From 55a6ddb0c7bab1149bb1ddfa3a1aff46612c91d4 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 23 May 2012 18:37:24 +0100 Subject: Input, Session and Cookie get's will return NULL. Read more about this change here: http://codeigniter.com/forums/viewthread/215833 --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index e916ac66d..97be9e690 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -135,7 +135,7 @@ class CI_Input { { if ( ! isset($array[$index])) { - return FALSE; + return NULL; } if ($xss_clean === TRUE) @@ -659,7 +659,7 @@ class CI_Input { if ( ! isset($this->headers[$index])) { - return FALSE; + return NULL; } return ($xss_clean === TRUE) -- cgit v1.2.3-24-g4f1b From ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sat, 2 Jun 2012 11:07:47 +0100 Subject: Replaced `==` with `===` and `!=` with `!==` in /system/core --- system/core/Input.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 97be9e690..284b15697 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -263,23 +263,23 @@ class CI_Input { } } - if ($prefix == '' && config_item('cookie_prefix') != '') + if ($prefix === '' && config_item('cookie_prefix') !== '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' && config_item('cookie_domain') != '') + if ($domain === '' && config_item('cookie_domain') !== '') { $domain = config_item('cookie_domain'); } - if ($path == '/' && config_item('cookie_path') !== '/') + if ($path === '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE && config_item('cookie_secure') != FALSE) + if ($secure === FALSE && config_item('cookie_secure') !== FALSE) { $secure = config_item('cookie_secure'); } - if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) { $httponly = config_item('cookie_httponly'); } @@ -324,7 +324,7 @@ class CI_Input { return $this->ip_address; } - if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + if (config_item('proxy_ips') !== '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); @@ -459,7 +459,7 @@ class CI_Input { } // Is $_GET data allowed? If not we'll set the $_GET to an empty array - if ($this->_allow_get_array == FALSE) + if ($this->_allow_get_array === FALSE) { $_GET = array(); } @@ -502,7 +502,7 @@ class CI_Input { $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); // CSRF Protection check - if ($this->_enable_csrf == TRUE) + if ($this->_enable_csrf === TRUE) { $this->security->csrf_verify(); } @@ -559,7 +559,7 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines === TRUE && strpos($str, "\r") !== FALSE) { return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } -- cgit v1.2.3-24-g4f1b From 9ba661b02c492e89028e5c67b7edbfc0efefc9f1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 4 Jun 2012 14:44:34 +0300 Subject: Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d --- system/core/Input.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 284b15697..73f46ba6a 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -267,18 +267,22 @@ class CI_Input { { $prefix = config_item('cookie_prefix'); } - if ($domain === '' && config_item('cookie_domain') !== '') + + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } + if ($path === '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } + if ($secure === FALSE && config_item('cookie_secure') !== FALSE) { $secure = config_item('cookie_secure'); } + if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) { $httponly = config_item('cookie_httponly'); @@ -324,7 +328,7 @@ class CI_Input { return $this->ip_address; } - if (config_item('proxy_ips') !== '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); -- cgit v1.2.3-24-g4f1b From c28b651b91367e86f1bd6ab7f0cd6c45e58811ab Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 14:26:04 +0200 Subject: Add support for ipv6 --- system/core/Input.php | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 73f46ba6a..6a5a9d8f0 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,27 @@ class CI_Input { */ public function valid_ip($ip) { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + if($this->ip_version($ip) === '4') + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + } + else + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); + } + } + + // -------------------------------------------------------------------- + + /** + * Return ip version + * + * @param string + * @return string + */ + public function ip_version($ip) + { + return strpos($ip, ":") === false ? '4' : '6'; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 0723617703dda3660597d9cdef59e7cdded1c497 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 14:39:02 +0200 Subject: follow styling guide --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6a5a9d8f0..ac67aaf4f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if($this->ip_version($ip) === '4') + if ($this->ip_version($ip) === '4') { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 908f36a583384b0314d04c4cfe71992746e35daa Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 15:47:22 +0200 Subject: ip_version() now returns int instead of string --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ac67aaf4f..36ff96d03 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if ($this->ip_version($ip) === '4') + if ($this->ip_version($ip) === 4) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } @@ -399,11 +399,11 @@ class CI_Input { * Return ip version * * @param string - * @return string + * @return int */ public function ip_version($ip) { - return strpos($ip, ":") === false ? '4' : '6'; + return strpos($ip, ":") === false ? 4 : 6; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 1eb9b127cfb3aef5d89b86a48e35b2f35cd17f81 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 17:57:40 +0200 Subject: styling guide false -> FALSE --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 36ff96d03..c1f2086c4 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -403,7 +403,7 @@ class CI_Input { */ public function ip_version($ip) { - return strpos($ip, ":") === false ? 4 : 6; + return strpos($ip, ":") === FALSE ? 4 : 6; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 1ab6f6520ebfc016c49cfbe3a4d9d009be5da268 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 20:14:13 +0200 Subject: removed ip_version() --- system/core/Input.php | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index c1f2086c4..b986c4973 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,27 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if ($this->ip_version($ip) === 4) - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } - else - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); - } - } - - // -------------------------------------------------------------------- - - /** - * Return ip version - * - * @param string - * @return int - */ - public function ip_version($ip) - { - return strpos($ip, ":") === FALSE ? 