,6 +699,35 @@ class CI_Input { return (php_sapi_name() === 'cli' OR defined('STDIN')); } + // -------------------------------------------------------------------- + + /** + * Get Request Method + * + * Return the Request Method in lowercase + * + * @return mixed + */ + public function method() + { + return strtolower($this->server('REQUEST_METHOD')); + } + + // -------------------------------------------------------------------- + + /** + * Validate parameter against $_SERVER['REQUEST_METHOD'] + * + * Return TRUE if method equals $_SERVER['REQUEST_METHOD'], otherwise return FALSE + * + * @param string request method to match + * @return bool + */ + public function is_method($method = '') + { + return ($this->method() === strtolower($method)); + } + } /* End of file Input.php */ -- cgit v1.2.3-24-g4f1b From dc900df67972ed1c961fc3e4173db98047bdbd1b Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:41:37 +0100 Subject: removed is_method --- system/core/Input.php | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index e8e3b1d9c..65de8c824 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -704,28 +704,16 @@ class CI_Input { /** * Get Request Method * - * Return the Request Method in lowercase + * Return the Request Method * + * @param bool uppercase or lowercase * @return mixed */ - public function method() + public function method($upper = TRUE) { - return strtolower($this->server('REQUEST_METHOD')); - } - - // -------------------------------------------------------------------- - - /** - * Validate parameter against $_SERVER['REQUEST_METHOD'] - * - * Return TRUE if method equals $_SERVER['REQUEST_METHOD'], otherwise return FALSE - * - * @param string request method to match - * @return bool - */ - public function is_method($method = '') - { - return ($this->method() === strtolower($method)); + return ($upper) + ? strtoupper($this->server('REQUEST_METHOD')) + : strtolower($this->server('REQUEST_METHOD')); } } -- cgit v1.2.3-24-g4f1b From 704fb1697f0db2369a9395c362c931999c8831f1 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:42:33 +0100 Subject: oops --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 65de8c824..79910890e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -709,7 +709,7 @@ class CI_Input { * @param bool uppercase or lowercase * @return mixed */ - public function method($upper = TRUE) + public function method($upper = FALSE) { return ($upper) ? strtoupper($this->server('REQUEST_METHOD')) -- cgit v1.2.3-24-g4f1b From 7c8841f7b2fca5822e05b5d3044c748e07c800e4 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:49:06 +0100 Subject: comment fix --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 79910890e..5a4659a5a 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -707,7 +707,7 @@ class CI_Input { * Return the Request Method * * @param bool uppercase or lowercase - * @return mixed + * @return bool */ public function method($upper = FALSE) { -- cgit v1.2.3-24-g4f1b From 07c1ac830b4e98aa40f48baef3dd05fb68c0a836 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Fri, 9 Mar 2012 17:03:37 +0000 Subject: Bumped CodeIgniter's PHP requirement to 5.2.4. Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway... --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ee15f4013..9a05034ba 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * -- cgit v1.2.3-24-g4f1b From 1ae651655888383a4d7f97fbf6e97a7ac00a9630 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 10 Mar 2012 16:11:34 +0200 Subject: Remove PHP 5.1.6-specific code --- system/core/Input.php | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 54b7e0923..901b4147e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -366,36 +366,7 @@ class CI_Input { */ public function valid_ip($ip) { - // if php version >= 5.2, use filter_var to check validate ip. - if (function_exists('filter_var')) - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } - - $ip_segments = explode('.', $ip); - - // Always 4 segments needed - if (count($ip_segments) !== 4) - { - return FALSE; - } - // IP can not start with 0 - if ($ip_segments[0][0] == '0') - { - return FALSE; - } - // Check each segment - foreach ($ip_segments as $segment) - { - // IP segments must be digits and can not be - // longer than 3 digits or greater then 255 - if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3) - { - return FALSE; - } - } - - return TRUE; + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 4ad0fd86e8dc6dba74305dbb0c88c593b46a19a2 Mon Sep 17 00:00:00 2001 From: freewil Date: Tue, 13 Mar 2012 22:37:42 -0400 Subject: add support for httponly cookies --- system/core/Input.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 901b4147e..6e6885992 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -228,7 +228,7 @@ class CI_Input { /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * * @param mixed @@ -238,14 +238,15 @@ class CI_Input { * @param string the cookie path * @param string the cookie prefix * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ - public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { // always leave 'name' in last place, as the loop will break otherwise, due to $$item - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) { if (isset($name[$item])) { @@ -270,6 +271,10 @@ class CI_Input { { $secure = config_item('cookie_secure'); } + if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + { + $httponly = config_item('cookie_httponly'); + } if ( ! is_numeric($expire)) { @@ -280,7 +285,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 40403d21274d5e0792c7ab816ad984d6387d5c20 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Thu, 19 Apr 2012 16:38:50 -0400 Subject: Additional formatting fixes --- system/core/Input.php | 221 +++++++++++++++++++++++++++----------------------- 1 file changed, 121 insertions(+), 100 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6e6885992..049935632 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -43,45 +43,51 @@ class CI_Input { * * @var string */ - public $ip_address = FALSE; + public $ip_address = FALSE; + /** * user agent (web browser) being used by the current user * * @var string */ - public $user_agent = FALSE; + public $user_agent = FALSE; + /** * If FALSE, then $_GET will be set to an empty array * * @var bool */ - protected $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; + /** * If TRUE, then newlines are standardized * * @var bool */ - protected $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; + /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered * Set automatically based on config setting * * @var bool */ - protected $_enable_xss = FALSE; + protected $_enable_xss = FALSE; + /** * Enables a CSRF cookie token to be set. * Set automatically based on config setting * * @var bool */ - protected $_enable_csrf = FALSE; + protected $_enable_csrf = FALSE; + /** * List of all HTTP request headers * * @var array */ - protected $headers = array(); + protected $headers = array(); /** * Constructor @@ -141,12 +147,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the GET array - * - * @param string - * @param bool - * @return string - */ + * Fetch an item from the GET array + * + * @param string + * @param bool + * @return string + */ public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided @@ -168,12 +174,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the POST array - * - * @param string - * @param bool - * @return string - */ + * Fetch an item from the POST array + * + * @param string + * @param bool + * @return string + */ public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided @@ -196,12 +202,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from either the GET array or the POST - * - * @param string The index key - * @param bool XSS cleaning - * @return string - */ + * Fetch an item from either the GET array or the POST + * + * @param string The index key + * @param bool XSS cleaning + * @return string + */ public function get_post($index = '', $xss_clean = FALSE) { return isset($_POST[$index]) @@ -212,12 +218,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the COOKIE array - * - * @param string - * @param bool - * @return string - */ + * Fetch an item from the COOKIE array + * + * @param string + * @param bool + * @return string + */ public function cookie($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); @@ -226,21 +232,21 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Set cookie - * - * Accepts seven parameters, or you can submit an associative - * array in the first parameter containing all the values. - * - * @param mixed - * @param string the value of the cookie - * @param string the number of seconds until expiration - * @param string the cookie domain. Usually: .yourdomain.com - * @param string the cookie path - * @param string the cookie prefix - * @param bool true makes the cookie secure - * @param bool true makes the cookie accessible via http(s) only (no javascript) - * @return void - */ + * Set cookie + * + * Accepts seven parameters, or you can submit an associative + * array in the first parameter containing all the values. + * + * @param mixed + * @param string the value of the cookie + * @param string the number of seconds until expiration + * @param string the cookie domain. Usually: .yourdomain.com + * @param string the cookie path + * @param string the cookie prefix + * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) + * @return void + */ public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) @@ -291,12 +297,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the SERVER array - * - * @param string - * @param bool - * @return string - */ + * Fetch an item from the SERVER array + * + * @param string + * @param bool + * @return string + */ public function server($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_SERVER, $index, $xss_clean); @@ -305,10 +311,10 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch the IP Address - * - * @return string - */ + * Fetch the IP Address + * + * @return string + */ public function ip_address() { if ($this->ip_address !== FALSE) @@ -362,13 +368,13 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Validate IP Address - * - * Updated version suggested by Geert De Deckere - * - * @param string - * @return bool - */ + * Validate IP Address + * + * Updated version suggested by Geert De Deckere + * + * @param string + * @return bool + */ public function valid_ip($ip) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); @@ -377,10 +383,10 @@ class CI_Input { // -------------------------------------------------------------------- /** - * User Agent - * - * @return string - */ + * User Agent + * + * @return string + */ public function user_agent() { if ($this->user_agent !== FALSE) @@ -394,24 +400,39 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Sanitize Globals - * - * This function does the following: - * - * - Unsets $_GET data (if query strings are not enabled) - * - Unsets all globals if register_globals is enabled - * - Standardizes newline characters to \n - * - * @return void - */ + * Sanitize Globals + * + * This function does the following: + * + * - Unsets $_GET data (if query strings are not enabled) + * - Unsets all globals if register_globals is enabled + * - Standardizes newline characters to \n + * + * @return void + */ protected function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. - $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', - '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', - 'system_folder', 'application_folder', 'BM', 'EXT', - 'CFG', 'URI', 'RTR', 'OUT', 'IN' - ); + $protected = array( + '_SERVER', + '_GET', + '_POST', + '_FILES', + '_REQUEST', + '_SESSION', + '_ENV', + 'GLOBALS', + 'HTTP_RAW_POST_DATA', + 'system_folder', + 'application_folder', + 'BM', + 'EXT', + 'CFG', + 'URI', + 'RTR', + 'OUT' + 'IN' + ); // Unset globals for securiy. // This is effectively the same as register_globals = off @@ -493,14 +514,14 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Clean Input Data - * - * This is a helper function. It escapes data and - * standardizes newline characters to \n - * - * @param string - * @return string - */ + * Clean Input Data + * + * This is a helper function. It escapes data and + * standardizes newline characters to \n + * + * @param string + * @return string + */ protected function _clean_input_data($str) { if (is_array($str)) @@ -550,15 +571,15 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Clean Keys - * - * This is a helper function. To prevent malicious users - * from trying to exploit keys we make sure that keys are - * only named with alpha-numeric text and a few other items. - * - * @param string - * @return string - */ + * Clean Keys + * + * This is a helper function. To prevent malicious users + * from trying to exploit keys we make sure that keys are + * only named with alpha-numeric text and a few other items. + * + * @param string + * @return string + */ protected function _clean_input_keys($str) { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) @@ -695,4 +716,4 @@ class CI_Input { } /* End of file Input.php */ -/* Location: ./system/core/Input.php */ +/* Location: ./system/core/Input.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 67cb3eef37fa826f56f61cfd2ac597052d9051f9 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Thu, 19 Apr 2012 16:41:52 -0400 Subject: Fix syntax error --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 049935632..7ee8f3685 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -430,7 +430,7 @@ class CI_Input { 'CFG', 'URI', 'RTR', - 'OUT' + 'OUT', 'IN' ); -- cgit v1.2.3-24-g4f1b From 48a7fbbeb53e82e9298036d40c42ec2564699ed0 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Mon, 23 Apr 2012 11:58:16 -0400 Subject: Use tabs to separate class properties --- system/core/Input.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7ee8f3685..fc2a550bc 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -43,28 +43,28 @@ class CI_Input { * * @var string */ - public $ip_address = FALSE; + public $ip_address = FALSE; /** * user agent (web browser) being used by the current user * * @var string */ - public $user_agent = FALSE; + public $user_agent = FALSE; /** * If FALSE, then $_GET will be set to an empty array * * @var bool */ - protected $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; /** * If TRUE, then newlines are standardized * * @var bool */ - protected $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered @@ -72,7 +72,7 @@ class CI_Input { * * @var bool */ - protected $_enable_xss = FALSE; + protected $_enable_xss = FALSE; /** * Enables a CSRF cookie token to be set. @@ -80,14 +80,14 @@ class CI_Input { * * @var bool */ - protected $_enable_csrf = FALSE; + protected $_enable_csrf = FALSE; /** * List of all HTTP request headers * * @var array */ - protected $headers = array(); + protected $headers = array(); /** * Constructor -- cgit v1.2.3-24-g4f1b From 03edf58ea6c2a1b74f746a7b27b7305a0d33d3d6 Mon Sep 17 00:00:00 2001 From: ziv Date: Fri, 27 Apr 2012 15:09:04 +0800 Subject: Update system/core/Input.php Fix a cookie get back problem. Cookie $index should start with a prefix. --- system/core/Input.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index fc2a550bc..7594a2e45 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -226,6 +226,7 @@ class CI_Input { */ public function cookie($index = '', $xss_clean = FALSE) { + $index = config_item('cookie_prefix').$index; return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From e57411502933afad6fca682efb437db05998e532 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Mon, 30 Apr 2012 17:57:37 +0200 Subject: Reverted recent commit, cookie_prefix was breaking things. --- system/core/Input.php | 1 - 1 file changed, 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7594a2e45..fc2a550bc 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -226,7 +226,6 @@ class CI_Input { */ public function cookie($index = '', $xss_clean = FALSE) { - $index = config_item('cookie_prefix').$index; return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From 92ebfb65ac044f5c2e6d88fba137253854cf1b94 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 17 May 2012 12:49:24 +0300 Subject: Cleanup the core classes --- system/core/Input.php | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index fc2a550bc..e916ac66d 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -44,28 +44,28 @@ class CI_Input { * @var string */ public $ip_address = FALSE; - + /** * user agent (web browser) being used by the current user * * @var string */ public $user_agent = FALSE; - + /** * If FALSE, then $_GET will be set to an empty array * * @var bool */ protected $_allow_get_array = TRUE; - + /** * If TRUE, then newlines are standardized * * @var bool */ protected $_standardize_newlines = TRUE; - + /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered * Set automatically based on config setting @@ -73,7 +73,7 @@ class CI_Input { * @var bool */ protected $_enable_xss = FALSE; - + /** * Enables a CSRF cookie token to be set. * Set automatically based on config setting @@ -81,7 +81,7 @@ class CI_Input { * @var bool */ protected $_enable_csrf = FALSE; - + /** * List of all HTTP request headers * @@ -94,6 +94,8 @@ class CI_Input { * * Sets whether to globally enable the XSS processing * and whether to allow the $_GET array + * + * @return void */ public function __construct() { @@ -438,15 +440,7 @@ class CI_Input { // This is effectively the same as register_globals = off foreach (array($_GET, $_POST, $_COOKIE) as $global) { - if ( ! is_array($global)) - { - if ( ! in_array($global, $protected)) - { - global $$global; - $$global = NULL; - } - } - else + if (is_array($global)) { foreach ($global as $key => $val) { @@ -457,6 +451,11 @@ class CI_Input { } } } + elseif ( ! in_array($global, $protected)) + { + global $$global; + $$global = NULL; + } } // Is $_GET data allowed? If not we'll set the $_GET to an empty array @@ -605,7 +604,7 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * - * @param bool XSS cleaning + * @param bool XSS cleaning * @return array */ public function request_headers($xss_clean = FALSE) -- cgit v1.2.3-24-g4f1b From 55a6ddb0c7bab1149bb1ddfa3a1aff46612c91d4 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 23 May 2012 18:37:24 +0100 Subject: Input, Session and Cookie get's will return NULL. Read more about this change here: http://codeigniter.com/forums/viewthread/215833 --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index e916ac66d..97be9e690 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -135,7 +135,7 @@ class CI_Input { { if ( ! isset($array[$index])) { - return FALSE; + return NULL; } if ($xss_clean === TRUE) @@ -659,7 +659,7 @@ class CI_Input { if ( ! isset($this->headers[$index])) { - return FALSE; + return NULL; } return ($xss_clean === TRUE) -- cgit v1.2.3-24-g4f1b From ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sat, 2 Jun 2012 11:07:47 +0100 Subject: Replaced `==` with `===` and `!