From c9f84c1f916a7f3b92b02e45cc8c1cd9a040436b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 10:45:39 +0800 Subject: Update: if php version >= 5.2, use filter_var to check validate ip. --- system/core/Input.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 0dc2c4550..f99adad01 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -373,6 +373,12 @@ class CI_Input { */ function valid_ip($ip) { + // if php version >= 5.2, use filter_var to check validate ip. + if(is_php('5.2')) + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + } + $ip_segments = explode('.', $ip); // Always 4 segments needed -- cgit v1.2.3-24-g4f1b From 4db872f861dbf48b55749c53c504481f99db3551 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 10:52:37 +0800 Subject: Update: add public or private prefix. --- system/core/Input.php | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f99adad01..2395501f3 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -116,7 +116,7 @@ class CI_Input { * @param bool * @return string */ - function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + private function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { @@ -141,7 +141,7 @@ class CI_Input { * @param bool * @return string */ - function get($index = NULL, $xss_clean = FALSE) + public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL AND ! empty($_GET)) @@ -169,7 +169,7 @@ class CI_Input { * @param bool * @return string */ - function post($index = NULL, $xss_clean = FALSE) + public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL AND ! empty($_POST)) @@ -198,7 +198,7 @@ class CI_Input { * @param bool XSS cleaning * @return string */ - function get_post($index = '', $xss_clean = FALSE) + public function get_post($index = '', $xss_clean = FALSE) { if ( ! isset($_POST[$index]) ) { @@ -220,7 +220,7 @@ class CI_Input { * @param bool * @return string */ - function cookie($index = '', $xss_clean = FALSE) + public function cookie($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -243,7 +243,7 @@ class CI_Input { * @param bool true makes the cookie secure * @return void */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) { if (is_array($name)) { @@ -296,7 +296,7 @@ class CI_Input { * @param bool * @return string */ - function server($index = '', $xss_clean = FALSE) + public function server($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -309,7 +309,7 @@ class CI_Input { * @access public * @return string */ - function ip_address() + public function ip_address() { if ($this->ip_address !== FALSE) { @@ -371,7 +371,7 @@ class CI_Input { * @param string * @return string */ - function valid_ip($ip) + public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. if(is_php('5.2')) @@ -413,7 +413,7 @@ class CI_Input { * @access public * @return string */ - function user_agent() + public function user_agent() { if ($this->user_agent !== FALSE) { @@ -441,7 +441,7 @@ class CI_Input { * @access private * @return void */ - function _sanitize_globals() + private function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', @@ -542,7 +542,7 @@ class CI_Input { * @param string * @return string */ - function _clean_input_data($str) + private function _clean_input_data($str) { if (is_array($str)) { @@ -600,7 +600,7 @@ class CI_Input { * @param string * @return string */ - function _clean_input_keys($str) + private function _clean_input_keys($str) { if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) { @@ -624,6 +624,7 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * + * @access public * @param bool XSS cleaning * * @return array @@ -667,6 +668,7 @@ class CI_Input { * * Returns the value of a single member of the headers class member * + * @access public * @param string array key for $this->headers * @param boolean XSS Clean or not * @return mixed FALSE on failure, string on success @@ -698,6 +700,7 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * + * @access public * @return boolean */ public function is_ajax_request() @@ -712,6 +715,7 @@ class CI_Input { * * Test to see if a request was made from the command line * + * @access public * @return boolean */ public function is_cli_request() -- cgit v1.2.3-24-g4f1b From 4ddee144b3493eaceeed6ca9eb6138c881f43eac Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 14:35:32 +0800 Subject: Update: check filter_var function exist --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 2395501f3..2b36ea3c7 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -374,7 +374,7 @@ class CI_Input { public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. - if(is_php('5.2')) + if(function_exists('filter_var')) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 013c895e7f7e9122f8d2e8c80a3ac77f190c5171 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 15:03:44 +0800 Subject: Update: modified return bool value on comment --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 2b36ea3c7..1e37b11ea 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -369,7 +369,7 @@ class CI_Input { * * @access public * @param string - * @return string + * @return bool */ public function valid_ip($ip) { -- cgit v1.2.3-24-g4f1b From 47213794f2b09fb3540e1d0e53e50e8b084345e6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 13 Sep 2011 22:44:07 +0800 Subject: Update: change _fetch_from_array form private to protected --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 1e37b11ea..f39371fb0 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -110,13 +110,13 @@ class CI_Input { * * This is a helper function to retrieve values from global arrays * - * @access private + * @access protected * @param array * @param string * @param bool * @return string */ - private function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { @@ -374,7 +374,7 @@ class CI_Input { public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. - if(function_exists('filter_var')) + if (function_exists('filter_var')) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 8d263b02c56e25305621535e184333e8cdace9bd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 18:47:09 +0300 Subject: Suppress warnings generated by get_magic_quotes_gpc() (issue #467) --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f39371fb0..6f8442107 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -555,7 +555,7 @@ class CI_Input { } // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b From af7286251ec2c0dfd69ae764dbc0e3e8d0b736bf Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Oct 2011 10:11:59 +0300 Subject: get_magic_quotes_gpc() to be executed only if PHP version is 5.3 or lower --- system/core/Input.