From 3c0846b019ed533852a148eb68c62a02c03d27a8 Mon Sep 17 00:00:00 2001
From: bigCat <i@ooxx.me>
Date: Tue, 21 Aug 2012 00:20:20 +0800
Subject: China's biggest ICP China Telecom will hijack user and leave a cookie
 contains | . such as "1345466626|7601294|43373|0|0|0" it's impossible to fix
 this shit...

---
 system/core/Input.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/core/Input.php')

diff --git a/system/core/Input.php b/system/core/Input.php
index 968a42a9a..d7bfed3f8 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -620,7 +620,7 @@ class CI_Input {
 	 */
 	protected function _clean_input_keys($str)
 	{
-		if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str))
+		if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str))
 		{
 			set_status_header(503);
 			exit('Disallowed Key Characters.');
-- 
cgit v1.2.3-24-g4f1b


From c5536aac5752054f7f76e448d58b86407d8f574e Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Thu, 1 Nov 2012 17:33:58 +0200
Subject: Manually apply PR #1594 (fixing phpdoc page-level
 generation/warnings)

Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files.
---
 system/core/Input.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'system/core/Input.php')

diff --git a/system/core/Input.php b/system/core/Input.php
index f6213c34e..c6063a280 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php
 /**
  * CodeIgniter
  *
@@ -24,6 +24,7 @@
  * @since		Version 1.0
  * @filesource
  */
+defined('BASEPATH') OR exit('No direct script access allowed');
 
 /**
  * Input Class
-- 
cgit v1.2.3-24-g4f1b


From e24eed7e4e410fabf7479a67d3a27e2596444505 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Fri, 2 Nov 2012 23:33:45 +0200
Subject: Some micro-optimizations

---
 system/core/Input.php | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'system/core/Input.php')

diff --git a/system/core/Input.php b/system/core/Input.php
index c6063a280..142e2b434 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -356,11 +356,7 @@ class CI_Input {
 					// Some proxies typically list the whole chain of IP
 					// addresses through which the client has reached us.
 					// e.g. client_ip, proxy_ip1, proxy_ip2, etc.
-					if (strpos($spoof, ',') !== FALSE)
-					{
-						$spoof = explode(',', $spoof, 2);
-						$spoof = $spoof[0];
-					}
+					sscanf($spoof, '%[^,]', $spoof);
 
 					if ( ! $this->valid_ip($spoof))
 					{
@@ -430,7 +426,7 @@ class CI_Input {
 					}
 
 					// Split the netmask length off the network address
-					list($netaddr, $masklen) = explode('/', $proxy_ips[$i], 2);
+					sscanf($proxy_ips[$i], '%[^/]/%d', $netaddr, $masklen);
 
 					// Again, an IPv6 address is most likely in a compressed form
 					if ($separator === ':')
-- 
cgit v1.2.3-24-g4f1b


From 303eef056b7317a1e4f06feb26fdb452a59c3a51 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Tue, 6 Nov 2012 14:55:48 +0200
Subject: Added CI_Input::input_stream()

Helps in reading php://input stream data by caching it when accessed for the first time.

(supersedes PR #1684)
---
 system/core/Input.php | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

(limited to 'system/core/Input.php')

diff --git a/system/core/Input.php b/system/core/Input.php
index c0158df99..adc5f7ac0 100644
--- a/system/core/Input.php
+++ b/system/core/Input.php
@@ -99,6 +99,16 @@ class CI_Input {
 	 */
 	protected $headers = array();
 
+	/**
+	 * Input stream data
+	 *
+	 * Parsed from php://input at runtime
+	 *
+	 * @see	CI_Input::input_stream()
+	 * @var	array
+	 */
+	protected $_input_stream = NULL;
+
 	/**
 	 * Class constructor
 	 *
@@ -256,6 +266,37 @@ class CI_Input {
 
 	// ------------------------------------------------------------------------
 
+	/**
+	 * Fetch an item from the php://input stream
+	 *
+	 * Useful when you need to access PUT, DELETE or PATCH request data.
+	 *
+	 * @param	string	$index		Index for item to be fetched
+	 * @param	bool	$xss_clean	Whether to apply XSS filtering
+	 * @return	mixed
+	 */
+	public function input_stream($index = '', $xss_clean = FALSE)
+	{
+		// The input stream can only be read once, so we'll need to check
+		// if we have already done that first.
+		if (is_array($this->_input_stream))
+		{
+			return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean);
+		}
+
+		// Parse the input stream in our cache var
+		parse_str(file_get_contents('php://input'), $this->_input_stream);
+		if ( ! is_array($this->_input_stream))
+		{
+			$this->_input_stream = array();
+			return NULL;
+		}
+
+		return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean);
+	}
+
+	// ------------------------------------------------------------------------
+
 	/**
 	 * Set cookie
 	 *
-- 
cgit v1.2.3-24-g4f1b