=` with `!==` in /system/core --- system/core/Input.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 97be9e690..284b15697 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -263,23 +263,23 @@ class CI_Input { } } - if ($prefix == '' && config_item('cookie_prefix') != '') + if ($prefix === '' && config_item('cookie_prefix') !== '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' && config_item('cookie_domain') != '') + if ($domain === '' && config_item('cookie_domain') !== '') { $domain = config_item('cookie_domain'); } - if ($path == '/' && config_item('cookie_path') !== '/') + if ($path === '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE && config_item('cookie_secure') != FALSE) + if ($secure === FALSE && config_item('cookie_secure') !== FALSE) { $secure = config_item('cookie_secure'); } - if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) { $httponly = config_item('cookie_httponly'); } @@ -324,7 +324,7 @@ class CI_Input { return $this->ip_address; } - if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + if (config_item('proxy_ips') !== '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); @@ -459,7 +459,7 @@ class CI_Input { } // Is $_GET data allowed? If not we'll set the $_GET to an empty array - if ($this->_allow_get_array == FALSE) + if ($this->_allow_get_array === FALSE) { $_GET = array(); } @@ -502,7 +502,7 @@ class CI_Input { $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); // CSRF Protection check - if ($this->_enable_csrf == TRUE) + if ($this->_enable_csrf === TRUE) { $this->security->csrf_verify(); } @@ -559,7 +559,7 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines === TRUE && strpos($str, "\r") !== FALSE) { return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } -- cgit v1.2.3-24-g4f1b From 9ba661b02c492e89028e5c67b7edbfc0efefc9f1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 4 Jun 2012 14:44:34 +0300 Subject: Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d --- system/core/Input.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 284b15697..73f46ba6a 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -267,18 +267,22 @@ class CI_Input { { $prefix = config_item('cookie_prefix'); } - if ($domain === '' && config_item('cookie_domain') !== '') + + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } + if ($path === '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } + if ($secure === FALSE && config_item('cookie_secure') !== FALSE) { $secure = config_item('cookie_secure'); } + if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) { $httponly = config_item('cookie_httponly'); @@ -324,7 +328,7 @@ class CI_Input { return $this->ip_address; } - if (config_item('proxy_ips') !== '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); -- cgit v1.2.3-24-g4f1b From c28b651b91367e86f1bd6ab7f0cd6c45e58811ab Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 14:26:04 +0200 Subject: Add support for ipv6 --- system/core/Input.php | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 73f46ba6a..6a5a9d8f0 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,27 @@ class CI_Input { */ public function valid_ip($ip) { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + if($this->ip_version($ip) === '4') + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + } + else + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); + } + } + + // -------------------------------------------------------------------- + + /** + * Return ip version + * + * @param string + * @return string + */ + public function ip_version($ip) + { + return strpos($ip, ":") === false ? '4' : '6'; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 0723617703dda3660597d9cdef59e7cdded1c497 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 14:39:02 +0200 Subject: follow styling guide --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6a5a9d8f0..ac67aaf4f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if($this->ip_version($ip) === '4') + if ($this->ip_version($ip) === '4') { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 908f36a583384b0314d04c4cfe71992746e35daa Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 15:47:22 +0200 Subject: ip_version() now returns int instead of string --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ac67aaf4f..36ff96d03 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if ($this->ip_version($ip) === '4') + if ($this->ip_version($ip) === 4) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } @@ -399,11 +399,11 @@ class CI_Input { * Return ip version * * @param string - * @return string + * @return int */ public function ip_version($ip) { - return strpos($ip, ":") === false ? '4' : '6'; + return strpos($ip, ":") === false ? 4 : 6; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 1eb9b127cfb3aef5d89b86a48e35b2f35cd17f81 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 17:57:40 +0200 Subject: styling guide false -> FALSE --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 36ff96d03..c1f2086c4 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -403,7 +403,7 @@ class CI_Input { */ public function ip_version($ip) { - return strpos($ip, ":") === false ? 4 : 6; + return strpos($ip, ":") === FALSE ? 4 : 6; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 1ab6f6520ebfc016c49cfbe3a4d9d009be5da268 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 20:14:13 +0200 Subject: removed ip_version() --- system/core/Input.php | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index c1f2086c4..b986c4973 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,27 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if ($this->ip_version($ip) === 4) - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } - else - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); - } - } - - // -------------------------------------------------------------------- - - /** - * Return ip version - * - * @param string - * @return int - */ - public function ip_version($ip) - { - return strpos($ip, ":") === FALSE ? 4 : 6; + return (bool) filter_var($ip, FILTER_VALIDATE_IP); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 5a257187c4ca09ea61c19999bf061cec3f224cc2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 10 Jun 2012 06:18:14 +0300 Subject: Merge branch 2.1-stable into develop --- system/core/Input.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index b986c4973..162e40c85 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -376,14 +376,26 @@ class CI_Input { /** * Validate IP Address * - * Updated version suggested by Geert De Deckere - * * @param string + * @param string 'ipv4' or 'ipv6' * @return bool */ - public function valid_ip($ip) + public function valid_ip($ip, $which = '') { - return (bool) filter_var($ip, FILTER_VALIDATE_IP); + switch (strtolower($which)) + { + case 'ipv4': + $which = FILTER_FLAG_IPV4; + break; + case 'ipv6': + $which = FILTER_FLAG_IPV6; + break; + default: + $which = NULL; + break; + } + + return (bool) filter_var($ip, FILTER_VALIDATE_IP, $which); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 0d2c06ea1d96ea3f35dd1e7856977a24cec43233 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Jun 2012 02:33:45 +0300 Subject: Change file permissions for system/core/*.php and system/database/DB.php so that they don't differ from the rest --- system/core/Input.php | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 system/core/Input.php (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php old mode 100755 new mode 100644 -- cgit v1.2.3-24-g4f1b From a5a71359a5b320b0dc35fabfeb3e74e97a466a10 Mon Sep 17 00:00:00 2001 From: Jordan Pittman Date: Fri, 20 Jul 2012 19:36:43 -0300 Subject: Added support for IP Address Range Masks (e.g. 192.168.137.0/24) to the Proxy IPs config option --- system/core/Input.php | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 162e40c85..c0c85a5e8 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,10 +330,27 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { + $hasRanges = strpos($proxies, '/') !== false; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + + if ($hasRanges) { + $longIP = ip2long($_SERVER['REMOTE_ADDR']); + $bit32 = 1 << 32; + + foreach($proxies as $ip) { + list($address, $maskLength) = explode('/', $ip); + + $bitmask = $bit32 - (1 << (32 - (int)$maskLength)); + + if (($longIP & $bitmask) == $address) { + $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; + break; + } + } + } else { + $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + } } elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { -- cgit v1.2.3-24-g4f1b From 8960acf4fae56fd7b62a451ce8ea571c0e631ed1 Mon Sep 17 00:00:00 2001 From: Jordan Pittman Date: Mon, 23 Jul 2012 09:05:49 -0300 Subject: Update system/core/Input.php --- system/core/Input.php | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index c0c85a5e8..968a42a9a 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,24 +330,30 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { - $hasRanges = strpos($proxies, '/') !== false; + $has_ranges = strpos($proxies, '/') !== false; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - if ($hasRanges) { - $longIP = ip2long($_SERVER['REMOTE_ADDR']); - $bit32 = 1 << 32; - - foreach($proxies as $ip) { - list($address, $maskLength) = explode('/', $ip); - - $bitmask = $bit32 - (1 << (32 - (int)$maskLength)); - - if (($longIP & $bitmask) == $address) { + if ($has_ranges) + { + $long_ip = ip2long($_SERVER['REMOTE_ADDR']); + $bit_32 = 1 << 32; + + // Go through each of the IP Addresses to check for and + // test against range notation + foreach($proxies as $ip) + { + list($address, $mask_length) = explode('/', $ip); + + // Generate the bitmask for a 32 bit IP Address + $bitmask = $bit_32 - (1 << (32 - (int)$mask_length)); + if (($long_ip & $bitmask) == $address) + { $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; break; } } + } else { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } -- cgit v1.2.3-24-g4f1b From 3c0846b019ed533852a148eb68c62a02c03d27a8 Mon Sep 17 00:00:00 2001 From: bigCat Date: Tue, 21 Aug 2012 00:20:20 +0800 Subject: China's biggest ICP China Telecom will hijack user and leave a cookie contains | . such as "1345466626|7601294|43373|0|0|0" it's impossible to fix this shit... --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 968a42a9a..d7bfed3f8 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -620,7 +620,7 @@ class CI_Input { */ protected function _clean_input_keys($str) { - if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) + if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str)) { set_status_header(503); exit('Disallowed Key Characters.'); -- cgit v1.2.3-24-g4f1b From 14c9331420c960ff3237c2d82e34f7ebf8c6f12a Mon Sep 17 00:00:00 2001 From: Adam McCann Date: Thu, 20 Sep 2012 01:16:43 +0100 Subject: Fixes issue #1815 - input::ip_address() returns incorrect IP behind proxy --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 968a42a9a..5b8e62389 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,7 @@ class CI_Input { if (strpos($this->ip_address, ',') !== FALSE) { $x = explode(',', $this->ip_address); - $this->ip_address = trim(end($x)); + $this->ip_address = trim($x[0]); } if ( ! $this->valid_ip($this->ip_address)) -- cgit v1.2.3-24-g4f1b From 5b92ae1dfb6ac99630693d193b0d3f60f9df525f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 4 Oct 2012 13:05:03 +0300 Subject: Misc. style fixes [ci skip] --- system/core/Input.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 5b8e62389..657fce625 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,10 +330,10 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { - $has_ranges = strpos($proxies, '/') !== false; + $has_ranges = strpos($proxies, '/') !== FALSE; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - + if ($has_ranges) { $long_ip = ip2long($_SERVER['REMOTE_ADDR']); @@ -341,21 +341,25 @@ class CI_Input { // Go through each of the IP Addresses to check for and // test against range notation - foreach($proxies as $ip) + foreach ($proxies as $ip) { - list($address, $mask_length) = explode('/', $ip); + list($address, $mask_length) = explode('/', $ip, 2); // Generate the bitmask for a 32 bit IP Address - $bitmask = $bit_32 - (1 << (32 - (int)$mask_length)); - if (($long_ip & $bitmask) == $address) + $bitmask = $bit_32 - (1 << (32 - (int) $mask_length)); + if (($long_ip & $bitmask) === $address) { $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; break; } } - } else { - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + } + else + { + $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) + ? $_SERVER['HTTP_X_FORWARDED_FOR'] + : $_SERVER['REMOTE_ADDR']; } } elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) -- cgit v1.2.3-24-g4f1b From 9ac557f2473844f3c2207189f371f827dbaddb71 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 6 Oct 2012 20:27:57 +0300 Subject: Add IPv6 and array() support for *proxy_ips* configuration --- system/core/Input.php | 141 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 99 insertions(+), 42 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 657fce625..4a0caa5b5 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -328,60 +328,117 @@ class CI_Input { return $this->ip_address; } - if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + $proxy_ips = config_item('proxy_ips'); + if (empty($proxy_ips)) { - $has_ranges = strpos($proxies, '/') !== FALSE; - $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); - $proxies = is_array($proxies) ? $proxies : array($proxies); + $proxy_ips = FALSE; + } + elseif ( ! is_array($proxy_ips)) + { + $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips)); + } - if ($has_ranges) - { - $long_ip = ip2long($_SERVER['REMOTE_ADDR']); - $bit_32 = 1 << 32; + $this->ip_address = $this->server('REMOTE_ADDR'); - // Go through each of the IP Addresses to check for and - // test against range notation - foreach ($proxies as $ip) + if ($proxy_ips) + { + foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header) + { + if (($spoof = $this->server($header)) !== NULL) { - list($address, $mask_length) = explode('/', $ip, 2); + // Some proxies typically list the whole chain of IP + // addresses through which the client has reached us. + // e.g. client_ip, proxy_ip1, proxy_ip2, etc. + if (strpos($spoof, ',') !== FALSE) + { + $spoof = explode(',', $spoof, 2); + $spoof = $spoof[0]; + } - // Generate the bitmask for a 32 bit IP Address - $bitmask = $bit_32 - (1 << (32 - (int) $mask_length)); - if (($long_ip & $bitmask) === $address) + if ( ! $this->valid_ip($spoof)) + { + $spoof = NULL; + } + else { - $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; break; } } - } - else + + if ($spoof !== NULL) { - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) - ? $_SERVER['HTTP_X_FORWARDED_FOR'] - : $_SERVER['REMOTE_ADDR']; - } - } - elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) - { - $this->ip_address = $_SERVER['REMOTE_ADDR']; - } - elseif ($this->server('REMOTE_ADDR') && $this->server('HTTP_CLIENT_IP')) - { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; - } - elseif ($this->server('HTTP_CLIENT_IP')) - { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; - } - elseif ($this->server('HTTP_X_FORWARDED_FOR')) - { - $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; - } + for ($i = 0, $c = count($proxy_ips), $separator = (strlen($ip) === 32 ? '.' : ':'); $i < $c; $i++) + { + // Check if we have an IP address or a subnet + if (strpos($proxy_ips[$i], '/') === FALSE) + { + // An IP address (and not a subnet) is specified. + // We can compare right away. + if ($proxy_ips[$i] === $this->ip_address) + { + $this->ip_address = $spoof; + break; + } + + continue; + } - if ($this->ip_address === FALSE) - { - return $this->ip_address = '0.0.0.0'; + // We have a subnet ... now the heavy lifting begins + isset($separator) OR $separator = $this->valid_ip($this->ip_address, 'ipv6') ? ':' : '.'; + + // If the proxy entry doesn't match the IP protocol - skip it + if (strpos($proxy_ips[$i], $separator) === FALSE) + { + continue; + } + + // Convert the REMOTE_ADDR IP address to binary, if needed + if ( ! isset($ip, $convert_func)) + { + if ($separator === ':') + { + // Make sure we're have the "full" IPv6 format + $ip = str_replace('::', str_repeat(':', 9 - substr_count($this->ip_address, ':')), $this->ip_address); + $convert_func = is_php('5.3') + ? function ($value) + { + return str_pad(base_convert($value, 16, 2), 16, '0', STR_PAD_LEFT); + } + : create_function('$value', 'return str_pad(base_convert($value, 16, 2), 16, "0", STR_PAD_LEFT);'); + } + else + { + $ip = $this->ip_address; + $convert_func = is_php('5.3') + ? function ($value) + { + return str_pad(decbin($value), 8, '0', STR_PAD_LEFT); + } + : create_function('$value', 'return str_pad(decbin($value), 8, "0", STR_PAD_LEFT);'); + } + + $ip = implode(array_map($convert_func, explode($separator, $ip))); + } + + // Split the netmask length off the network address + list($netaddr, $masklen) = explode('/', $proxy_ips[$i], 2); + + // Again, an IPv6 address is most likely in a compressed form + if ($separator === ':') + { + $netaddr = str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr); + } + + // Convert to a binary form and finally compare + $netaddr = implode(array_map($convert_func, explode($separator, $netaddr))); + if (strncmp($ip, $netaddr, $masklen) === 0) + { + $this->ip_address = $spoof; + break; + } + } + } } if (strpos($this->ip_address, ',') !