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6f8442107..f8e89066e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -554,8 +554,12 @@ class CI_Input { return $new_array; } - // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) + /* We strip slashes if magic quotes is on to keep things consistent + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b From f4a4bd8fac188ebc9cda822ffc811c218fd92b45 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 20 Oct 2011 12:18:42 -0500 Subject: adding new license file (OSL 3.0) and updating readme to ReST added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change --- system/core/Input.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index f8e89066e..946d9296f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Input - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/input.html */ class CI_Input { -- cgit v1.2.3-24-g4f1b From 75b1f3991013c17cacac18e47879c483fe1cf542 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Oct 2011 10:11:59 +0300 Subject: get_magic_quotes_gpc() to be executed only if PHP version is 5.3 or lower --- system/core/Input.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 5a033e7b8..9bfb5f1fb 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -548,8 +548,12 @@ class CI_Input { return $new_array; } - // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + /* We strip slashes if magic quotes is on to keep things consistent + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $str = stripslashes($str); } @@ -714,7 +718,6 @@ class CI_Input { } } -// END Input class /* End of file Input.php */ -/* Location: ./system/core/Input.php */ +/* Location: ./system/core/Input.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 0defe5d33ee2633f377a109519ca818becc60f64 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 1 Jan 2012 18:46:41 -0600 Subject: Updating copyright date to 2012 --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 3cbbe787f..7cfa4c63f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From 64e98aab6ba2c692a881035245efb94a76deb428 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 20:29:10 +0200 Subject: Improve code Input & Model libraries --- system/core/Input.php | 97 ++++++++++++++++++--------------------------------- 1 file changed, 33 insertions(+), 64 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7cfa4c63f..07bb30b15 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -1,13 +1,13 @@ -_allow_get_array = (config_item('allow_get_array') === TRUE); - $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); - $this->_enable_csrf = (config_item('csrf_protection') === TRUE); + $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); + $this->_enable_csrf = (config_item('csrf_protection') === TRUE); global $SEC; $this->security =& $SEC; @@ -122,7 +122,6 @@ class CI_Input { * * This is a helper function to retrieve values from global arrays * - * @access protected * @param array * @param string * @param bool @@ -148,7 +147,6 @@ class CI_Input { /** * Fetch an item from the GET array * - * @access public * @param string * @param bool * @return string @@ -176,7 +174,6 @@ class CI_Input { /** * Fetch an item from the POST array * - * @access public * @param string * @param bool * @return string @@ -205,21 +202,15 @@ class CI_Input { /** * Fetch an item from either the GET array or the POST * - * @access public * @param string The index key * @param bool XSS cleaning * @return string */ public function get_post($index = '', $xss_clean = FALSE) { - if ( ! isset($_POST[$index]) ) - { - return $this->get($index, $xss_clean); - } - else - { - return $this->post($index, $xss_clean); - } + return ( ! isset($_POST[$index])) + ? $this->get($index, $xss_clean) + : $this->post($index, $xss_clean); } // -------------------------------------------------------------------- @@ -227,7 +218,6 @@ class CI_Input { /** * Fetch an item from the COOKIE array * - * @access public * @param string * @param bool * @return string @@ -245,7 +235,6 @@ class CI_Input { * Accepts six parameter, or you can submit an associative * array in the first parameter containing all the values. * - * @access public * @param mixed * @param string the value of the cookie * @param string the number of seconds until expiration @@ -303,7 +292,6 @@ class CI_Input { /** * Fetch an item from the SERVER array * - * @access public * @param string * @param bool * @return string @@ -318,7 +306,6 @@ class CI_Input { /** * Fetch the IP Address * - * @access public * @return string */ public function ip_address() @@ -335,7 +322,7 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } @@ -354,8 +341,7 @@ class CI_Input { if ($this->ip_address === FALSE) { - $this->ip_address = '0.0.0.0'; - return $this->ip_address; + return $this->ip_address = '0.0.0.0'; } if (strpos($this->ip_address, ',') !== FALSE) @@ -366,7 +352,7 @@ class CI_Input { if ( ! $this->valid_ip($this->ip_address)) { - $this->ip_address = '0.0.0.0'; + return $this->ip_address = '0.0.0.0'; } return $this->ip_address; @@ -379,7 +365,6 @@ class CI_Input { * * Updated version suggested by Geert De Deckere * - * @access public * @param string * @return bool */ @@ -394,7 +379,7 @@ class CI_Input { $ip_segments = explode('.', $ip); // Always 4 segments needed - if (count($ip_segments) != 4) + if (count($ip_segments) !== 4) { return FALSE; } @@ -422,7 +407,6 @@ class CI_Input { /** * User Agent * - * @access public * @return string */ public function user_agent() @@ -432,9 +416,7 @@ class CI_Input { return $this->user_agent; } - $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; - - return $this->user_agent; + return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; } // -------------------------------------------------------------------- @@ -444,22 +426,20 @@ class CI_Input { * * This function does the following: * - * Unsets $_GET data (if query strings are not enabled) - * - * Unsets all globals if register_globals is enabled + * - Unsets $_GET data (if query strings are not enabled) + * - Unsets all globals if register_globals is enabled + * - Standardizes newline characters to \n * - * Standardizes newline characters to \n - * - * @access private * @return void */ private function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', - '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', - 'system_folder', 'application_folder', 'BM', 'EXT', - 'CFG', 'URI', 'RTR', 'OUT', 'IN'); + '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', + 'system_folder', 'application_folder', 'BM', 'EXT', + 'CFG', 'URI', 'RTR', 'OUT', 'IN' + ); // Unset globals for securiy. // This is effectively the same as register_globals = off @@ -532,7 +512,6 @@ class CI_Input { // Sanitize PHP_SELF $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); - // CSRF Protection check if ($this->_enable_csrf == TRUE) { @@ -550,7 +529,6 @@ class CI_Input { * This is a helper function. It escapes data and * standardizes newline characters to \n * - * @access private * @param string * @return string */ @@ -592,12 +570,9 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE) + if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE) { - if (strpos($str, "\r") !