4 : 6; + return (bool) filter_var($ip, FILTER_VALIDATE_IP); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 5a257187c4ca09ea61c19999bf061cec3f224cc2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 10 Jun 2012 06:18:14 +0300 Subject: Merge branch 2.1-stable into develop --- system/core/Input.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index b986c4973..162e40c85 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -376,14 +376,26 @@ class CI_Input { /** * Validate IP Address * - * Updated version suggested by Geert De Deckere - * * @param string + * @param string 'ipv4' or 'ipv6' * @return bool */ - public function valid_ip($ip) + public function valid_ip($ip, $which = '') { - return (bool) filter_var($ip, FILTER_VALIDATE_IP); + switch (strtolower($which)) + { + case 'ipv4': + $which = FILTER_FLAG_IPV4; + break; + case 'ipv6': + $which = FILTER_FLAG_IPV6; + break; + default: + $which = NULL; + break; + } + + return (bool) filter_var($ip, FILTER_VALIDATE_IP, $which); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 0d2c06ea1d96ea3f35dd1e7856977a24cec43233 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Jun 2012 02:33:45 +0300 Subject: Change file permissions for system/core/*.php and system/database/DB.php so that they don't differ from the rest --- system/core/Input.php | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 system/core/Input.php (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php old mode 100755 new mode 100644 -- cgit v1.2.3-24-g4f1b From a5a71359a5b320b0dc35fabfeb3e74e97a466a10 Mon Sep 17 00:00:00 2001 From: Jordan Pittman Date: Fri, 20 Jul 2012 19:36:43 -0300 Subject: Added support for IP Address Range Masks (e.g. 192.168.137.0/24) to the Proxy IPs config option --- system/core/Input.php | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 162e40c85..c0c85a5e8 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,10 +330,27 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { + $hasRanges = strpos($proxies, '/') !== false; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + + if ($hasRanges) { + $longIP = ip2long($_SERVER['REMOTE_ADDR']); + $bit32 = 1 << 32; + + foreach($proxies as $ip) { + list($address, $maskLength) = explode('/', $ip); + + $bitmask = $bit32 - (1 << (32 - (int)$maskLength)); + + if (($longIP & $bitmask) == $address) { + $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; + break; + } + } + } else { + $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + } } elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { -- cgit v1.2.3-24-g4f1b From 8960acf4fae56fd7b62a451ce8ea571c0e631ed1 Mon Sep 17 00:00:00 2001 From: Jordan Pittman Date: Mon, 23 Jul 2012 09:05:49 -0300 Subject: Update system/core/Input.php --- system/core/Input.php | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index c0c85a5e8..968a42a9a 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,24 +330,30 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { - $hasRanges = strpos($proxies, '/') !== false; + $has_ranges = strpos($proxies, '/') !== false; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - if ($hasRanges) { - $longIP = ip2long($_SERVER['REMOTE_ADDR']); - $bit32 = 1 << 32; - - foreach($proxies as $ip) { - list($address, $maskLength) = explode('/', $ip); - - $bitmask = $bit32 - (1 << (32 - (int)$maskLength)); - - if (($longIP & $bitmask) == $address) { + if ($has_ranges) + { + $long_ip = ip2long($_SERVER['REMOTE_ADDR']); + $bit_32 = 1 << 32; + + // Go through each of the IP Addresses to check for and + // test against range notation + foreach($proxies as $ip) + { + list($address, $mask_length) = explode('/', $ip); + + // Generate the bitmask for a 32 bit IP Address + $bitmask = $bit_32 - (1 << (32 - (int)$mask_length)); + if (($long_ip & $bitmask) == $address) + { $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; break; } } + } else { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } -- cgit v1.2.3-24-g4f1b From 14c9331420c960ff3237c2d82e34f7ebf8c6f12a Mon Sep 17 00:00:00 2001 From: Adam McCann Date: Thu, 20 Sep 2012 01:16:43 +0100 Subject: Fixes issue #1815 - input::ip_address() returns incorrect IP behind proxy --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 968a42a9a..5b8e62389 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,7 @@ class CI_Input { if (strpos($this->ip_address, ',') !== FALSE) { $x = explode(',', $this->ip_address); - $this->ip_address = trim(end($x)); + $this->ip_address = trim($x[0]); } if ( ! $this->valid_ip($this->ip_address)) -- cgit v1.2.3-24-g4f1b From 5b92ae1dfb6ac99630693d193b0d3f60f9df525f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 4 Oct 2012 13:05:03 +0300 Subject: Misc. style fixes [ci skip] --- system/core/Input.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 5b8e62389..657fce625 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -330,10 +330,10 @@ class CI_Input { if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { - $has_ranges = strpos($proxies, '/') !== false; + $has_ranges = strpos($proxies, '/') !== FALSE; $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); - + if ($has_ranges) { $long_ip = ip2long($_SERVER['REMOTE_ADDR']); @@ -341,21 +341,25 @@ class CI_Input { // Go through each of the IP Addresses to check for and // test against range notation - foreach($proxies as $ip) + foreach ($proxies as $ip) { - list($address, $mask_length) = explode('/', $ip); + list($address, $mask_length) = explode('/', $ip, 2); // Generate the bitmask for a 32 bit IP Address - $bitmask = $bit_32 - (1 << (32 - (int)$mask_length)); - if (($long_ip & $bitmask) == $address) + $bitmask = $bit_32 - (1 << (32 - (int) $mask_length)); + if (($long_ip & $bitmask) === $address) { $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; break; } } - } else { - $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; + } + else + { + $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) + ? $_SERVER['HTTP_X_FORWARDED_FOR'] + : $_SERVER['REMOTE_ADDR']; } } elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) -- cgit v1.2.3-24-g4f1b