== FALSE) -- cgit v1.2.3-24-g4f1b From e45ad2b74d9534395616d661cf4656d6f259943b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 9 Oct 2012 13:11:15 +0300 Subject: Merge changes from 2.1-stable --- system/core/Input.php | 97 +++++++++++++++++++++++++-------------------------- 1 file changed, 48 insertions(+), 49 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 657fce625..4bb08f808 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -328,66 +328,65 @@ class CI_Input { return $this->ip_address; } - if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) - { - $has_ranges = strpos($proxies, '/') !== FALSE; - $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); - $proxies = is_array($proxies) ? $proxies : array($proxies); + $this->ip_address = $_SERVER['REMOTE_ADDR']; + $proxy_ips = config_item('proxy_ips'); - if ($has_ranges) + if ( ! empty($proxy_ips)) + { + foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header) { - $long_ip = ip2long($_SERVER['REMOTE_ADDR']); - $bit_32 = 1 << 32; - - // Go through each of the IP Addresses to check for and - // test against range notation - foreach ($proxies as $ip) + if (($spoof = $this->server($header)) !== FALSE) { - list($address, $mask_length) = explode('/', $ip, 2); + // Some proxies typically list the whole chain of IP + // addresses through which the client has reached us. + // e.g. client_ip, proxy_ip1, proxy_ip2, etc. + if (strpos($spoof, ',') !== FALSE) + { + $spoof = explode(',', $spoof, 2); + $spoof = $spoof[0]; + } - // Generate the bitmask for a 32 bit IP Address - $bitmask = $bit_32 - (1 << (32 - (int) $mask_length)); - if (($long_ip & $bitmask) === $address) + if ( ! $this->valid_ip($spoof)) + { + $spoof = FALSE; + } + else { - $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; break; } } - } - else + + if ($spoof) { - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) - ? $_SERVER['HTTP_X_FORWARDED_FOR'] - : $_SERVER['REMOTE_ADDR']; - } - } - elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) - { - $this->ip_address = $_SERVER['REMOTE_ADDR']; - } - elseif ($this->server('REMOTE_ADDR') && $this->server('HTTP_CLIENT_IP')) - { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; - } - elseif ($this->server('HTTP_CLIENT_IP')) - { - $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; - } - elseif ($this->server('HTTP_X_FORWARDED_FOR')) - { - $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; - } + $has_ranges = (strpos($proxy_ips, '/') !== FALSE); + $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips)); - if ($this->ip_address === FALSE) - { - return $this->ip_address = '0.0.0.0'; - } + if ($has_ranges) + { + $long_ip = ip2long($_SERVER['REMOTE_ADDR']); + $bit_32 = 1 << 32; - if (strpos($this->ip_address, ',') !== FALSE) - { - $x = explode(',', $this->ip_address); - $this->ip_address = trim($x[0]); + // Go through each of the IP Addresses to check for and + // test against range notation + foreach ($proxy_ips as $ip) + { + list($address, $mask_length) = explode('/', $ip, 2); + + // Generate the bitmask for a 32 bit IP Address + $bitmask = $bit_32 - (1 << (32 - (int) $mask_length)); + if (($long_ip & $bitmask) === $address) + { + $this->ip_address = $spoof; + break; + } + } + } + elseif (in_array($_SERVER['REMOTE_ADDR'], $proxy_ips, TRUE)) + { + $this->ip_address = $spoof; + } + } } if ( ! $this->valid_ip($this->ip_address)) @@ -545,7 +544,7 @@ class CI_Input { $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); // CSRF Protection check - if ($this->_enable_csrf === TRUE) + if ($this->_enable_csrf === TRUE && ! $this->is_cli_request()) { $this->security->csrf_verify(); } -- cgit v1.2.3-24-g4f1b From 9df35b4d23848e831ead765712addd0b845fd8f4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 9 Oct 2012 13:37:58 +0300 Subject: Remove an unnecessary variable initialization --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index b65509fd7..82482f2aa 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -364,7 +364,7 @@ class CI_Input { if ($spoof) { - for ($i = 0, $c = count($proxy_ips), $separator = (strlen($ip) === 32 ? '.' : ':'); $i < $c; $i++) + for ($i = 0, $c = count($proxy_ips); $i < $c; $i++) { // Check if we have an IP address or a subnet if (strpos($proxy_ips[$i], '/') === FALSE) -- cgit v1.2.3-24-g4f1b From 82d2cf17e77d0ca5ffdcaafb72ca2d3dc82dc142 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 13 Oct 2012 12:38:42 +0300 Subject: Fix CI_Input::ip_address() subnet detection --- system/core/Input.php | 48 ++++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 82482f2aa..ec935d531 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -390,31 +390,32 @@ class CI_Input { } // Convert the REMOTE_ADDR IP address to binary, if needed - if ( ! isset($ip, $convert_func)) + if ( ! isset($ip, $sprintf)) { if ($separator === ':') { // Make sure we're have the "full" IPv6 format - $ip = str_replace('::', str_repeat(':', 9 - substr_count($this->ip_address, ':')), $this->ip_address); - $convert_func = is_php('5.3') - ? function ($value) - { - return str_pad(base_convert($value, 16, 2), 16, '0', STR_PAD_LEFT); - } - : create_function('$value', 'return str_pad(base_convert($value, 16, 2), 16, "0", STR_PAD_LEFT);'); + $ip = explode(':', + str_replace('::', + str_repeat(':', 9 - substr_count($this->ip_address, ':')), + $this->ip_address + ) + ); + + for ($i = 0; $i < 8; $i++) + { + $ip[$i] = intval($ip[$i], 16); + } + + $sprintf = '%016b%016b%016b%016b%016b%016b%016b%016b'; } else { - $ip = $this->ip_address; - $convert_func = is_php('5.3') - ? function ($value) - { - return str_pad(decbin($value), 8, '0', STR_PAD_LEFT); - } - : create_function('$value', 'return str_pad(decbin($value), 8, "0", STR_PAD_LEFT);'); + $ip = explode('.', $this->ip_address); + $sprintf = '%08b%08b%08b%08b'; } - $ip = implode(array_map($convert_func, explode($separator, $ip))); + $ip = vsprintf($sprintf, $ip); } // Split the netmask length off the network address @@ -423,12 +424,19 @@ class CI_Input { // Again, an IPv6 address is most likely in a compressed form if ($separator === ':') { - $netaddr = str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr); + $netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr)); + for ($i = 0; $i < 8; $i++) + { + $netaddr[$i] = intval($netaddr[$i], 16); + } + } + else + { + $netaddr = explode('.', $netaddr); } - // Convert to a binary form and finally compare - $netaddr = implode(array_map($convert_func, explode($separator, $netaddr))); - if (strncmp($ip, $netaddr, $masklen) === 0) + // Convert to binary and finally compare + if (strncmp($ip, vsprintf($sprintf, $netaddr), $masklen) === 0) { $this->ip_address = $spoof; break; -- cgit v1.2.3-24-g4f1b From 1887ec69c9230ff3fbde63f209b50ce69b28fc62 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 27 Oct 2012 16:22:07 +0300 Subject: Input class improvements - Disable register_globals replication on PHP 5.4+ (no longer exists). - DocBlock improvements. - Add missing changelog entry. - Change user_agent() to return NULL when no value is found (for consistency with other fetcher methods). --- system/core/Input.php | 228 +++++++++++++++++++++++++++----------------------- 1 file changed, 121 insertions(+), 107 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ec935d531..18406fe43 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -41,59 +41,68 @@ class CI_Input { /** * IP address of the current user * - * @var string + * @var string */ - public $ip_address = FALSE; + public $ip_address = FALSE; /** - * user agent (web browser) being used by the current user + * User agent strin * - * @var string + * @var string */ - public $user_agent = FALSE; + public $user_agent = FALSE; /** - * If FALSE, then $_GET will be set to an empty array + * Allow GET array flag * - * @var bool + * If set to FALSE, then $_GET will be set to an empty array. + * + * @var bool */ - protected $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; /** - * If TRUE, then newlines are standardized + * Standartize new lines flag + * + * If set to TRUE, then newlines are standardized. * - * @var bool + * @var bool */ - protected $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; /** - * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered - * Set automatically based on config setting + * Enable XSS flag + * + * Determines whether the XSS filter is always active when + * GET, POST or COOKIE data is encountered. + * Set automatically based on config setting. * - * @var bool + * @var bool */ - protected $_enable_xss = FALSE; + protected $_enable_xss = FALSE; /** + * Enable CSRF flag + * * Enables a CSRF cookie token to be set. - * Set automatically based on config setting + * Set automatically based on config setting. * - * @var bool + * @var bool */ - protected $_enable_csrf = FALSE; + protected $_enable_csrf = FALSE; /** * List of all HTTP request headers * * @var array */ - protected $headers = array(); + protected $headers = array(); /** - * Constructor + * Class constructor * - * Sets whether to globally enable the XSS processing - * and whether to allow the $_GET array + * Determines whether to globally enable the XSS processing + * and whether to allow the $_GET array. * * @return void */ @@ -124,12 +133,12 @@ class CI_Input { /** * Fetch from array * - * This is a helper function to retrieve values from global arrays + * Internal method used to retrieve values from global arrays. * - * @param array - * @param string - * @param bool - * @return string + * @param array &$array $_GET, $_POST, $_COOKIE, $_SERVER, etc. + * @param string $index Index for item to be fetched from $array + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed */ protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { @@ -151,9 +160,9 @@ class CI_Input { /** * Fetch an item from the GET array * - * @param string - * @param bool - * @return string + * @param string $index Index for item to be fetched from $_GET + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed */ public function get($index = NULL, $xss_clean = FALSE) { @@ -178,9 +187,9 @@ class CI_Input { /** * Fetch an item from the POST array * - * @param string - * @param bool - * @return string + * @param string $index Index for item to be fetched from $_POST + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed */ public function post($index = NULL, $xss_clean = FALSE) { @@ -204,11 +213,11 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from either the GET array or the POST + * Fetch an item from POST data with fallback to GET * - * @param string The index key - * @param bool XSS cleaning - * @return string + * @param string $index Index for item to be fetched from $_POST or $_GET + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed */ public function get_post($index = '', $xss_clean = FALSE) { @@ -222,31 +231,45 @@ class CI_Input { /** * Fetch an item from the COOKIE array * - * @param string - * @param bool - * @return string + * @param string $index Index for item to be fetched from $_COOKIE + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed */ public function cookie($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } + // -------------------------------------------------------------------- + + /** + * Fetch an item from the SERVER array + * + * @param string $index Index for item to be fetched from $_SERVER + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ + public function server($index = '', $xss_clean = FALSE) + { + return $this->_fetch_from_array($_SERVER, $index, $xss_clean); + } + // ------------------------------------------------------------------------ /** * Set cookie * - * Accepts seven parameters, or you can submit an associative + * Accepts an arbitrary number of parameters (up to 7) or an associative * array in the first parameter containing all the values. * - * @param mixed - * @param string the value of the cookie - * @param string the number of seconds until expiration - * @param string the cookie domain. Usually: .yourdomain.com - * @param string the cookie path - * @param string the cookie prefix - * @param bool true makes the cookie secure - * @param bool true makes the cookie accessible via http(s) only (no javascript) + * @param string|mixed[] $name Cookie name or an array containing parameters + * @param string $value Cookie value + * @param int $expire Cookie expiration time in seconds + * @param string $domain Cookie domain (e.g.: '.yourdomain.com') + * @param string $path Cookie path (default: '/') + * @param string $prefix Cookie name prefix + * @param bool $secure Whether to only transfer cookies via SSL + * @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript) * @return void */ public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) @@ -302,24 +325,12 @@ class CI_Input { // -------------------------------------------------------------------- - /** - * Fetch an item from the SERVER array - * - * @param string - * @param bool - * @return string - */ - public function server($index = '', $xss_clean = FALSE) - { - return $this->_fetch_from_array($_SERVER, $index, $xss_clean); - } - - // -------------------------------------------------------------------- - /** * Fetch the IP Address * - * @return string + * Determines and validates the visitor's IP address. + * + * @return string IP address */ public function ip_address() { @@ -458,8 +469,8 @@ class CI_Input { /** * Validate IP Address * - * @param string - * @param string 'ipv4' or 'ipv6' + * @param string $ip IP address + * @param string $which IP protocol: 'ipv4' or 'ipv6' * @return bool */ public function valid_ip($ip, $which = '') @@ -483,9 +494,9 @@ class CI_Input { // -------------------------------------------------------------------- /** - * User Agent + * Fetch User Agent string * - * @return string + * @return string|null User Agent string or NULL if it doesn't exist */ public function user_agent() { @@ -494,7 +505,7 @@ class CI_Input { return $this->user_agent; } - return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : FALSE; + return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : NULL; } // -------------------------------------------------------------------- @@ -502,11 +513,12 @@ class CI_Input { /** * Sanitize Globals * - * This function does the following: + * Internal method serving for the following purposes: * - * - Unsets $_GET data (if query strings are not enabled) - * - Unsets all globals if register_globals is enabled - * - Standardizes newline characters to \n + * - Unsets $_GET data (if query strings are not enabled) + * - Unsets all globals if register_globals is enabled + * - Cleans POST, COOKIE and SERVER data + * - Standardizes newline characters to PHP_EOL * * @return void */ @@ -534,25 +546,29 @@ class CI_Input { 'IN' ); - // Unset globals for securiy. + // Unset globals for security. // This is effectively the same as register_globals = off - foreach (array($_GET, $_POST, $_COOKIE) as $global) + // PHP 5.4 no longer has the register_globals functionality. + if ( ! is_php('5.4')) { - if (is_array($global)) + foreach (array($_GET, $_POST, $_COOKIE) as $global) { - foreach ($global as $key => $val) + if (is_array($global)) { - if ( ! in_array($key, $protected)) + foreach ($global as $key => $val) { - global $$key; - $$key = NULL; + if ( ! in_array($key, $protected)) + { + global $$key; + $$key = NULL; + } } } - } - elseif ( ! in_array($global, $protected)) - { - global $$global; - $$global = NULL; + elseif ( ! in_array($global, $protected)) + { + global $$global; + $$global = NULL; + } } } @@ -613,10 +629,10 @@ class CI_Input { /** * Clean Input Data * - * This is a helper function. It escapes data and - * standardizes newline characters to \n + * Internal method that aids in escaping data and + * standardizing newline characters to PHP_EOL. * - * @param string + * @param string|string[] $str Input string(s) * @return string */ protected function _clean_input_data($str) @@ -624,9 +640,9 @@ class CI_Input { if (is_array($str)) { $new_array = array(); - foreach ($str as $key => $val) + foreach (array_keys($str) as $key) { - $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); + $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($str[$key]); } return $new_array; } @@ -670,11 +686,11 @@ class CI_Input { /** * Clean Keys * - * This is a helper function. To prevent malicious users + * Internal method that helps to prevent malicious users * from trying to exploit keys we make sure that keys are * only named with alpha-numeric text and a few other items. * - * @param string + * @param string $str Input string * @return string */ protected function _clean_input_keys($str) @@ -699,15 +715,12 @@ class CI_Input { /** * Request Headers * - * In Apache, you can simply call apache_request_headers(), however for - * people running other webservers the function is undefined. - * - * @param bool XSS cleaning + * @param bool $xss_clean Whether to apply XSS filtering * @return array */ public function request_headers($xss_clean = FALSE) { - // Look at Apache go! + // In Apache, you can simply call apache_request_headers() if (function_exists('apache_request_headers')) { $headers = apache_request_headers(); @@ -744,9 +757,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers - * @param bool XSS Clean or not - * @return mixed FALSE on failure, string on success + * @param string $index Header name + * @param bool $xss_clean Whether to apply XSS filtering + * @return string|bool The requested header on success or FALSE on failure */ public function get_request_header($index, $xss_clean = FALSE) { @@ -768,9 +781,9 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Is ajax Request? + * Is AJAX request? * - * Test to see if a request contains the HTTP_X_REQUESTED_WITH header + * Test to see if a request contains the HTTP_X_REQUESTED_WITH header. * * @return bool */ @@ -782,9 +795,9 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Is cli Request? + * Is CLI request? * - * Test to see if a request was made from the command line + * Test to see if a request was made from the command line. * * @return bool */ @@ -798,10 +811,11 @@ class CI_Input { /** * Get Request Method * - * Return the Request Method + * Return the request method * - * @param bool uppercase or lowercase - * @return bool + * @param bool $upper Whether to return in upper or lower case + * (default: FALSE) + * @return string */ public function method($upper = FALSE) { -- cgit v1.2.3-24-g4f1b From 8b9aa179047643668446ca454461a3ef34b3d228 Mon Sep 17 00:00:00 2001 From: vkeranov Date: Sat, 27 Oct 2012 18:06:09 +0300 Subject: Remove extra new lines --- system/core/Input.php | 1 - 1 file changed, 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 18406fe43..f6213c34e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -209,7 +209,6 @@ class CI_Input { return $this->_fetch_from_array($_POST, $index, $xss_clean); } - // -------------------------------------------------------------------- /** -- cgit v1.2.3-24-g4f1b From c5536aac5752054f7f76e448d58b86407d8f574e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 1 Nov 2012 17:33:58 +0200 Subject: Manually apply PR #1594 (fixing phpdoc page-level generation/warnings) Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files. --- system/core/Input.