== FALSE) - { - $str = str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); - } + return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } return $str; @@ -612,13 +587,12 @@ class CI_Input { * from trying to exploit keys we make sure that keys are * only named with alpha-numeric text and a few other items. * - * @access private * @param string * @return string */ private function _clean_input_keys($str) { - if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) + if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { exit('Disallowed Key Characters.'); } @@ -626,7 +600,7 @@ class CI_Input { // Clean UTF-8 if supported if (UTF8_ENABLED === TRUE) { - $str = $this->uni->clean_string($str); + return $this->uni->clean_string($str); } return $str; @@ -640,10 +614,8 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * - * @access public * @param bool XSS cleaning - * - * @return array + * @return array */ public function request_headers($xss_clean = FALSE) { @@ -658,7 +630,7 @@ class CI_Input { foreach ($_SERVER as $key => $val) { - if (strncmp($key, 'HTTP_', 5) === 0) + if (strpos($key, 'HTTP_') === 0) { $headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); } @@ -684,7 +656,6 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @access public * @param string array key for $this->headers * @param boolean XSS Clean or not * @return mixed FALSE on failure, string on success @@ -716,7 +687,6 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @access public * @return boolean */ public function is_ajax_request() @@ -731,12 +701,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @access public * @return boolean */ public function is_cli_request() { - return (php_sapi_name() == 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli') or defined('STDIN'); } } -- cgit v1.2.3-24-g4f1b From 137749793d6cce57e03904f05239fa80eec48d13 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 04:30:33 +0200 Subject: Switch some public properties to protected --- system/core/Input.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 07bb30b15..13bf76fd6 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -57,20 +57,20 @@ class CI_Input { * * @var bool */ - public $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; /** * If TRUE, then newlines are standardized * * @var bool */ - public $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered * Set automatically based on config setting * * @var bool */ - public $_enable_xss = FALSE; + protected $_enable_xss = FALSE; /** * Enables a CSRF cookie token to be set. * Set automatically based on config setting @@ -85,17 +85,15 @@ class CI_Input { */ protected $headers = array(); - /** * Constructor * * Sets whether to globally enable the XSS processing * and whether to allow the $_GET array - * */ public function __construct() { - log_message('debug', "Input Class Initialized"); + log_message('debug', 'Input Class Initialized'); $this->_allow_get_array = (config_item('allow_get_array') === TRUE); $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); -- cgit v1.2.3-24-g4f1b From 90cfe14b8458a3c84825a741cd750c5a02690f3b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 04:46:42 +0200 Subject: Switch private methods to protected --- system/core/Input.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 13bf76fd6..7a16e51ab 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -391,7 +391,7 @@ class CI_Input { { // IP segments must be digits and can not be // longer than 3 digits or greater then 255 - if ($segment == '' OR preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3) + if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3) { return FALSE; } @@ -430,7 +430,7 @@ class CI_Input { * * @return void */ - private function _sanitize_globals() + protected function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', @@ -516,7 +516,7 @@ class CI_Input { $this->security->csrf_verify(); } - log_message('debug', "Global POST and COOKIE data sanitized"); + log_message('debug', 'Global POST and COOKIE data sanitized'); } // -------------------------------------------------------------------- @@ -530,7 +530,7 @@ class CI_Input { * @param string * @return string */ - private function _clean_input_data($str) + protected function _clean_input_data($str) { if (is_array($str)) { @@ -588,7 +588,7 @@ class CI_Input { * @param string * @return string */ - private function _clean_input_keys($str) + protected function _clean_input_keys($str) { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { -- cgit v1.2.3-24-g4f1b From d63e40138e675df40f3a17e04972e82e7a748307 Mon Sep 17 00:00:00 2001 From: Kevin Cupp Date: Sun, 5 Feb 2012 14:14:32 -0500 Subject: Adding in a few 503 status codes for common errors in response to this ExpressionEngine bug about errors getting cached by reverse proxies who cache 200 responses: http://expressionengine.com/bug_tracker/bug/17420 --- system/core/Input.