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f6213c34e..c6063a280 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -1,4 +1,4 @@ - Date: Fri, 2 Nov 2012 23:33:45 +0200 Subject: Some micro-optimizations --- system/core/Input.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index c6063a280..142e2b434 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -356,11 +356,7 @@ class CI_Input { // Some proxies typically list the whole chain of IP // addresses through which the client has reached us. // e.g. client_ip, proxy_ip1, proxy_ip2, etc. - if (strpos($spoof, ',') !== FALSE) - { - $spoof = explode(',', $spoof, 2); - $spoof = $spoof[0]; - } + sscanf($spoof, '%[^,]', $spoof); if ( ! $this->valid_ip($spoof)) { @@ -430,7 +426,7 @@ class CI_Input { } // Split the netmask length off the network address - list($netaddr, $masklen) = explode('/', $proxy_ips[$i], 2); + sscanf($proxy_ips[$i], '%[^/]/%d', $netaddr, $masklen); // Again, an IPv6 address is most likely in a compressed form if ($separator === ':') -- cgit v1.2.3-24-g4f1b From 303eef056b7317a1e4f06feb26fdb452a59c3a51 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 6 Nov 2012 14:55:48 +0200 Subject: Added CI_Input::input_stream() Helps in reading php://input stream data by caching it when accessed for the first time. (supersedes PR #1684) --- system/core/Input.php | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index c0158df99..adc5f7ac0 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -99,6 +99,16 @@ class CI_Input { */ protected $headers = array(); + /** + * Input stream data + * + * Parsed from php://input at runtime + * + * @see CI_Input::input_stream() + * @var array + */ + protected $_input_stream = NULL; + /** * Class constructor * @@ -256,6 +266,37 @@ class CI_Input { // ------------------------------------------------------------------------ + /** + * Fetch an item from the php://input stream + * + * Useful when you need to access PUT, DELETE or PATCH request data. + * + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ + public function input_stream($index = '', $xss_clean = FALSE) + { + // The input stream can only be read once, so we'll need to check + // if we have already done that first. + if (is_array($this->_input_stream)) + { + return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); + } + + // Parse the input stream in our cache var + parse_str(file_get_contents('php://input'), $this->_input_stream); + if ( ! is_array($this->_input_stream)) + { + $this->_input_stream = array(); + return NULL; + } + + return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); + } + + // ------------------------------------------------------------------------ + /** * Set cookie * -- cgit v1.2.3-24-g4f1b From 7a7ad782b2f125622509a77c5a6f94ad4ae0f93c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 12 Nov 2012 17:21:01 +0200 Subject: Some micro-optimizations --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index adc5f7ac0..4d73fa424 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -768,9 +768,9 @@ class CI_Input { foreach ($_SERVER as $key => $val) { - if (strpos($key, 'HTTP_') === 0) + if (sscanf($key, 'HTTP_%s', $header) === 1) { - $headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); + $headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); } } } -- cgit v1.2.3-24-g4f1b From 77bd21b15305412b63c8f448787d5b275efd07e2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 20 Nov 2012 16:34:15 +0200 Subject: Fix CI_Input::get() and CI_Input::post() not returning array when a key is not specified --- system/core/Input.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 4d73fa424..a3ad14e24 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -178,8 +178,13 @@ class CI_Input { public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL && ! empty($_GET)) + if ($index === NULL) { + if (empty($_GET)) + { + return array(); + } + $get = array(); // loop through the full _GET array @@ -205,8 +210,13 @@ class CI_Input { public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL && ! empty($_POST)) + if ($index === NULL) { + if (empty($_POST)) + { + return array(); + } + $post = array(); // Loop through the full _POST array and return it -- cgit v1.2.3-24-g4f1b From c82b57b32c0398bd36d625b9e5f9c20f54b768d2 Mon Sep 17 00:00:00 2001 From: Daniel Hunsaker Date: Mon, 31 Dec 2012 09:22:07 -0700 Subject: Fixed normalization of headers under Apache The existing header normalization routine converts headers provided by Apache (that is, with `-` in the name instead of `_`) to all lowercase, with the exception of the first character. This is different from the expected result, wherein each word of the header is capitalized. For example, `CONTENT-LENGTH` would normalize to `Content-length` instead of the expected `Content-Length`. The reason for this is that the existing code is only converting underscores to spaces, and leaving hyphens untouched. The fix is to replace hyphens with spaces as well before passing the result through `ucwords()`. That fix is included here. Signed-off-by: Daniel Hunsaker --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index a3ad14e24..ebe05555d 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -788,7 +788,7 @@ class CI_Input { // take SOME_HEADER and turn it into Some-Header foreach ($headers as $key => $val) { - $key = str_replace('_', ' ', strtolower($key)); + $key = str_replace(array('_', '-'), ' ', strtolower($key)); $key = str_replace(' ', '-', ucwords($key)); $this->headers[$key] = $val; -- cgit v1.2.3-24-g4f1b From 80500afbd188600212ca913a7bac073009feac73 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 1 Jan 2013 08:16:53 +0200 Subject: [ci skip] Happy new year --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ebe05555d..82e22dd49 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From 353f9834adf3f44c6c7a0f924089bb2b43360404 Mon Sep 17 00:00:00 2001 From: Daniel Hunsaker Date: Thu, 24 Jan 2013 17:09:10 -0700 Subject: Updated all cases of exit() to return a valid code Specific codes are as follows, but can easily be changed if a different order/breakdown makes more sense: - 0: Success; everything executed as planned - 1: Configuration Error; something is wrong with/in the configuration file(s) - 2: Class Not Found; what it says - 3: Driver Method Unsupported; the method you're trying to use on a Driver doesn't exist - 4: File Not Found; 404 error - 5: Database Error; something is broken in the database somewhere - 6: Invalid Input; the user attempted to submit a request with invlaid characters in 1+ key names 7 through 26 are reserved for future use - 27: Generic Error; generated by show_error() when the status code is >= 100 28 through 127 are errors generated by user applications, normally by using show_error() with a status code below 100 128 through 254 should not be used by applications, as they are reserved by system-level functions - 255: PHP Fatal Error; automatically generated by PHP for fatal errors, and therefore not allowed for our use Status codes below 100 are shifted up by 28 to place them in the user error range. It may make more sense to have these codes left alone and instead shift the CI errors into the 101 through 127 space, but that's not what I opted for here. It would probably also be a good idea to replace the hard-coded numbers with constants or some such, but I was in a bit of a hurry when I made these changes, so I didn't look around for the best place to do this. With proper guidance, I could easily amend this commit with another that uses such constant values. Signed-off-by: Daniel Hunsaker --- system/core/Input.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 82e22dd49..8f37e4464 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -745,7 +745,8 @@ class CI_Input { if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str)) { set_status_header(503); - exit('Disallowed Key Characters.'); + echo 'Disallowed Key Characters.'; + exit(6); } // Clean UTF-8 if supported -- cgit v1.2.3-24-g4f1b From b75e13df03dcf898cc85e144b941e1b1f6c332be Mon Sep 17 00:00:00 2001 From: Eric Roberts Date: Sun, 27 Jan 2013 20:10:09 -0600 Subject: Fix newline standardization. Signed-off-by: Eric Roberts --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 82e22dd49..68a8fe03f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -720,9 +720,9 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines === TRUE && strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines === TRUE) { - return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); + return preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $str); } return $str; -- cgit v1.2.3-24-g4f1b From 3b5b7f48848d098c6190781f8790a1b0dcb0217c Mon Sep 17 00:00:00 2001 From: Daniel Hunsaker Date: Fri, 22 Feb 2013 19:17:56 -0700 Subject: Updated exit codes as constant values Re-allocated exit status codes according to three references, which follow: BSD sysexits.h:http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=sysexits GNU recomendations:http://www.gnu.org/software/libc/manual/html_node/Exit-Status.html Bash scripting:http://tldp.org/LDP/abs/html/exitcodes.html The GNU recommendations stem from and expand upon the standard C/C++ library (stdlibc) definitions, while also suggesting some best-practice conventions which happen to prevent exit status code collisions with bash, and probably other shells. The re-allocated codes are now mapped to constant values, set in *application/config/constants.php*, and used throughout the CodeIgniter core. They would additionally be used in *index.php*, but the constants file hasn't been loaded at that point, so the integer values are used instead, and a comment follows each such use with amplifying information on why that particular value was selected. Finally, the errors documentation has been updated accordingly. Signed-off-by: Daniel Hunsaker --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 904f4d6e9..8d491e055 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -746,7 +746,7 @@ class CI_Input { { set_status_header(503); echo 'Disallowed Key Characters.'; - exit(6); + exit(EXIT_USER_INPUT); } // Clean UTF-8 if supported -- cgit v1.2.3-24-g4f1b From a7447d205296eeead94617f4b66707e336547b51 Mon Sep 17 00:00:00 2001 From: nisheeth-barthwal Date: Thu, 21 Mar 2013 15:48:10 +0530 Subject: Added array notation for keys in Input library --- system/core/Input.php | 74 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 58 insertions(+), 16 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 8d491e055..ffe7b4d27 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -149,21 +149,59 @@ class CI_Input { * @param array &$array $_GET, $_POST, $_COOKIE, $_SERVER, etc. * @param string $index Index for item to be fetched from $array * @param bool $xss_clean Whether to apply XSS filtering + * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE, $recurse = FALSE) { - if ( ! isset($array[$index])) + $value = NULL; + + if (isset($array[$index])) { - return NULL; + $value = $array[$index]; + } + else if($recurse) + { + // We couldn't find the $field as a simple key, so try the nested notation + $key = $index; + $container = $array; + + // Test if the $index is an array name, and try to obtain the final index + if (preg_match_all('/\[(.*?)\]/', $index, $matches)) + { + sscanf($index, '%[^[][', $key); + for ($i = 0, $c = count($matches[0]); $i < $c; $i++) + { + if($matches[1][$i] === '') // The array notation will return the value as array + { + break; + } + if (isset($container[$key])) + { + $container = $container[$key]; + $key = $matches[1][$i]; + } + else + { + $container = array(); + break; + } + } + + // Check if the deepest container has the field + if(isset($container[$key])) + { + $value = $container[$key]; + } + } } if ($xss_clean === TRUE) { - return $this->security->xss_clean($array[$index]); + return $this->security->xss_clean($value); } - return $array[$index]; + return $value; } // -------------------------------------------------------------------- @@ -173,9 +211,10 @@ class CI_Input { * * @param string $index Index for item to be fetched from $_GET * @param bool $xss_clean Whether to apply XSS filtering + * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - public function get($index = NULL, $xss_clean = FALSE) + public function get($index = NULL, $xss_clean = FALSE, $recurse = FALSE) { // Check if a field has been provided if ($index === NULL) @@ -190,12 +229,12 @@ class CI_Input { // loop through the full _GET array foreach (array_keys($_GET) as $key) { - $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean); + $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean, $recurse); } return $get; } - return $this->_fetch_from_array($_GET, $index, $xss_clean); + return $this->_fetch_from_array($_GET, $index, $xss_clean, $recurse); } // -------------------------------------------------------------------- @@ -205,9 +244,10 @@ class CI_Input { * * @param string $index Index for item to be fetched from $_POST * @param bool $xss_clean Whether to apply XSS filtering + * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - public function post($index = NULL, $xss_clean = FALSE) + public function post($index = NULL, $xss_clean = FALSE, $recurse = FALSE) { // Check if a field has been provided if ($index === NULL) @@ -222,12 +262,12 @@ class CI_Input { // Loop through the full _POST array and return it foreach (array_keys($_POST) as $key) { - $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean); + $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean, $recurse); } return $post; } - return $this->_fetch_from_array($_POST, $index, $xss_clean); + return $this->_fetch_from_array($_POST, $index, $xss_clean, $recurse); } // -------------------------------------------------------------------- @@ -237,13 +277,14 @@ class CI_Input { * * @param string $index Index for item to be fetched from $_POST or $_GET * @param bool $xss_clean Whether to apply XSS filtering + * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - public function get_post($index = '', $xss_clean = FALSE) + public function get_post($index = '', $xss_clean = FALSE, $recurse = FALSE) { return isset($_POST[$index]) - ? $this->post($index, $xss_clean) - : $this->get($index, $xss_clean); + ? $this->post($index, $xss_clean, $recurse) + : $this->get($index, $xss_clean, $recurse); } // -------------------------------------------------------------------- @@ -253,11 +294,12 @@ class CI_Input { * * @param string $index Index for item to be fetched from $_COOKIE * @param bool $xss_clean Whether to apply XSS filtering + * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - public function cookie($index = '', $xss_clean = FALSE) + public function cookie($index = '', $xss_clean = FALSE, $recurse = FALSE) { - return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); + return $this->_fetch_from_array($_COOKIE, $index, $xss_clean, $recurse); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From a5bcfb1d291d42521b0dc420b1b501c36710277d Mon Sep 17 00:00:00 2001 From: nisheeth-barthwal Date: Sat, 23 Mar 2013 10:53:51 +0530 Subject: Removed $recurse parameter in lieu of auto parsing. Changed "provision" entry. --- system/core/Input.php | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ffe7b4d27..7424a003a 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -149,10 +149,9 @@ class CI_Input { * @param array &$array $_GET, $_POST, $_COOKIE, $_SERVER, etc. * @param string $index Index for item to be fetched from $array * @param bool $xss_clean Whether to apply XSS filtering - * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE, $recurse = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { $value = NULL; @@ -160,9 +159,8 @@ class CI_Input { { $value = $array[$index]; } - else if($recurse) + else if(preg_match('/\[[^]]*\]$/', $index)) // Does the index contain array notation { - // We couldn't find the $field as a simple key, so try the nested notation $key = $index; $container = $array; @@ -211,10 +209,9 @@ class CI_Input { * * @param string $index Index for item to be fetched from $_GET * @param bool $xss_clean Whether to apply XSS filtering - * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - public function get($index = NULL, $xss_clean = FALSE, $recurse = FALSE) + public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL) @@ -229,12 +226,12 @@ class CI_Input { // loop through the full _GET array foreach (array_keys($_GET) as $key) { - $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean, $recurse); + $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean); } return $get; } - return $this->_fetch_from_array($_GET, $index, $xss_clean, $recurse); + return $this->_fetch_from_array($_GET, $index, $xss_clean); } // -------------------------------------------------------------------- @@ -244,10 +241,9 @@ class CI_Input { * * @param string $index Index for item to be fetched from $_POST * @param bool $xss_clean Whether to apply XSS filtering - * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - public function post($index = NULL, $xss_clean = FALSE, $recurse = FALSE) + public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL) @@ -262,12 +258,12 @@ class CI_Input { // Loop through the full _POST array and return it foreach (array_keys($_POST) as $key) { - $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean, $recurse); + $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean); } return $post; } - return $this->_fetch_from_array($_POST, $index, $xss_clean, $recurse); + return $this->_fetch_from_array($_POST, $index, $xss_clean); } // -------------------------------------------------------------------- @@ -277,14 +273,13 @@ class CI_Input { * * @param string $index Index for item to be fetched from $_POST or $_GET * @param bool $xss_clean Whether to apply XSS filtering - * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - public function get_post($index = '', $xss_clean = FALSE, $recurse = FALSE) + public function get_post($index = '', $xss_clean = FALSE) { return isset($_POST[$index]) - ? $this->post($index, $xss_clean, $recurse) - : $this->get($index, $xss_clean, $recurse); + ? $this->post($index, $xss_clean) + : $this->get($index, $xss_clean); } // -------------------------------------------------------------------- @@ -294,12 +289,11 @@ class CI_Input { * * @param string $index Index for item to be fetched from $_COOKIE * @param bool $xss_clean Whether to apply XSS filtering - * @param bool $recurse Whether to recurse into arrays via nested keys * @return mixed */ - public function cookie($index = '', $xss_clean = FALSE, $recurse = FALSE) + public function cookie($index = '', $xss_clean = FALSE) { - return $this->_fetch_from_array($_COOKIE, $index, $xss_clean, $recurse); + return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 7b1a2f1f40d940dde34e47b36808a84e0353af56 Mon Sep 17 00:00:00 2001 From: nisheeth-barthwal Date: Mon, 25 Mar 2013 11:29:53 +0530 Subject: Changed "else if" to "elseif" --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7424a003a..6ee132005 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -159,7 +159,7 @@ class CI_Input { { $value = $array[$index]; } - else if(preg_match('/\[[^]]*\]$/', $index)) // Does the index contain array notation + elseif(preg_match('/\[[^]]*\]$/', $index)) // Does the index contain array notation { $key = $index; $container = $array; -- cgit v1.2.3-24-g4f1b From 77236e055234cbbc9f6ca6be472c70077a1f5856 Mon Sep 17 00:00:00 2001 From: nisheeth-barthwal Date: Mon, 25 Mar 2013 23:42:36 +0530 Subject: Simplified notation parsing and other cosmetic fixes --- system/core/Input.php | 47 ++++++++++++++++------------------------------- 1 file changed, 16 insertions(+), 31 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6ee132005..d707fe25c 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -153,53 +153,38 @@ class CI_Input { */ protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { - $value = NULL; - if (isset($array[$index])) { $value = $array[$index]; } - elseif(preg_match('/\[[^]]*\]$/', $index)) // Does the index contain array notation + elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation { - $key = $index; $container = $array; - - // Test if the $index is an array name, and try to obtain the final index - if (preg_match_all('/\[(.*?)\]/', $index, $matches)) + for ($i = 0; $i < $count; $i++) { - sscanf($index, '%[^[][', $key); - for ($i = 0, $c = count($matches[0]); $i < $c; $i++) + $key = trim($matches[0][$i], '[]'); + if($key === '') // The array notation will return the value as array { - if($matches[1][$i] === '') // The array notation will return the value as array - { - break; - } - if (isset($container[$key])) - { - $container = $container[$key]; - $key = $matches[1][$i]; - } - else - { - $container = array(); - break; - } + break; } - - // Check if the deepest container has the field - if(isset($container[$key])) + if (isset($container[$key])) + { + $value = $container = $container[$key]; + } + else { - $value = $container[$key]; + return NULL; } } } - - if ($xss_clean === TRUE) + else { - return $this->security->xss_clean($value); + return NULL; } - return $value; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($value) + : $value; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 47ea5a8b99e17e9513be57d0af92f9e2637569b2 Mon Sep 17 00:00:00 2001 From: nisheeth-barthwal Date: Tue, 26 Mar 2013 18:57:28 +0530 Subject: Code fixes in line with suggestions --- system/core/Input.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index d707fe25c..1e21886ff 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -157,19 +157,20 @@ class CI_Input { { $value = $array[$index]; } - elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation + elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation { - $container = $array; + $value = $array; for ($i = 0; $i < $count; $i++) { $key = trim($matches[0][$i], '[]'); - if($key === '') // The array notation will return the value as array + if($key === '') // Empty notation will return the value as array { break; } - if (isset($container[$key])) + + if (isset($value[$key])) { - $value = $container = $container[$key]; + $value = $value[$key]; } else { -- cgit v1.2.3-24-g4f1b From 408cbb4f3582ac64bb534a6539370992071d5950 Mon Sep 17 00:00:00 2001 From: nisheeth-barthwal Date: Tue, 26 Mar 2013 19:06:40 +0530 Subject: Code style fix --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 1e21886ff..6690b7f2e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -163,7 +163,7 @@ class CI_Input { for ($i = 0; $i < $count; $i++) { $key = trim($matches[0][$i], '[]'); - if($key === '') // Empty notation will return the value as array + if ($key === '') // Empty notation will return the value as array { break; } -- cgit v1.2.3-24-g4f1b From 826990fc88208103142385f1a448bb4771213155 Mon Sep 17 00:00:00 2001 From: CJ Date: Tue, 16 Apr 2013 14:17:53 +0800 Subject: apache_request_headers need not go through recapitalization of incoming headers and should be pass through as is. This is a follow up on #2107 (c82b57b) by @danhunsaker; --- system/core/Input.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6690b7f2e..31bd7008b 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -793,7 +793,7 @@ class CI_Input { // In Apache, you can simply call apache_request_headers() if (function_exists('apache_request_headers')) { - $headers = apache_request_headers(); + $this->headers = apache_request_headers(); } else { @@ -806,15 +806,15 @@ class CI_Input { $headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); } } - } - // take SOME_HEADER and turn it into Some-Header - foreach ($headers as $key => $val) - { - $key = str_replace(array('_', '-'), ' ', strtolower($key)); - $key = str_replace(' ', '-', ucwords($key)); + // take SOME_HEADER and turn it into Some-Header + foreach ($headers as $key => $val) + { + $key = str_replace('_', ' ', strtolower($key)); + $key = str_replace(' ', '-', ucwords($key)); - $this->headers[$key] = $val; + $this->headers[$key] = $val; + } } return $this->headers; -- cgit v1.2.3-24-g4f1b From 71cff1da396ba0c56644c04fdd2729db6766c557 Mon Sep 17 00:00:00 2001 From: CJ Date: Tue, 16 Apr 2013 21:50:55 +0800 Subject: #2409: Updated based on feedback by @narfbg; --- system/core/Input.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 31bd7008b..7a6b6e4e0 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -790,10 +790,16 @@ class CI_Input { */ public function request_headers($xss_clean = FALSE) { + // If header is already defined, return it immediately + if ( ! empty($this->headers)) + { + return $this->headers; + } + // In Apache, you can simply call apache_request_headers() if (function_exists('apache_request_headers')) { - $this->headers = apache_request_headers(); + return $this->headers = apache_request_headers(); } else { @@ -810,7 +816,7 @@ class CI_Input { // take SOME_HEADER and turn it into Some-Header foreach ($headers as $key => $val) { - $key = str_replace('_', ' ', strtolower($key)); + $key = str_replace(array('_', '-'), ' ', strtolower($key)); $key = str_replace(' ', '-', ucwords($key)); $this->headers[$key] = $val; -- cgit v1.2.3-24-g4f1b From d08e18cafb31af586002e4de39f12cf8e048383b Mon Sep 17 00:00:00 2001 From: CJ Date: Wed, 17 Apr 2013 00:55:48 +0800 Subject: See #2409: Remove double replacing of dashes and instead change `Content-Type` to `CONTENT_TYPE` --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7a6b6e4e0..a0c5552f6 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -803,7 +803,7 @@ class CI_Input { } else { - $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $headers['CONTENT_TYPE'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { @@ -816,7 +816,7 @@ class CI_Input { // take SOME_HEADER and turn it into Some-Header foreach ($headers as $key => $val) { - $key = str_replace(array('_', '-'), ' ', strtolower($key)); + $key = str_replace('_', ' ', strtolower($key)); $key = str_replace(' ', '-', ucwords($key)); $this->headers[$key] = $val; -- cgit v1.2.3-24-g4f1b From d195f224db31644eaaef4b4cb4713d9af5f57ead Mon Sep 17 00:00:00 2001 From: CJ Date: Wed, 17 Apr 2013 01:04:13 +0800 Subject: See #2409: Reformating and code cleanup for request_headers; --- system/core/Input.php | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index a0c5552f6..6b7d5bd43 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -801,25 +801,18 @@ class CI_Input { { return $this->headers = apache_request_headers(); } - else - { - $headers['CONTENT_TYPE'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); - foreach ($_SERVER as $key => $val) - { - if (sscanf($key, 'HTTP_%s', $header) === 1) - { - $headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); - } - } + $this->headers['CONTENT_TYPE'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); - // take SOME_HEADER and turn it into Some-Header - foreach ($headers as $key => $val) + foreach ($_SERVER as $key => $val) + { + if (sscanf($key, 'HTTP_%s', $header) === 1) { - $key = str_replace('_', ' ', strtolower($key)); - $key = str_replace(' ', '-', ucwords($key)); + // take SOME_HEADER and turn it into Some-Header + $header = str_replace('_', ' ', strtolower($header)); + $header = str_replace(' ', '-', ucwords($header)); - $this->headers[$key] = $val; + $this->headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); } } -- cgit v1.2.3-24-g4f1b From c5c522a069cc504509955890aacd55b97979043b Mon Sep 17 00:00:00 2001 From: CJ Date: Wed, 17 Apr 2013 11:59:22 +0800 Subject: #2409: Force Content Type to go through camelization; --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6b7d5bd43..ff0bbe060 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -802,7 +802,7 @@ class CI_Input { return $this->headers = apache_request_headers(); } - $this->headers['CONTENT_TYPE'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $_SERVER['HTTP_CONTENT_TYPE'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { -- cgit v1.2.3-24-g4f1b From 8347f9161a1ba080be62b22eb546cceea8f8a8e9 Mon Sep 17 00:00:00 2001 From: CJ Date: Wed, 17 Apr 2013 21:45:22 +0800 Subject: See #2409: Avoid overwriting global $_SERVER and set Content-Type to protected property; --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ff0bbe060..0ef81128e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -802,7 +802,7 @@ class CI_Input { return $this->headers = apache_request_headers(); } - $_SERVER['HTTP_CONTENT_TYPE'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $this->headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { -- cgit v1.2.3-24-g4f1b From c941d855dc32ec44107cb863596fa385c7aed015 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Tue, 6 Aug 2013 14:44:40 +0200 Subject: Various typos and tabs adjustments --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 0ef81128e..6f184a3ca 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -47,7 +47,7 @@ class CI_Input { public $ip_address = FALSE; /** - * User agent strin + * User agent string * * @var string */ -- cgit v1.2.3-24-g4f1b From 40d124924ea331c6a57ab1b3f743299a41eb3f0c Mon Sep 17 00:00:00 2001 From: vlakoff Date: Tue, 6 Aug 2013 14:46:00 +0200 Subject: Replace php_sapi_name() function with PHP_SAPI constant exact same behavior but faster, shorter --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6f184a3ca..1e67ce183 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -872,7 +872,7 @@ class CI_Input { */ public function is_cli_request() { - return (php_sapi_name() === 'cli' OR defined('STDIN')); + return (PHP_SAPI === 'cli' OR defined('STDIN')); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 441fd264267ac526730d06183bd3cfebfd26df01 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Sun, 11 Aug 2013 20:36:41 +0200 Subject: Input class: change behavior of get_post() method, add post_get() method followup to PR #2522 --- system/core/Input.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 1e67ce183..24e21ea08 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -261,7 +261,7 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function get_post($index = '', $xss_clean = FALSE) + public function post_get($index = '', $xss_clean = FALSE) { return isset($_POST[$index]) ? $this->post($index, $xss_clean) @@ -270,6 +270,22 @@ class CI_Input { // -------------------------------------------------------------------- + /** + * Fetch an item from GET data with fallback to POST + * + * @param string $index Index for item to be fetched from $_GET or $_POST + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ + public function get_post($index = '', $xss_clean = FALSE) + { + return isset($_GET[$index]) + ? $this->get($index, $xss_clean) + : $this->post($index, $xss_clean); + } + + // -------------------------------------------------------------------- + /** * Fetch an item from the COOKIE array * -- cgit v1.2.3-24-g4f1b From fd0aabb1e6f3db088ad9b3079adc0f9bba9b6c2b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 23 Sep 2013 13:18:20 +0300 Subject: Fix issue #33 --- system/core/Input.php | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 24e21ea08..8c32e459e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -693,7 +693,14 @@ class CI_Input { foreach ($_COOKIE as $key => $val) { - $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); + if (($cookie_key = $this->_clean_input_keys($key)) !== FALSE) + { + $_COOKIE[$cookie_key] = $this->_clean_input_data($val); + } + else + { + unset($_COOKIE[$key]); + } } } @@ -706,7 +713,7 @@ class CI_Input { $this->security->csrf_verify(); } - log_message('debug', 'Global POST and COOKIE data sanitized'); + log_message('debug', 'Global POST, GET and COOKIE data sanitized'); } // -------------------------------------------------------------------- @@ -776,15 +783,25 @@ class CI_Input { * only named with alpha-numeric text and a few other items. * * @param string $str Input string - * @return string + * @param string $fatal Whether to terminate script exection + * or to return FALSE if an invalid + * key is encountered + * @return string|bool */ - protected function _clean_input_keys($str) + protected function _clean_input_keys($str, $fatal = TRUE) { if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str)) { - set_status_header(503); - echo 'Disallowed Key Characters.'; - exit(EXIT_USER_INPUT); + if ($fatal === TRUE) + { + return FALSE; + } + else + { + set_status_header(503); + echo 'Disallowed Key Characters.'; + exit(EXIT_USER_INPUT); + } } // Clean UTF-8 if supported -- cgit v1.2.3-24-g4f1b From f964b16f3db95d655420dfae2012ee9fbb98a1a8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Nov 2013 17:04:55 +0200 Subject: Deprecate CI_Input::is_cli_request() and add common function is_cli() to replace it Calls to this function are often needed before the Input library is available --- system/core/Input.