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7a16e51ab..3339d97c5 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -592,6 +592,7 @@ class CI_Input { { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { + set_status_header(503); exit('Disallowed Key Characters.'); } -- cgit v1.2.3-24-g4f1b From 9448afb6da995098ce4ca2d24eb3d82b26434b4b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Feb 2012 19:49:19 +0200 Subject: Fix CI_Input::is_ajax_request() --- system/core/Input.php | 66 ++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 37 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 3339d97c5..670f7a11f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Input Class * @@ -152,7 +150,7 @@ class CI_Input { public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_GET)) + if ($index === NULL && ! empty($_GET)) { $get = array(); @@ -179,7 +177,7 @@ class CI_Input { public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_POST)) + if ($index === NULL && ! empty($_POST)) { $post = array(); @@ -206,9 +204,9 @@ class CI_Input { */ public function get_post($index = '', $xss_clean = FALSE) { - return ( ! isset($_POST[$index])) - ? $this->get($index, $xss_clean) - : $this->post($index, $xss_clean); + return isset($_POST[$index]) + ? $this->post($index, $xss_clean) + : $this->get($index, $xss_clean); } // -------------------------------------------------------------------- @@ -256,19 +254,19 @@ class CI_Input { } } - if ($prefix == '' AND config_item('cookie_prefix') != '') + if ($prefix == '' && config_item('cookie_prefix') != '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' AND config_item('cookie_domain') != '') + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } - if ($path == '/' AND config_item('cookie_path') != '/') + if ($path == '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE AND config_item('cookie_secure') != FALSE) + if ($secure == FALSE && config_item('cookie_secure') != FALSE) { $secure = config_item('cookie_secure'); } @@ -320,11 +318,11 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif ($this->server('REMOTE_ADDR') && $this->server('HTTP_CLIENT_IP')) { $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } @@ -414,7 +412,7 @@ class CI_Input { return $this->user_agent; } - return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; + return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : FALSE; } // -------------------------------------------------------------------- @@ -469,19 +467,16 @@ class CI_Input { { $_GET = array(); } - else + elseif (is_array($_GET) && count($_GET) > 0) { - if (is_array($_GET) AND count($_GET) > 0) + foreach ($_GET as $key => $val) { - foreach ($_GET as $key => $val) - { - $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); - } + $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } } // Clean $_POST Data - if (is_array($_POST) AND count($_POST) > 0) + if (is_array($_POST) && count($_POST) > 0) { foreach ($_POST as $key => $val) { @@ -490,7 +485,7 @@ class CI_Input { } // Clean $_COOKIE Data - if (is_array($_COOKIE) AND count($_COOKIE) > 0) + if (is_array($_COOKIE) && count($_COOKIE) > 0) { // Also get rid of specially treated cookies that might be set by a server // or silly application, that are of no use to a CI application anyway @@ -568,7 +563,7 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE) { return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } @@ -625,7 +620,7 @@ class CI_Input { } else { - $headers['Content-Type'] = (isset($_SERVER['CONTENT_TYPE'])) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { @@ -655,9 +650,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers - * @param boolean XSS Clean or not - * @return mixed FALSE on failure, string on success + * @param string array key for $this->headers + * @param bool XSS Clean or not + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { @@ -671,12 +666,9 @@ class CI_Input { return FALSE; } - if ($xss_clean === TRUE) - { - return $this->security->xss_clean($this->headers[$index]); - } - - return $this->headers[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($this->headers[$index]) + : $this->headers[$index]; } // -------------------------------------------------------------------- @@ -686,11 +678,11 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @return boolean + * @return bool */ public function is_ajax_request() { - return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest'); + return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'); } // -------------------------------------------------------------------- @@ -700,11 +692,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @return boolean + * @return bool */ public function is_cli_request() { - return (php_sapi_name() === 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli' OR defined('STDIN')); } } -- cgit v1.2.3-24-g4f1b From 773e117f0bfd103116397d26f0ea1d1854de5ca8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Feb 2012 23:02:19 +0200 Subject: Remove a few spaces --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 670f7a11f..ee15f4013 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -650,9 +650,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers + * @param string array key for $this->headers * @param bool XSS Clean or not - * @return mixed FALSE on failure, string on success + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { -- cgit v1.2.3-24-g4f1b From be0ca26c9006981eced5d938060ba5bad4145e3b Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 19:09:51 +0100 Subject: added method() and is_method() --- system/core/Input.php | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ee15f4013..e8e3b1d9c 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -699,6 +699,35 @@ class CI_Input { return (php_sapi_name() === 'cli' OR defined('STDIN')); } + // -------------------------------------------------------------------- + + /** + * Get Request Method + * + * Return the Request Method in lowercase + * + * @return mixed + */ + public function method() + { + return strtolower($this->server('REQUEST_METHOD')); + } + + // -------------------------------------------------------------------- + + /** + * Validate parameter against $_SERVER['REQUEST_METHOD'] + * + * Return TRUE if method equals $_SERVER['REQUEST_METHOD'], otherwise return FALSE + * + * @param string request method to match + * @return bool + */ + public function is_method($method = '') + { + return ($this->method() === strtolower($method)); + } + } /* End of file Input.php */ -- cgit v1.2.3-24-g4f1b From dc900df67972ed1c961fc3e4173db98047bdbd1b Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:41:37 +0100 Subject: removed is_method --- system/core/Input.php | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index e8e3b1d9c..65de8c824 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -704,28 +704,16 @@ class CI_Input { /** * Get Request Method * - * Return the Request Method in lowercase + * Return the Request Method * + * @param bool uppercase or lowercase * @return mixed */ - public function method() + public function method($upper = TRUE) { - return strtolower($this->server('REQUEST_METHOD')); - } - - // -------------------------------------------------------------------- - - /** - * Validate parameter against $_SERVER['REQUEST_METHOD'] - * - * Return TRUE if method equals $_SERVER['REQUEST_METHOD'], otherwise return FALSE - * - * @param string request method to match - * @return bool - */ - public function is_method($method = '') - { - return ($this->method() === strtolower($method)); + return ($upper) + ? strtoupper($this->server('REQUEST_METHOD')) + : strtolower($this->server('REQUEST_METHOD')); } } -- cgit v1.2.3-24-g4f1b From 704fb1697f0db2369a9395c362c931999c8831f1 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:42:33 +0100 Subject: oops --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 65de8c824..79910890e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -709,7 +709,7 @@ class CI_Input { * @param bool uppercase or lowercase * @return mixed */ - public function method($upper = TRUE) + public function method($upper = FALSE) { return ($upper) ? strtoupper($this->server('REQUEST_METHOD')) -- cgit v1.2.3-24-g4f1b From 7c8841f7b2fca5822e05b5d3044c748e07c800e4 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:49:06 +0100 Subject: comment fix --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 79910890e..5a4659a5a 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -707,7 +707,7 @@ class CI_Input { * Return the Request Method * * @param bool uppercase or lowercase - * @return mixed + * @return bool */ public function method($upper = FALSE) { -- cgit v1.2.3-24-g4f1b From 07c1ac830b4e98aa40f48baef3dd05fb68c0a836 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Fri, 9 Mar 2012 17:03:37 +0000 Subject: Bumped CodeIgniter's PHP requirement to 5.2.4. Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway... --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ee15f4013..9a05034ba 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * -- cgit v1.2.3-24-g4f1b From 1ae651655888383a4d7f97fbf6e97a7ac00a9630 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 10 Mar 2012 16:11:34 +0200 Subject: Remove PHP 5.1.6-specific code --- system/core/Input.php | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 54b7e0923..901b4147e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -366,36 +366,7 @@ class CI_Input { */ public function valid_ip($ip) { - // if php version >= 5.2, use filter_var to check validate ip. - if (function_exists('filter_var')) - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } - - $ip_segments = explode('.', $ip); - - // Always 4 segments needed - if (count($ip_segments) !== 4) - { - return FALSE; - } - // IP can not start with 0 - if ($ip_segments[0][0] == '0') - { - return FALSE; - } - // Check each segment - foreach ($ip_segments as $segment) - { - // IP segments must be digits and can not be - // longer than 3 digits or greater then 255 - if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3) - { - return FALSE; - } - } - - return TRUE; + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 4ad0fd86e8dc6dba74305dbb0c88c593b46a19a2 Mon Sep 17 00:00:00 2001 From: freewil Date: Tue, 13 Mar 2012 22:37:42 -0400 Subject: add support for httponly cookies --- system/core/Input.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 901b4147e..6e6885992 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -228,7 +228,7 @@ class CI_Input { /** * Set cookie * - * Accepts six parameter, or you can submit an associative + * Accepts seven parameters, or you can submit an associative * array in the first parameter containing all the values. * * @param mixed @@ -238,14 +238,15 @@ class CI_Input { * @param string the cookie path * @param string the cookie prefix * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) * @return void */ - public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) { // always leave 'name' in last place, as the loop will break otherwise, due to $$item - foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'name') as $item) + foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) { if (isset($name[$item])) { @@ -270,6 +271,10 @@ class CI_Input { { $secure = config_item('cookie_secure'); } + if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + { + $httponly = config_item('cookie_httponly'); + } if ( ! is_numeric($expire)) { @@ -280,7 +285,7 @@ class CI_Input { $expire = ($expire > 0) ? time() + $expire : 0; } - setcookie($prefix.$name, $value, $expire, $path, $domain, $secure); + setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 40403d21274d5e0792c7ab816ad984d6387d5c20 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Thu, 19 Apr 2012 16:38:50 -0400 Subject: Additional formatting fixes --- system/core/Input.php | 221 +++++++++++++++++++++++++++----------------------- 1 file changed, 121 insertions(+), 100 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6e6885992..049935632 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -43,45 +43,51 @@ class CI_Input { * * @var string */ - public $ip_address = FALSE; + public $ip_address = FALSE; + /** * user agent (web browser) being used by the current user * * @var string */ - public $user_agent = FALSE; + public $user_agent = FALSE; + /** * If FALSE, then $_GET will be set to an empty array * * @var bool */ - protected $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; + /** * If TRUE, then newlines are standardized * * @var bool */ - protected $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; + /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered * Set automatically based on config setting * * @var bool */ - protected $_enable_xss = FALSE; + protected $_enable_xss = FALSE; + /** * Enables a CSRF cookie token to be set. * Set automatically based on config setting * * @var bool */ - protected $_enable_csrf = FALSE; + protected $_enable_csrf = FALSE; + /** * List of all HTTP request headers * * @var array */ - protected $headers = array(); + protected $headers = array(); /** * Constructor @@ -141,12 +147,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the GET array - * - * @param string - * @param bool - * @return string - */ + * Fetch an item from the GET array + * + * @param string + * @param bool + * @return string + */ public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided @@ -168,12 +174,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the POST array - * - * @param string - * @param bool - * @return string - */ + * Fetch an item from the POST array + * + * @param string + * @param bool + * @return string + */ public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided @@ -196,12 +202,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from either the GET