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 8c32e459e..384e30d43 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -708,7 +708,7 @@ class CI_Input { $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); // CSRF Protection check - if ($this->_enable_csrf === TRUE && ! $this->is_cli_request()) + if ($this->_enable_csrf === TRUE && ! is_cli()) { $this->security->csrf_verify(); } @@ -901,11 +901,12 @@ class CI_Input { * * Test to see if a request was made from the command line. * - * @return bool + * @deprecated 3.0.0 Use is_cli() instead + * @return bool */ public function is_cli_request() { - return (PHP_SAPI === 'cli' OR defined('STDIN')); + return is_cli(); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 8f5420b5c59cb50dfb4834a3ab9a5bee5faadb1c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 6 Jan 2014 10:34:23 +0200 Subject: Make CI_Input::set_cookie() and cookie helpers set_cookie(), get_cookie(), delete_cookie()'s first (name) parameter mandatory --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 384e30d43..ded462190 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -361,7 +361,7 @@ class CI_Input { * @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript) * @return void */ - public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) + public function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { -- cgit v1.2.3-24-g4f1b From 5ac428bea999a332b46b17fe26ee0045e5cfd39c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Jan 2014 16:07:31 +0200 Subject: Fix #148 CI_Input::_clean_input_data() assumed that all input data is URL-encoded while sanitizing it. However, PHP already performs URL-decoding on it, so this is either redudant or overly intrusive as it resulted in many, many reports of data containing '%' followed by 1 numeric characters being essentially destroyed. Supersedes PR #1229 --- system/core/Input.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ded462190..164867636 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -687,9 +687,11 @@ class CI_Input { // but that when present will trip our 'Disallowed Key Characters' alarm // http://www.ietf.org/rfc/rfc2109.txt // note that the key names below are single quoted strings, and are not PHP variables - unset($_COOKIE['$Version']); - unset($_COOKIE['$Path']); - unset($_COOKIE['$Domain']); + unset( + $_COOKIE['$Version'], + $_COOKIE['$Path'], + $_COOKIE['$Domain'] + ); foreach ($_COOKIE as $key => $val) { @@ -756,7 +758,7 @@ class CI_Input { } // Remove control characters - $str = remove_invisible_characters($str); + $str = remove_invisible_characters($str, FALSE); // Should we filter the input data? if ($this->_enable_xss === TRUE) -- cgit v1.2.3-24-g4f1b From 80a16b1cd0d4716b5ea41497685a8fac02e34333 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Jan 2014 17:19:03 +0200 Subject: Fix #346 When ['global_xss_filtering'] was turned on, the , , & superglobals were automatically overwritten. This resulted in one of the following problems: - xss_clean() being called twice - Inability to retrieve the original (not filtered) value XSS filtering is now only applied on demand by the Input class, and the default value for the parameter in CI_Input methods is changed to NULL. Unless a boolean value is passed to them, whether XSS filtering is applied depends on the ['global_xss_filtering'] value. --- system/core/Input.php | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 164867636..f5123fa5b 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -151,8 +151,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + if (isset($array[$index])) { $value = $array[$index]; @@ -197,8 +199,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function get($index = NULL, $xss_clean = FALSE) + public function get($index = NULL, $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + // Check if a field has been provided if ($index === NULL) { @@ -229,8 +233,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function post($index = NULL, $xss_clean = FALSE) + public function post($index = NULL, $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + // Check if a field has been provided if ($index === NULL) { @@ -261,8 +267,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function post_get($index = '', $xss_clean = FALSE) + public function post_get($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + return isset($_POST[$index]) ? $this->post($index, $xss_clean) : $this->get($index, $xss_clean); @@ -277,8 +285,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function get_post($index = '', $xss_clean = FALSE) + public function get_post($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + return isset($_GET[$index]) ? $this->get($index, $xss_clean) : $this->post($index, $xss_clean); @@ -293,8 +303,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function cookie($index = '', $xss_clean = FALSE) + public function cookie($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -307,8 +319,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function server($index = '', $xss_clean = FALSE) + public function server($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -323,8 +337,10 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function input_stream($index = '', $xss_clean = FALSE) + public function input_stream($index = '', $xss_clean = NULL) { + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; + // The input stream can only be read once, so we'll need to check // if we have already done that first. if (is_array($this->_input_stream)) @@ -760,12 +776,6 @@ class CI_Input { // Remove control characters $str = remove_invisible_characters($str, FALSE); - // Should we filter the input data? - if ($this->_enable_xss === TRUE) - { - $str = $this->security->xss_clean($str); - } - // Standardize newlines if needed if ($this->_standardize_newlines === TRUE) { -- cgit v1.2.3-24-g4f1b From bfb635b276d880336db795f1a603de66ccfc80f6 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Jan 2014 18:32:05 +0200 Subject: Make newline standardization configurable Added ['standardize_newlines'] Also altered the Session cookie driver, which experienced issues with this feature due to it's HMAC verification failing after the Input class alters newlines in non-encrypted session cookies. Supersedes PR #2470 --- system/core/Input.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f5123fa5b..ccb70daec 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -63,7 +63,7 @@ class CI_Input { protected $_allow_get_array = TRUE; /** - * Standartize new lines flag + * Standardize new lines flag * * If set to TRUE, then newlines are standardized. * @@ -121,9 +121,10 @@ class CI_Input { { log_message('debug', 'Input Class Initialized'); - $this->_allow_get_array = (config_item('allow_get_array') === TRUE); - $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); - $this->_enable_csrf = (config_item('csrf_protection') === TRUE); + $this->_allow_get_array = (config_item('allow_get_array') === TRUE); + $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); + $this->_enable_csrf = (config_item('csrf_protection') === TRUE); + $this->_sandardize_newlines = (bool) config_item('standardize_newlines'); global $SEC; $this->security =& $SEC; -- cgit v1.2.3-24-g4f1b From 7c60b12da3260cb3046f3f500431a1b7a5fb766d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 8 Feb 2014 18:47:19 +0200 Subject: CI_Input tweaks - Make get_post(), post_get() and server()'s parameter mandatory. - Change default value of parameter to NULL for cookie(), input_stream() and _fetch_from_array() (for consistency with get(), post()). - Delegate Array-vs-single and parameter detection to _fetch_from_array() to overall simplify the code. --- system/core/Input.php | 85 ++++++++++++--------------------------------------- 1 file changed, 20 insertions(+), 65 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ccb70daec..35ce5f12f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -152,8 +152,20 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - protected function _fetch_from_array(&$array, $index = '', $xss_clean = NULL) + protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL) { + // If $index is NULL, it means that the whole $array is requested + if ($index === NULL) + { + $output = array(); + foreach (array_keys($array) as $key) + { + $output[$key] = $this->_fetch_from_array($array, $key, $xss_clean); + } + + return $output; + } + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; if (isset($array[$index])) @@ -202,26 +214,6 @@ class CI_Input { */ public function get($index = NULL, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - - // Check if a field has been provided - if ($index === NULL) - { - if (empty($_GET)) - { - return array(); - } - - $get = array(); - - // loop through the full _GET array - foreach (array_keys($_GET) as $key) - { - $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean); - } - return $get; - } - return $this->_fetch_from_array($_GET, $index, $xss_clean); } @@ -236,26 +228,6 @@ class CI_Input { */ public function post($index = NULL, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - - // Check if a field has been provided - if ($index === NULL) - { - if (empty($_POST)) - { - return array(); - } - - $post = array(); - - // Loop through the full _POST array and return it - foreach (array_keys($_POST) as $key) - { - $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean); - } - return $post; - } - return $this->_fetch_from_array($_POST, $index, $xss_clean); } @@ -268,10 +240,8 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function post_get($index = '', $xss_clean = NULL) + public function post_get($index, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return isset($_POST[$index]) ? $this->post($index, $xss_clean) : $this->get($index, $xss_clean); @@ -286,10 +256,8 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function get_post($index = '', $xss_clean = NULL) + public function get_post($index, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return isset($_GET[$index]) ? $this->get($index, $xss_clean) : $this->post($index, $xss_clean); @@ -304,10 +272,8 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function cookie($index = '', $xss_clean = NULL) + public function cookie($index = NULL, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -320,10 +286,8 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function server($index = '', $xss_clean = NULL) + public function server($index, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -338,23 +302,14 @@ class CI_Input { * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ - public function input_stream($index = '', $xss_clean = NULL) + public function input_stream($index = NULL, $xss_clean = NULL) { - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - // The input stream can only be read once, so we'll need to check // if we have already done that first. - if (is_array($this->_input_stream)) - { - return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); - } - - // Parse the input stream in our cache var - parse_str(file_get_contents('php://input'), $this->_input_stream); if ( ! is_array($this->_input_stream)) { - $this->_input_stream = array(); - return NULL; + parse_str(file_get_contents('php://input'), $this->_input_stream); + is_array($this->_input_stream) OR $this->_input_stream = array(); } return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); -- cgit v1.2.3-24-g4f1b From 871754af60251993d640981e107d2def5f2db396 Mon Sep 17 00:00:00 2001 From: darwinel Date: Tue, 11 Feb 2014 17:34:57 +0100 Subject: 2013 > 2014 Update copyright notices from 2013 to 2014. And update one calendar example in user_guide from year 2013/2014 to 2014/2015. --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 35ce5f12f..fdb308b5a 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From c26b9ebb00e29be2e972fece3bcf73d33249a64b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 24 Feb 2014 11:31:36 +0200 Subject: Don't use globals - Use load_class() to get objects during bootstrap process. - Change load_class() to accept a class constructor parameter instead of previously unused class name prefix. - Change CI_Router::__construct() to accept as a parameter. --- system/core/Input.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index fdb308b5a..620e50f63 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -126,14 +126,12 @@ class CI_Input { $this->_enable_csrf = (config_item('csrf_protection') === TRUE); $this->_sandardize_newlines = (bool) config_item('standardize_newlines'); - global $SEC; - $this->security =& $SEC; + $this->security =& load_class('Security', 'core'); // Do we need the UTF-8 class? if (UTF8_ENABLED === TRUE) { - global $UNI; - $this->uni =& $UNI; + $this->uni =& load_class('Utf8', 'core'); } // Sanitize global arrays -- cgit v1.2.3-24-g4f1b From 8850e37c3b5a8639033371a302f949c758de89fa Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 27 Feb 2014 21:56:06 +0200 Subject: Add parameter to CI_Input::user_agent() --- system/core/Input.php | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 620e50f63..1408da2cb 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -46,13 +46,6 @@ class CI_Input { */ public $ip_address = FALSE; - /** - * User agent string - * - * @var string - */ - public $user_agent = FALSE; - /** * Allow GET array flag * @@ -553,14 +546,9 @@ class CI_Input { * * @return string|null User Agent string or NULL if it doesn't exist */ - public function user_agent() + public function user_agent($xss_clean = NULL) { - if ($this->user_agent !== FALSE) - { - return $this->user_agent; - } - - return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : NULL; + return $this->_fetch_from_array($_SERVER, 'HTTP_USER_AGENT', $xss_clean); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 7cf682abf46bcaa112b63c500a884ba25c0dd8b3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 13 Mar 2014 14:55:45 +0200 Subject: Partially revert PR #2190 The core shouldn't depend on constants that are not defined by itself --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 1408da2cb..5ffe43d0e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -754,7 +754,7 @@ class CI_Input { { set_status_header(503); echo 'Disallowed Key Characters.'; - exit(EXIT_USER_INPUT); + exit(7); // EXIT_USER_INPUT } } -- cgit v1.2.3-24-g4f1b From 523cda30d21905d6ea4116dce5d44cc109e3e3e8 Mon Sep 17 00:00:00 2001 From: fabianozenatti Date: Fri, 21 Mar 2014 12:13:03 +0100 Subject: Fix typo in CI_Input constructor --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 5ffe43d0e..b8ad7e89c 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -117,7 +117,7 @@ class CI_Input { $this->_allow_get_array = (config_item('allow_get_array') === TRUE); $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); $this->_enable_csrf = (config_item('csrf_protection') === TRUE); - $this->_sandardize_newlines = (bool) config_item('standardize_newlines'); + $this->_standardize_newlines = (bool) config_item('standardize_newlines'); $this->security =& load_class('Security', 'core'); @@ -884,4 +884,4 @@ class CI_Input { } /* End of file Input.php */ -/* Location: ./system/core/Input.php */ \ No newline at end of file +/* Location: ./system/core/Input.php */ -- cgit v1.2.3-24-g4f1b From 28eca65d000c186f7a442e1f7716d3a5bf0a314c Mon Sep 17 00:00:00 2001 From: fabianozenatti Date: Fri, 21 Mar 2014 14:54:25 +0100 Subject: remove eol --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index b8ad7e89c..925047040 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -884,4 +884,4 @@ class CI_Input { } /* End of file Input.php */ -/* Location: ./system/core/Input.php */ +/* Location: ./system/core/Input.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From efc08e99f99657623c5add39b1e91bb452ae1ab5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 15 Apr 2014 14:32:52 +0300 Subject: Follow-up to aeed15eb8556ab671507f17ef9a8cf28903999aa --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 925047040..6986bd4d3 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -62,7 +62,7 @@ class CI_Input { * * @var bool */ - protected $_standardize_newlines = TRUE; + protected $_standardize_newlines; /** * Enable XSS flag -- cgit v1.2.3-24-g4f1b From b78a8c7d40446a3e2e36772706662fd033fe7d1d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 15 Apr 2014 17:21:16 +0300 Subject: Fix #3004 --- system/core/Input.php | 51 +-------------------------------------------------- 1 file changed, 1 insertion(+), 50 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6986bd4d3..b3bed724f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -558,8 +558,7 @@ class CI_Input { * * Internal method serving for the following purposes: * - * - Unsets $_GET data (if query strings are not enabled) - * - Unsets all globals if register_globals is enabled + * - Unsets $_GET data, if query strings are not enabled * - Cleans POST, COOKIE and SERVER data * - Standardizes newline characters to PHP_EOL * @@ -567,54 +566,6 @@ class CI_Input { */ protected function _sanitize_globals() { - // It would be "wrong" to unset any of these GLOBALS. - $protected = array( - '_SERVER', - '_GET', - '_POST', - '_FILES', - '_REQUEST', - '_SESSION', - '_ENV', - 'GLOBALS', - 'HTTP_RAW_POST_DATA', - 'system_folder', - 'application_folder', - 'BM', - 'EXT', - 'CFG', - 'URI', - 'RTR', - 'OUT', - 'IN' - ); - - // Unset globals for security. - // This is effectively the same as register_globals = off - // PHP 5.4 no longer has the register_globals functionality. - if ( ! is_php('5.4')) - { - foreach (array($_GET, $_POST, $_COOKIE) as $global) - { - if (is_array($global)) - { - foreach ($global as $key => $val) - { - if ( ! in_array($key, $protected)) - { - global $$key; - $$key = NULL; - } - } - } - elseif ( ! in_array($global, $protected)) - { - global $$global; - $$global = NULL; - } - } - } - // Is $_GET data allowed? If not we'll set the $_GET to an empty array if ($this->_allow_get_array === FALSE) { -- cgit v1.2.3-24-g4f1b From dc134a8a0e900d0e369ba35749e9530028832cbb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 8 May 2014 10:00:55 +0300 Subject: [ci skip] Update a comment for CI_Input::input_stream() --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index b3bed724f..544b7c08b 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -295,8 +295,8 @@ class CI_Input { */ public function input_stream($index = NULL, $xss_clean = NULL) { - // The input stream can only be read once, so we'll need to check - // if we have already done that first. + // Prior to PHP 5.6, the input stream can only be read once, + // so we'll need to check if we have already done that first. if ( ! is_array($this->_input_stream)) { parse_str(file_get_contents('php://input'), $this->_input_stream); -- cgit v1.2.3-24-g4f1b From f112e4a4aea6b1b6694fd1a420adecaba6d9a1ec Mon Sep 17 00:00:00 2001 From: Adriano Rosa Date: Fri, 3 Oct 2014 13:15:46 -0300 Subject: fix doc block get_request_header() This method does not return FALSE as said in doc block, the correct return is STRING or NULL. --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 544b7c08b..ada9fc680 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -766,7 +766,7 @@ class CI_Input { * * @param string $index Header name * @param bool $xss_clean Whether to apply XSS filtering - * @return string|bool The requested header on success or FALSE on failure + * @return string|null The requested header on success or NULL on failure */ public function get_request_header($index, $xss_clean = FALSE) { -- cgit v1.2.3-24-g4f1b From d444d445ed0458a352ecb9ff79ffd158677ee805 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 6 Oct 2014 00:00:08 +0300 Subject: config_item() to return NULL instead of FALSE for non-existing items Close #3001 Close #3232 Related: #3244 --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ada9fc680..9ae2f6d6f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -353,7 +353,7 @@ class CI_Input { $path = config_item('cookie_path'); } - if ($secure === FALSE && config_item('cookie_secure') !