array or the POST - * - * @param string The index key - * @param bool XSS cleaning - * @return string - */ + * Fetch an item from either the GET array or the POST + * + * @param string The index key + * @param bool XSS cleaning + * @return string + */ public function get_post($index = '', $xss_clean = FALSE) { return isset($_POST[$index]) @@ -212,12 +218,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the COOKIE array - * - * @param string - * @param bool - * @return string - */ + * Fetch an item from the COOKIE array + * + * @param string + * @param bool + * @return string + */ public function cookie($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); @@ -226,21 +232,21 @@ class CI_Input { // ------------------------------------------------------------------------ /** - * Set cookie - * - * Accepts seven parameters, or you can submit an associative - * array in the first parameter containing all the values. - * - * @param mixed - * @param string the value of the cookie - * @param string the number of seconds until expiration - * @param string the cookie domain. Usually: .yourdomain.com - * @param string the cookie path - * @param string the cookie prefix - * @param bool true makes the cookie secure - * @param bool true makes the cookie accessible via http(s) only (no javascript) - * @return void - */ + * Set cookie + * + * Accepts seven parameters, or you can submit an associative + * array in the first parameter containing all the values. + * + * @param mixed + * @param string the value of the cookie + * @param string the number of seconds until expiration + * @param string the cookie domain. Usually: .yourdomain.com + * @param string the cookie path + * @param string the cookie prefix + * @param bool true makes the cookie secure + * @param bool true makes the cookie accessible via http(s) only (no javascript) + * @return void + */ public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE) { if (is_array($name)) @@ -291,12 +297,12 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch an item from the SERVER array - * - * @param string - * @param bool - * @return string - */ + * Fetch an item from the SERVER array + * + * @param string + * @param bool + * @return string + */ public function server($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_SERVER, $index, $xss_clean); @@ -305,10 +311,10 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Fetch the IP Address - * - * @return string - */ + * Fetch the IP Address + * + * @return string + */ public function ip_address() { if ($this->ip_address !== FALSE) @@ -362,13 +368,13 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Validate IP Address - * - * Updated version suggested by Geert De Deckere - * - * @param string - * @return bool - */ + * Validate IP Address + * + * Updated version suggested by Geert De Deckere + * + * @param string + * @return bool + */ public function valid_ip($ip) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); @@ -377,10 +383,10 @@ class CI_Input { // -------------------------------------------------------------------- /** - * User Agent - * - * @return string - */ + * User Agent + * + * @return string + */ public function user_agent() { if ($this->user_agent !== FALSE) @@ -394,24 +400,39 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Sanitize Globals - * - * This function does the following: - * - * - Unsets $_GET data (if query strings are not enabled) - * - Unsets all globals if register_globals is enabled - * - Standardizes newline characters to \n - * - * @return void - */ + * Sanitize Globals + * + * This function does the following: + * + * - Unsets $_GET data (if query strings are not enabled) + * - Unsets all globals if register_globals is enabled + * - Standardizes newline characters to \n + * + * @return void + */ protected function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. - $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', - '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', - 'system_folder', 'application_folder', 'BM', 'EXT', - 'CFG', 'URI', 'RTR', 'OUT', 'IN' - ); + $protected = array( + '_SERVER', + '_GET', + '_POST', + '_FILES', + '_REQUEST', + '_SESSION', + '_ENV', + 'GLOBALS', + 'HTTP_RAW_POST_DATA', + 'system_folder', + 'application_folder', + 'BM', + 'EXT', + 'CFG', + 'URI', + 'RTR', + 'OUT' + 'IN' + ); // Unset globals for securiy. // This is effectively the same as register_globals = off @@ -493,14 +514,14 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Clean Input Data - * - * This is a helper function. It escapes data and - * standardizes newline characters to \n - * - * @param string - * @return string - */ + * Clean Input Data + * + * This is a helper function. It escapes data and + * standardizes newline characters to \n + * + * @param string + * @return string + */ protected function _clean_input_data($str) { if (is_array($str)) @@ -550,15 +571,15 @@ class CI_Input { // -------------------------------------------------------------------- /** - * Clean Keys - * - * This is a helper function. To prevent malicious users - * from trying to exploit keys we make sure that keys are - * only named with alpha-numeric text and a few other items. - * - * @param string - * @return string - */ + * Clean Keys + * + * This is a helper function. To prevent malicious users + * from trying to exploit keys we make sure that keys are + * only named with alpha-numeric text and a few other items. + * + * @param string + * @return string + */ protected function _clean_input_keys($str) { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) @@ -695,4 +716,4 @@ class CI_Input { } /* End of file Input.php */ -/* Location: ./system/core/Input.php */ +/* Location: ./system/core/Input.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 67cb3eef37fa826f56f61cfd2ac597052d9051f9 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Thu, 19 Apr 2012 16:41:52 -0400 Subject: Fix syntax error --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 049935632..7ee8f3685 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -430,7 +430,7 @@ class CI_Input { 'CFG', 'URI', 'RTR', - 'OUT' + 'OUT', 'IN' ); -- cgit v1.2.3-24-g4f1b From 48a7fbbeb53e82e9298036d40c42ec2564699ed0 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Mon, 23 Apr 2012 11:58:16 -0400 Subject: Use tabs to separate class properties --- system/core/Input.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7ee8f3685..fc2a550bc 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -43,28 +43,28 @@ class CI_Input { * * @var string */ - public $ip_address = FALSE; + public $ip_address = FALSE; /** * user agent (web browser) being used by the current user * * @var string */ - public $user_agent = FALSE; + public $user_agent = FALSE; /** * If FALSE, then $_GET will be set to an empty array * * @var bool */ - protected $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; /** * If TRUE, then newlines are standardized * * @var bool */ - protected $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered @@ -72,7 +72,7 @@ class CI_Input { * * @var bool */ - protected $_enable_xss = FALSE; + protected $_enable_xss = FALSE; /** * Enables a CSRF cookie token to be set. @@ -80,14 +80,14 @@ class CI_Input { * * @var bool */ - protected $_enable_csrf = FALSE; + protected $_enable_csrf = FALSE; /** * List of all HTTP request headers * * @var array */ - protected $headers = array(); + protected $headers = array(); /** * Constructor -- cgit v1.2.3-24-g4f1b From 03edf58ea6c2a1b74f746a7b27b7305a0d33d3d6 Mon Sep 17 00:00:00 2001 From: ziv Date: Fri, 27 Apr 2012 15:09:04 +0800 Subject: Update system/core/Input.php Fix a cookie get back problem. Cookie $index should start with a prefix. --- system/core/Input.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index fc2a550bc..7594a2e45 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -226,6 +226,7 @@ class CI_Input { */ public function cookie($index = '', $xss_clean = FALSE) { + $index = config_item('cookie_prefix').$index; return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From e57411502933afad6fca682efb437db05998e532 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Mon, 30 Apr 2012 17:57:37 +0200 Subject: Reverted recent commit, cookie_prefix was breaking things. --- system/core/Input.php | 1 - 1 file changed, 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 7594a2e45..fc2a550bc 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -226,7 +226,6 @@ class CI_Input { */ public function cookie($index = '', $xss_clean = FALSE) { - $index = config_item('cookie_prefix').$index; return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } -- cgit v1.2.3-24-g4f1b From 92ebfb65ac044f5c2e6d88fba137253854cf1b94 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 17 May 2012 12:49:24 +0300 Subject: Cleanup the core classes --- system/core/Input.php | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index fc2a550bc..e916ac66d 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -44,28 +44,28 @@ class CI_Input { * @var string */ public $ip_address = FALSE; - + /** * user agent (web browser) being used by the current user * * @var string */ public $user_agent = FALSE; - + /** * If FALSE, then $_GET will be set to an empty array * * @var bool */ protected $_allow_get_array = TRUE; - + /** * If TRUE, then newlines are standardized * * @var bool */ protected $_standardize_newlines = TRUE; - + /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered * Set automatically based on config setting @@ -73,7 +73,7 @@ class CI_Input { * @var bool */ protected $_enable_xss = FALSE; - + /** * Enables a CSRF cookie token to be set. * Set automatically based on config setting @@ -81,7 +81,7 @@ class CI_Input { * @var bool */ protected $_enable_csrf = FALSE; - + /** * List of all HTTP request headers * @@ -94,6 +94,8 @@ class CI_Input { * * Sets whether to globally enable the XSS processing * and whether to allow the $_GET array + * + * @return void */ public function __construct() { @@ -438,15 +440,7 @@ class CI_Input { // This is effectively the same as register_globals = off foreach (array($_GET, $_POST, $_COOKIE) as $global) { - if ( ! is_array($global)) - { - if ( ! in_array($global, $protected)) - { - global $$global; - $$global = NULL; - } - } - else + if (is_array($global)) { foreach ($global as $key => $val) { @@ -457,6 +451,11 @@ class CI_Input { } } } + elseif ( ! in_array($global, $protected)) + { + global $$global; + $$global = NULL; + } } // Is $_GET data allowed? If not we'll set the $_GET to an empty array @@ -605,7 +604,7 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * - * @param bool XSS cleaning + * @param bool XSS cleaning * @return array */ public function request_headers($xss_clean = FALSE) -- cgit v1.2.3-24-g4f1b From 55a6ddb0c7bab1149bb1ddfa3a1aff46612c91d4 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 23 May 2012 18:37:24 +0100 Subject: Input, Session and Cookie get's will return NULL. Read more about this change here: http://codeigniter.com/forums/viewthread/215833 --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index e916ac66d..97be9e690 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -135,7 +135,7 @@ class CI_Input { { if ( ! isset($array[$index])) { - return FALSE; + return NULL; } if ($xss_clean === TRUE) @@ -659,7 +659,7 @@ class CI_Input { if ( ! isset($this->headers[$index])) { - return FALSE; + return NULL; } return ($xss_clean === TRUE) -- cgit v1.2.3-24-g4f1b From ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sat, 2 Jun 2012 11:07:47 +0100 Subject: Replaced `==` with `===` and `!=` with `!==` in /system/core --- system/core/Input.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 97be9e690..284b15697 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -263,23 +263,23 @@ class CI_Input { } } - if ($prefix == '' && config_item('cookie_prefix') != '') + if ($prefix === '' && config_item('cookie_prefix') !== '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' && config_item('cookie_domain') != '') + if ($domain === '' && config_item('cookie_domain') !== '') { $domain = config_item('cookie_domain'); } - if ($path == '/' && config_item('cookie_path') !== '/') + if ($path === '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE && config_item('cookie_secure') != FALSE) + if ($secure === FALSE && config_item('cookie_secure') !== FALSE) { $secure = config_item('cookie_secure'); } - if ($httponly == FALSE && config_item('cookie_httponly') != FALSE) + if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) { $httponly = config_item('cookie_httponly'); } @@ -324,7 +324,7 @@ class CI_Input { return $this->ip_address; } - if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + if (config_item('proxy_ips') !