== FALSE) + if ($secure === FALSE && config_item('cookie_secure') === TRUE) { $secure = config_item('cookie_secure'); } -- cgit v1.2.3-24-g4f1b From bdb96ca1b1dbfc1791172fd169d7751cbc4d7d55 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 28 Oct 2014 00:13:31 +0200 Subject: [ci skip] Switch to MIT license; close #3293 --- system/core/Input.php | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 9ae2f6d6f..81555df9a 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -4,24 +4,35 @@ * * An open source application development framework for PHP 5.2.4 or newer * - * NOTICE OF LICENSE + * This content is released under the MIT License (MIT) * - * Licensed under the Open Software License version 3.0 + * Copyright (c) 2014, British Columbia Institute of Technology * - * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is - * also available through the world wide web at this URL: - * http://opensource.org/licenses/OSL-3.0 - * If you did not receive a copy of the license and are unable to obtain it - * through the world wide web, please send an email to - * licensing@ellislab.com so we can send you a copy immediately. + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: * - * @package CodeIgniter - * @author EllisLab Dev Team + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @package CodeIgniter + * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) - * @link http://codeigniter.com - * @since Version 1.0 + * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/) + * @license http://opensource.org/licenses/MIT MIT License + * @link http://codeigniter.com + * @since Version 1.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); -- cgit v1.2.3-24-g4f1b From 89432af4adb4011ad8aa5252838dc76a3a5acec7 Mon Sep 17 00:00:00 2001 From: Ahmad Anbar Date: Tue, 2 Dec 2014 10:04:46 +0200 Subject: Allow pulling multiple get/post ...etc at once --- system/core/Input.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 81555df9a..0dcb6f425 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -168,6 +168,18 @@ class CI_Input { return $output; } + // allow fetching multiple keys at once + if (is_array($index)) + { + $output = array(); + foreach($index as $var) + { + $output[$var] = $this->_fetch_from_array($array, $var, $xss_clean); + } + + return $output; + } + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; if (isset($array[$index])) -- cgit v1.2.3-24-g4f1b From ff89a4e7709933dda52698cd4abd389754ae8675 Mon Sep 17 00:00:00 2001 From: Ahmad Anbar Date: Tue, 2 Dec 2014 17:26:30 +0200 Subject: Added changelog entry updated documentation Fixed code style. --- system/core/Input.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 0dcb6f425..11b2e94e0 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -150,7 +150,7 @@ class CI_Input { * Internal method used to retrieve values from global arrays. * * @param array &$array $_GET, $_POST, $_COOKIE, $_SERVER, etc. - * @param string $index Index for item to be fetched from $array + * @param mixed $index Index for item to be fetched from $array * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ @@ -172,7 +172,7 @@ class CI_Input { if (is_array($index)) { $output = array(); - foreach($index as $var) + foreach ($index as $var) { $output[$var] = $this->_fetch_from_array($array, $var, $xss_clean); } @@ -222,7 +222,7 @@ class CI_Input { /** * Fetch an item from the GET array * - * @param string $index Index for item to be fetched from $_GET + * @param mixed $index Index for item to be fetched from $_GET * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ @@ -236,7 +236,7 @@ class CI_Input { /** * Fetch an item from the POST array * - * @param string $index Index for item to be fetched from $_POST + * @param mixed $index Index for item to be fetched from $_POST * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ @@ -282,7 +282,7 @@ class CI_Input { /** * Fetch an item from the COOKIE array * - * @param string $index Index for item to be fetched from $_COOKIE + * @param mixed $index Index for item to be fetched from $_COOKIE * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ @@ -296,7 +296,7 @@ class CI_Input { /** * Fetch an item from the SERVER array * - * @param string $index Index for item to be fetched from $_SERVER + * @param mixed $index Index for item to be fetched from $_SERVER * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ -- cgit v1.2.3-24-g4f1b From ef29f83f786aa968be3d9b7b55ccdc45f33c475d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 2 Dec 2014 18:03:47 +0200 Subject: Some optimizations & polishing following PR #3381 --- system/core/Input.php | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 11b2e94e0..d1353e9dc 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -156,32 +156,23 @@ class CI_Input { */ protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL) { - // If $index is NULL, it means that the whole $array is requested - if ($index === NULL) - { - $output = array(); - foreach (array_keys($array) as $key) - { - $output[$key] = $this->_fetch_from_array($array, $key, $xss_clean); - } + is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - return $output; - } + // If $index is NULL, it means that the whole $array is requested + isset($index) OR $index = array_keys($array); // allow fetching multiple keys at once if (is_array($index)) { $output = array(); - foreach ($index as $var) + foreach (array_keys($array) as $key) { - $output[$var] = $this->_fetch_from_array($array, $var, $xss_clean); + $output[$key] = $this->_fetch_from_array($array, $key, $xss_clean); } return $output; } - is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; - if (isset($array[$index])) { $value = $array[$index]; -- cgit v1.2.3-24-g4f1b From 6b3bf4c026cb8cb85ce53a985c64b22006695ce6 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 2 Dec 2014 18:04:41 +0200 Subject: Fix an error from the previous commit --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index d1353e9dc..0c6025d1e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -165,7 +165,7 @@ class CI_Input { if (is_array($index)) { $output = array(); - foreach (array_keys($array) as $key) + foreach ($index as $key) { $output[$key] = $this->_fetch_from_array($array, $key, $xss_clean); } -- cgit v1.2.3-24-g4f1b From fe9309d22c1b088f5363954d6dac013c8c955894 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 9 Jan 2015 17:48:58 +0200 Subject: Bulk (mostly documentation) update - Remove PHP version from license notices - Bump year number in copyright notices - Recommend PHP 5.4 or newer to be used - Tell Travis-CI to test on PHP 5.3.0 instead of the latest 5.3 version Related: #3450 --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 0c6025d1e..358417c79 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -2,11 +2,11 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.2.4 or newer + * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014, British Columbia Institute of Technology + * Copyright (c) 2014 - 2015, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link http://codeigniter.com * @since Version 1.0.0 -- cgit v1.2.3-24-g4f1b From 90726b8c769ea75aec34814ddfa91655d488e6c3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 20 Jan 2015 12:39:22 +0200 Subject: [ci skip] Change some log messages' level 'Class Loaded' type of messages flood log files when log_threshold is set to 2 (debug). They're now logged as 'info' level. This is manually applying PR #1528, which was created to do the same thing, but became outdated. --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 358417c79..1816a2014 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -123,8 +123,6 @@ class CI_Input { */ public function __construct() { - log_message('debug', 'Input Class Initialized'); - $this->_allow_get_array = (config_item('allow_get_array') === TRUE); $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); $this->_enable_csrf = (config_item('csrf_protection') === TRUE); @@ -140,6 +138,8 @@ class CI_Input { // Sanitize global arrays $this->_sanitize_globals(); + + log_message('info', 'Input Class Initialized'); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 4cbe463b4c442e0e2dae2f43565e77f7ac5ecb86 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Wed, 21 Jan 2015 22:56:22 +0100 Subject: Remove closing blocks at end of PHP files --- system/core/Input.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 1816a2014..72425c1c1 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -847,6 +847,3 @@ class CI_Input { } } - -/* End of file Input.php */ -/* Location: ./system/core/Input.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From f9fbf1187516363a48fe2fe7bc33d00ae11f134f Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Fri, 6 Feb 2015 09:21:07 +0100 Subject: Update Input.php Added support for json input stream. (Not tested) --- system/core/Input.php | 55 ++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 9 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 72425c1c1..3024fca78 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -103,6 +103,14 @@ class CI_Input { */ protected $headers = array(); + /** + * Raw input stream data + * + * @see CI_Input::input_stream() + * @var array + */ + protected $_raw_input_stream = NULL; + /** * Input stream data * @@ -111,7 +119,7 @@ class CI_Input { * @see CI_Input::input_stream() * @var array */ - protected $_input_stream = NULL; + protected $_input_stream = NULL; // Kept for backward compatible. /** * Class constructor @@ -298,6 +306,25 @@ class CI_Input { // ------------------------------------------------------------------------ + /** + * Fetch raw data from php://input stream + * + * Useful when data is not an array and might contain = and & symbols. + */ + public function raw_input_stream() + { + // Prior to PHP 5.6, the input stream can only be read once, + // so we'll need to check if we have already done that first. + if (is_null($this->_raw_input_stream)) + { + $this->_raw_input_stream = file_get_contents('php://input'); + } + + return $this->_raw_input_stream; + } + + // ------------------------------------------------------------------------ + /** * Fetch an item from the php://input stream * @@ -309,16 +336,26 @@ class CI_Input { */ public function input_stream($index = NULL, $xss_clean = NULL) { - // Prior to PHP 5.6, the input stream can only be read once, - // so we'll need to check if we have already done that first. - if ( ! is_array($this->_input_stream)) - { - parse_str(file_get_contents('php://input'), $this->_input_stream); - is_array($this->_input_stream) OR $this->_input_stream = array(); - } - + parse_str($this->raw_input_stream(), $this->_input_stream); return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); } + + // ------------------------------------------------------------------------ + + /** + * Fetch an item from the php://input stream + * + * Useful when you need to access input that's been send as raw json data' + * + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ + public function json_input_stream($index = NULL, $xss_clean = NULL) + { + $json_input_stream = json_decode($this->raw_input_stream(), true); + return $this->_fetch_from_array($json_input_stream, $index, $xss_clean); + } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From d02a69a4784db9248af43e51d9288e758a346f31 Mon Sep 17 00:00:00 2001 From: İrfan Evrens Date: Fri, 6 Feb 2015 20:53:22 +0200 Subject: a tiny change --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 72425c1c1..fae3b6c08 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -702,7 +702,7 @@ class CI_Input { * only named with alpha-numeric text and a few other items. * * @param string $str Input string - * @param string $fatal Whether to terminate script exection + * @param bool $fatal Whether to terminate script exection * or to return FALSE if an invalid * key is encountered * @return string|bool -- cgit v1.2.3-24-g4f1b From a8c964c5a1d48d9a70ed5826a086e9eba9963cc9 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 19 Feb 2015 01:26:06 +0100 Subject: documentation changes --- system/core/Input.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 3024fca78..f181c27ce 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -104,9 +104,9 @@ class CI_Input { protected $headers = array(); /** - * Raw input stream data + * Raw input stream data as received from php://input * - * @see CI_Input::input_stream() + * @see CI_Input::raw_input_stream() * @var array */ protected $_raw_input_stream = NULL; @@ -114,12 +114,12 @@ class CI_Input { /** * Input stream data * - * Parsed from php://input at runtime + * Parsed from raw_input_stream at runtime * * @see CI_Input::input_stream() * @var array */ - protected $_input_stream = NULL; // Kept for backward compatible. + protected $_input_stream = NULL; /** * Class constructor @@ -309,7 +309,7 @@ class CI_Input { /** * Fetch raw data from php://input stream * - * Useful when data is not an array and might contain = and & symbols. + * Useful when data is not an array. */ public function raw_input_stream() { @@ -326,7 +326,7 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Fetch an item from the php://input stream + * Fetch an item from the input stream * * Useful when you need to access PUT, DELETE or PATCH request data. * @@ -343,9 +343,9 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Fetch an item from the php://input stream + * Fetch an item from the input stream * - * Useful when you need to access input that's been send as raw json data' + * Useful when you need to access input that's been send as json' * * @param string $index Index for item to be fetched * @param bool $xss_clean Whether to apply XSS filtering -- cgit v1.2.3-24-g4f1b From 0b5569f11b9eab01e3b1571eb6012308a3868f01 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Fri, 20 Feb 2015 17:56:55 +0100 Subject: Added support for raw_input_stream property. --- system/core/Input.php | 81 ++++++++++++++++++--------------------------------- 1 file changed, 28 insertions(+), 53 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f181c27ce..97884d309 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -103,22 +103,16 @@ class CI_Input { */ protected $headers = array(); - /** - * Raw input stream data as received from php://input - * - * @see CI_Input::raw_input_stream() - * @var array - */ protected $_raw_input_stream = NULL; /** - * Input stream data - * - * Parsed from raw_input_stream at runtime - * - * @see CI_Input::input_stream() - * @var array - */ + * Input stream data + * + * Parsed from php://input at runtime + * + * @see CI_Input::input_stream() + * @var array + */ protected $_input_stream = NULL; /** @@ -307,54 +301,35 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Fetch raw data from php://input stream - * - * Useful when data is not an array. - */ - public function raw_input_stream() + * Fetch an item from the php://input stream + * + * Useful when you need to access PUT, DELETE or PATCH request data. + * + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ + public function input_stream($index = NULL, $xss_clean = NULL) { - // Prior to PHP 5.6, the input stream can only be read once, - // so we'll need to check if we have already done that first. - if (is_null($this->_raw_input_stream)) + // Prior to PHP 5.6, the input stream can only be read once, + // so we'll need to check if we have already done that first. + if ( ! is_array($this->_input_stream)) { - $this->_raw_input_stream = file_get_contents('php://input'); + parse_str($this->raw_input_stream, $this->_input_stream); + is_array($this->_input_stream) OR $this->_input_stream = array(); } - - return $this->_raw_input_stream; - } - - // ------------------------------------------------------------------------ - - /** - * Fetch an item from the input stream - * - * Useful when you need to access PUT, DELETE or PATCH request data. - * - * @param string $index Index for item to be fetched - * @param bool $xss_clean Whether to apply XSS filtering - * @return mixed - */ - public function input_stream($index = NULL, $xss_clean = NULL) - { - parse_str($this->raw_input_stream(), $this->_input_stream); return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); } - + // ------------------------------------------------------------------------ - /** - * Fetch an item from the input stream - * - * Useful when you need to access input that's been send as json' - * - * @param string $index Index for item to be fetched - * @param bool $xss_clean Whether to apply XSS filtering - * @return mixed - */ - public function json_input_stream($index = NULL, $xss_clean = NULL) + public function __get($name) { - $json_input_stream = json_decode($this->raw_input_stream(), true); - return $this->_fetch_from_array($json_input_stream, $index, $xss_clean); + if ($name === 'raw_input_stream') + { + isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); + return $this->_raw_input_stream; + } } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From cae95883a03b686d24b1d62191f38723ae958960 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 26 Feb 2015 02:46:14 +0100 Subject: funny tabs & spaces added and removed. --- system/core/Input.php | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 97884d309..14f3e1083 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -103,16 +103,16 @@ class CI_Input { */ protected $headers = array(); - protected $_raw_input_stream = NULL; + protected $_raw_input_stream; /** - * Input stream data - * - * Parsed from php://input at runtime - * - * @see CI_Input::input_stream() - * @var array - */ + * Input stream data + * + * Parsed from php://input at runtime + * + * @see CI_Input::input_stream() + * @var array + */ protected $_input_stream = NULL; /** @@ -301,23 +301,25 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Fetch an item from the php://input stream - * - * Useful when you need to access PUT, DELETE or PATCH request data. - * - * @param string $index Index for item to be fetched - * @param bool $xss_clean Whether to apply XSS filtering - * @return mixed - */ + * Fetch an item from the php://input stream + * + * Useful when you need to access PUT, DELETE or PATCH request data. + * + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering + * @return mixed + */ public function input_stream($index = NULL, $xss_clean = NULL) { - // Prior to PHP 5.6, the input stream can only be read once, - // so we'll need to check if we have already done that first. + // Prior to PHP 5.6, the input stream can only be read once, + // so we'll need to check if we have already done that first. if ( ! is_array($this->_input_stream)) { + // $this->raw_input_stream will trigger __get(). parse_str($this->raw_input_stream, $this->_input_stream); is_array($this->_input_stream) OR $this->_input_stream = array(); } + return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From 1e35792cc2d231cba11c2faefd71717ab67a46d2 Mon Sep 17 00:00:00 2001 From: Ignasimg Date: Thu, 26 Feb 2015 18:02:45 +0100 Subject: Update Input.php --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 14f3e1083..a72c4ac1e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -305,8 +305,8 @@ class CI_Input { * * Useful when you need to access PUT, DELETE or PATCH request data. * - * @param string $index Index for item to be fetched - * @param bool $xss_clean Whether to apply XSS filtering + * @param string $index Index for item to be fetched + * @param bool $xss_clean Whether to apply XSS filtering * @return mixed */ public function input_stream($index = NULL, $xss_clean = NULL) @@ -319,7 +319,7 @@ class CI_Input { parse_str($this->raw_input_stream, $this->_input_stream); is_array($this->_input_stream) OR $this->_input_stream = array(); } - + return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From d0ac8b132390387d08bcaa5a20fbea35a350c9d3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 27 Feb 2015 11:41:52 +0200 Subject: Fix an E_NOTICE caused by #3604 --- system/core/Input.php | 43 ++++++++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 13 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index c3382b4d9..3e792fc13 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -103,17 +103,26 @@ class CI_Input { */ protected $headers = array(); + /** + * Raw input stream data + * + * Holds a cache of php://input contents + * + * @var string + */ protected $_raw_input_stream; /** - * Input stream data + * Parsed input stream data * * Parsed from php://input at runtime * * @see CI_Input::input_stream() * @var array */ - protected $_input_stream = NULL; + protected $_input_stream; + + // -------------------------------------------------------------------- /** * Class constructor @@ -325,17 +334,6 @@ class CI_Input { // ------------------------------------------------------------------------ - public function __get($name) - { - if ($name === 'raw_input_stream') - { - isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); - return $this->_raw_input_stream; - } - } - - // ------------------------------------------------------------------------ - /** * Set cookie * @@ -860,4 +858,23 @@ class CI_Input { : strtolower($this->server('REQUEST_METHOD')); } + // ------------------------------------------------------------------------ + + /** + * Magic __get() + * + * Allows read access to protected properties + * + * @param string $name + * @return mixed + */ + public function __get($name) + { + if ($name === 'raw_input_stream') + { + isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); + return $this->_raw_input_stream; + } + } + } -- cgit v1.2.3-24-g4f1b From 88fd8e4548eb50d8307757b8e37333ded8f221e9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 27 Feb 2015 11:43:01 +0200 Subject: Eh ... really fix that notice (#3604) --- system/core/Input.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 3e792fc13..484397d63 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -122,6 +122,8 @@ class CI_Input { */ protected $_input_stream; + protected $security; + // -------------------------------------------------------------------- /** -- cgit v1.2.3-24-g4f1b From 7d365dcc8bdf69534b54401cc862be105e1a8a28 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 27 Feb 2015 14:32:15 +0200 Subject: Fix #3633 --- system/core/Input.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 484397d63..be9f3c169 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -123,6 +123,7 @@ class CI_Input { protected $_input_stream; protected $security; + protected $uni; // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 52caf59f244e0c1363ac0ce6ba61a7f5001603df Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 27 Feb 2015 15:09:34 +0200 Subject: Make CI_Input:: read-only as well --- system/core/Input.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index be9f3c169..6be4b9a6c 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -55,7 +55,7 @@ class CI_Input { * * @var string */ - public $ip_address = FALSE; + protected $ip_address = FALSE; /** * Allow GET array flag @@ -878,6 +878,10 @@ class CI_Input { isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); return $this->_raw_input_stream; } + elseif ($name === 'ip_address') + { + return $this->ip_address; + } } } -- cgit v1.2.3-24-g4f1b From 0fc46caedd690b05141a0b80bc5d7bca9b72b61b Mon Sep 17 00:00:00 2001 From: Heesung Ahn Date: Wed, 18 Mar 2015 18:49:22 -0400 Subject: Updated CI_Input unit test and fixed error "undefined offset" caused by using the same variable name, $i, twice for for loop inside for loop. Signed-off-by:Heesung Ahn --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6be4b9a6c..12332cf51 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -490,9 +490,9 @@ class CI_Input { ) ); - for ($i = 0; $i < 8; $i++) + for ($j = 0; $j < 8; $j++) { - $ip[$i] = intval($ip[$i], 16); + $ip[$j] = intval($ip[$j], 16); } $sprintf = '%016b%016b%016b%016b%016b%016b%016b%016b'; -- cgit v1.2.3-24-g4f1b From b76394834a3e36e8c376913cd9666a8d7a4cea45 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 8 Jun 2015 14:44:47 +0300 Subject: Fix #3890 --- system/core/Input.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 12332cf51..b0bbb7b8d 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -799,19 +799,27 @@ class CI_Input { */ public function get_request_header($index, $xss_clean = FALSE) { - if (empty($this->headers)) + static $headers; + + if ( ! isset($headers)) { - $this->request_headers(); + empty($this->headers) OR $this->request_headers(); + foreach ($this->headers as $key => $value) + { + $headers[strtolower($key)] = $value; + } } - if ( ! isset($this->headers[$index])) + $index = strtolower($index); + + if ( ! isset($headers[$index])) { return NULL; } return ($xss_clean === TRUE) - ? $this->security->xss_clean($this->headers[$index]) - : $this->headers[$index]; + ? $this->security->xss_clean($headers[$index]) + : $headers[$index]; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 10fb7d17b2025de4963da8b0108fda4da36ade11 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 3 Aug 2015 10:05:29 +0300 Subject: [ci skip] Normalize tabs/spaces Partial changes from PR #4016 --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index b0bbb7b8d..e1319be8d 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -682,7 +682,7 @@ class CI_Input { /* We strip slashes if magic quotes is on to keep things consistent NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and - it will probably not exist in future versions at all. + it will probably not exist in future versions at all. */ if ( ! is_php('5.4') && get_magic_quotes_gpc()) { @@ -844,7 +844,7 @@ class CI_Input { * Test to see if a request was made from the command line. * * @deprecated 3.0.0 Use is_cli() instead - * @return bool + * @return bool */ public function is_cli_request() { -- cgit v1.2.3-24-g4f1b From d45180cb98cd987e2d5cce57a7965a87ee2aed7b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 15 Aug 2015 09:09:38 +0300 Subject: Fix #4056 --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index e1319be8d..d896495e9 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -803,7 +803,7 @@ class CI_Input { if ( ! isset($headers)) { - empty($this->headers) OR $this->request_headers(); + empty($this->headers) && $this->request_headers(); foreach ($this->headers as $key => $value) { $headers[strtolower($key)] = $value; -- cgit v1.2.3-24-g4f1b From dd28a888e8d9934260b14d0b7601da375fe75b8d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 7 Sep 2015 16:03:05 +0300 Subject: Move csrf_verify() call out of _sanitize_globals() It doesn't belong in there. --- system/core/Input.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index d896495e9..67a495e74 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -153,6 +153,12 @@ class CI_Input { // Sanitize global arrays $this->_sanitize_globals(); + // CSRF Protection check + if ($this->_enable_csrf === TRUE && ! is_cli()) + { + $this->security->csrf_verify(); + } + log_message('info', 'Input Class Initialized'); } @@ -647,12 +653,6 @@ class CI_Input { // Sanitize PHP_SELF $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); - // CSRF Protection check - if ($this->_enable_csrf === TRUE && ! is_cli()) - { - $this->security->csrf_verify(); - } - log_message('debug', 'Global POST, GET and COOKIE data sanitized'); } -- cgit v1.2.3-24-g4f1b From e70238e8acd4ebdf1a3e30d63e8ffb1a46ab6d15 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 7 Sep 2015 16:07:45 +0300 Subject: Remove unnecessary count() calls from _sanitize_globals() foreach() just won't execute for an empty array, it does that check internally. --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 67a495e74..4e7a4e95e 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -606,7 +606,7 @@ class CI_Input { { $_GET = array(); } - elseif (is_array($_GET) && count($_GET) > 0) + elseif (is_array($_GET)) { foreach ($_GET as $key => $val) { @@ -615,7 +615,7 @@ class CI_Input { } // Clean $_POST Data - if (is_array($_POST) && count($_POST) > 0) + if (is_array($_POST)) { foreach ($_POST as $key => $val) { @@ -624,7 +624,7 @@ class CI_Input { } // Clean $_COOKIE Data - if (is_array($_COOKIE) && count($_COOKIE) > 0) + if (is_array($_COOKIE)) { // Also get rid of specially treated cookies that might be set by a server // or silly application, that are of no use to a CI application anyway -- cgit v1.2.3-24-g4f1b From 125ef4751080a2118cb203357d77687699e3eb25 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:33:00 +0200 Subject: [ci skip] Bump year to 2016 --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 4e7a4e95e..55474fd0c 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2015, British Columbia Institute of Technology + * Copyright (c) 2014 - 2016, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link http://codeigniter.com * @since Version 1.0.0 -- cgit v1.2.3-24-g4f1b From bd202c91b0e9cf0a8c93bcaa71df9574f5909346 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:50:18 +0200 Subject: [ci skip] Update codeigniter.com links to https --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 55474fd0c..bb7ad23ba 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -31,7 +31,7 @@ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License - * @link http://codeigniter.com + * @link https://codeigniter.com * @since Version 1.0.0 * @filesource */ @@ -46,7 +46,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @subpackage Libraries * @category Input * @author EllisLab Dev Team - * @link http://codeigniter.com/user_guide/libraries/input.html + * @link https://codeigniter.com/user_guide/libraries/input.html */ class CI_Input { -- cgit v1.2.3-24-g4f1b From 1924e879b165fb119847a49a7a5eab2f28295fa2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:55:34 +0200 Subject: [ci skip] Update ellislab.com links to https too --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index bb7ad23ba..a7c9ecd0d 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -28,7 +28,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com -- cgit v1.2.3-24-g4f1b From cd3d5956f7880091740489c5f24af0e72f677c0c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 4 Apr 2016 10:28:31 +0300 Subject: Fix #4563 --- system/core/Input.php | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index a7c9ecd0d..50ca047e8 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -760,30 +760,32 @@ class CI_Input { // If header is already defined, return it immediately if ( ! empty($this->headers)) { - return $this->headers; + return $this->_fetch_from_array($this->headers, NULL, $xss_clean); } // In Apache, you can simply call apache_request_headers() if (function_exists('apache_request_headers')) { - return $this->headers = apache_request_headers(); + $this->headers = apache_request_headers(); } - - $this->headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); - - foreach ($_SERVER as $key => $val) + else { - if (sscanf($key, 'HTTP_%s', $header) === 1) + isset($_SERVER['CONTENT_TYPE']) && $this->headers['Content-Type'] = $_SERVER['CONTENT_TYPE']; + + foreach ($_SERVER as $key => $val) { - // take SOME_HEADER and turn it into Some-Header - $header = str_replace('_', ' ', strtolower($header)); - $header = str_replace(' ', '-', ucwords($header)); + if (sscanf($key, 'HTTP_%s', $header) === 1) + { + // take SOME_HEADER and turn it into Some-Header + $header = str_replace('_', ' ', strtolower($header)); + $header = str_replace(' ', '-', ucwords($header)); - $this->headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); + $this->headers[$header] = $_SERVER[$key]; + } } } - return $this->headers; + return $this->_fetch_from_array($this->headers, NULL, $xss_clean); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 9fd9248a2d712d5ae95bf2e6c6cd036e6b522cbb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 19 Jul 2016 14:04:17 +0300 Subject: Fix #4679 --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 50ca047e8..b81d51ebf 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -519,9 +519,9 @@ class CI_Input { if ($separator === ':') { $netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr)); - for ($i = 0; $i < 8; $i++) + for ($j = 0; $j < 8; $j++) { - $netaddr[$i] = intval($netaddr[$i], 16); + $netaddr[$i] = intval($netaddr[$j], 16); } } else -- cgit v1.2.3-24-g4f1b From 3a89d3c05303d25486576de3d056f39585decfe4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 3 Nov 2016 16:26:31 +0200 Subject: Fix #4679, for real --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index b81d51ebf..24fe8a9cc 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -521,7 +521,7 @@ class CI_Input { $netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr)); for ($j = 0; $j < 8; $j++) { - $netaddr[$i] = intval($netaddr[$j], 16); + $netaddr[$j] = intval($netaddr[$j], 16); } } else -- cgit v1.2.3-24-g4f1b From da60e9bc66ec90970fbd2dfd08b0a6e66b9f5f5f Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Sat, 31 Dec 2016 08:46:18 -0800 Subject: Update copyright data to 2017 --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 24fe8a9cc..d7cd29261 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 -- cgit v1.2.3-24-g4f1b From 422b8890e8b41a9ecf6644bff169c8c82fa2c82d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 1 Feb 2017 14:36:49 +0200 Subject: Fix a CI_Input::set_cookie() bug Found on StackOverflow: https://stackoverflow.com/questions/41925028/codeigniter-config-overrides-set-cookie-parameters --- system/core/Input.php | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index d7cd29261..af4f87c1f 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -359,7 +359,7 @@ class CI_Input { * @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript) * @return void */ - public function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) + public function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL) { if (is_array($name)) { @@ -388,15 +388,13 @@ class CI_Input { $path = config_item('cookie_path'); } - if ($secure === FALSE && config_item('cookie_secure') === TRUE) - { - $secure = config_item('cookie_secure'); - } + $secure = ($secure === NULL && config_item('cookie_secure') !== NULL) + ? (bool) config_item('cookie_secure') + : (bool) $secure; - if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) - { - $httponly = config_item('cookie_httponly'); - } + $httponly = ($httponly === NULL && config_item('cookie_httponly') !== NULL) + ? (bool) config_item('cookie_httponly') + : (bool) $httponly; if ( ! is_numeric($expire)) { -- cgit v1.2.3-24-g4f1b