== '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); @@ -459,7 +459,7 @@ class CI_Input { } // Is $_GET data allowed? If not we'll set the $_GET to an empty array - if ($this->_allow_get_array == FALSE) + if ($this->_allow_get_array === FALSE) { $_GET = array(); } @@ -502,7 +502,7 @@ class CI_Input { $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); // CSRF Protection check - if ($this->_enable_csrf == TRUE) + if ($this->_enable_csrf === TRUE) { $this->security->csrf_verify(); } @@ -559,7 +559,7 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines === TRUE && strpos($str, "\r") !== FALSE) { return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } -- cgit v1.2.3-24-g4f1b From 9ba661b02c492e89028e5c67b7edbfc0efefc9f1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 4 Jun 2012 14:44:34 +0300 Subject: Revert/optimize some changes from ed944a3c70a0bad158cd5a6ca5ce1f2e717aff5d --- system/core/Input.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 284b15697..73f46ba6a 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -267,18 +267,22 @@ class CI_Input { { $prefix = config_item('cookie_prefix'); } - if ($domain === '' && config_item('cookie_domain') !== '') + + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } + if ($path === '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } + if ($secure === FALSE && config_item('cookie_secure') !== FALSE) { $secure = config_item('cookie_secure'); } + if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE) { $httponly = config_item('cookie_httponly'); @@ -324,7 +328,7 @@ class CI_Input { return $this->ip_address; } - if (config_item('proxy_ips') !== '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) + if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR')) { $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY); $proxies = is_array($proxies) ? $proxies : array($proxies); -- cgit v1.2.3-24-g4f1b From c28b651b91367e86f1bd6ab7f0cd6c45e58811ab Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 14:26:04 +0200 Subject: Add support for ipv6 --- system/core/Input.php | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 73f46ba6a..6a5a9d8f0 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,27 @@ class CI_Input { */ public function valid_ip($ip) { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + if($this->ip_version($ip) === '4') + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + } + else + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); + } + } + + // -------------------------------------------------------------------- + + /** + * Return ip version + * + * @param string + * @return string + */ + public function ip_version($ip) + { + return strpos($ip, ":") === false ? '4' : '6'; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 0723617703dda3660597d9cdef59e7cdded1c497 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 14:39:02 +0200 Subject: follow styling guide --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 6a5a9d8f0..ac67aaf4f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if($this->ip_version($ip) === '4') + if ($this->ip_version($ip) === '4') { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 908f36a583384b0314d04c4cfe71992746e35daa Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 15:47:22 +0200 Subject: ip_version() now returns int instead of string --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index ac67aaf4f..36ff96d03 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,7 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if ($this->ip_version($ip) === '4') + if ($this->ip_version($ip) === 4) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } @@ -399,11 +399,11 @@ class CI_Input { * Return ip version * * @param string - * @return string + * @return int */ public function ip_version($ip) { - return strpos($ip, ":") === false ? '4' : '6'; + return strpos($ip, ":") === false ? 4 : 6; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 1eb9b127cfb3aef5d89b86a48e35b2f35cd17f81 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 17:57:40 +0200 Subject: styling guide false -> FALSE --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index 36ff96d03..c1f2086c4 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -403,7 +403,7 @@ class CI_Input { */ public function ip_version($ip) { - return strpos($ip, ":") === false ? 4 : 6; + return strpos($ip, ":") === FALSE ? 4 : 6; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 1ab6f6520ebfc016c49cfbe3a4d9d009be5da268 Mon Sep 17 00:00:00 2001 From: Joffrey Jaffeux Date: Wed, 6 Jun 2012 20:14:13 +0200 Subject: removed ip_version() --- system/core/Input.php | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index c1f2086c4..b986c4973 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -383,27 +383,7 @@ class CI_Input { */ public function valid_ip($ip) { - if ($this->ip_version($ip) === 4) - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } - else - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); - } - } - - // -------------------------------------------------------------------- - - /** - * Return ip version - * - * @param string - * @return int - */ - public function ip_version($ip) - { - return strpos($ip, ":") === FALSE ? 4 : 6; + return (bool) filter_var($ip, FILTER_VALIDATE_IP); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 5a257187c4ca09ea61c19999bf061cec3f224cc2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 10 Jun 2012 06:18:14 +0300 Subject: Merge branch 2.1-stable into develop --- system/core/Input.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php index b986c4973..162e40c85 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -376,14 +376,26 @@ class CI_Input { /** * Validate IP Address * - * Updated version suggested by Geert De Deckere - * * @param string + * @param string 'ipv4' or 'ipv6' * @return bool */ - public function valid_ip($ip) + public function valid_ip($ip, $which = '') { - return (bool) filter_var($ip, FILTER_VALIDATE_IP); + switch (strtolower($which)) + { + case 'ipv4': + $which = FILTER_FLAG_IPV4; + break; + case 'ipv6': + $which = FILTER_FLAG_IPV6; + break; + default: + $which = NULL; + break; + } + + return (bool) filter_var($ip, FILTER_VALIDATE_IP, $which); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 0d2c06ea1d96ea3f35dd1e7856977a24cec43233 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 12 Jun 2012 02:33:45 +0300 Subject: Change file permissions for system/core/*.php and system/database/DB.php so that they don't differ from the rest --- system/core/Input.php | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 system/core/Input.php (limited to 'system/core/Input.php') diff --git a/system/core/Input.php b/system/core/Input.php old mode 100755 new mode 100644 -- cgit v1.2.3-24-g4f1b