From da60e9bc66ec90970fbd2dfd08b0a6e66b9f5f5f Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Sat, 31 Dec 2016 08:46:18 -0800 Subject: Update copyright data to 2017 --- system/core/Loader.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Loader.php') diff --git a/system/core/Loader.php b/system/core/Loader.php index 1111481b7..0515723b4 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 -- cgit v1.2.3-24-g4f1b From ec8dbbb79bb083acd1cf6beff5abea055b583db5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 4 Jan 2017 17:01:44 +0200 Subject: Fix a possible file inclusion vulnerability in CI_Loader::vars() --- system/core/Loader.php | 58 ++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 30 deletions(-) (limited to 'system/core/Loader.php') diff --git a/system/core/Loader.php b/system/core/Loader.php index 0515723b4..17ff2362c 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -486,7 +486,7 @@ class CI_Loader { */ public function view($view, $vars = array(), $return = FALSE) { - return $this->_ci_load(array('_ci_view' => $view, '_ci_vars' => $this->_ci_object_to_array($vars), '_ci_return' => $return)); + return $this->_ci_load(array('_ci_view' => $view, '_ci_vars' => $this->_ci_prepare_view_vars($vars), '_ci_return' => $return)); } // -------------------------------------------------------------------- @@ -519,19 +519,13 @@ class CI_Loader { */ public function vars($vars, $val = '') { - if (is_string($vars)) - { - $vars = array($vars => $val); - } - - $vars = $this->_ci_object_to_array($vars); + $vars = is_string($vars) + ? array($vars => $val) + : $this->_ci_prepare_view_vars($vars); - if (is_array($vars) && count($vars) > 0) + foreach ($vars as $key => $val) { - foreach ($vars as $key => $val) - { - $this->_ci_cached_vars[$key] = $val; - } + $this->_ci_cached_vars[$key] = $val; } return $this; @@ -940,18 +934,7 @@ class CI_Loader { * the two types and cache them so that views that are embedded within * other views can have access to these variables. */ - if (is_array($_ci_vars)) - { - foreach (array_keys($_ci_vars) as $key) - { - if (strncmp($key, '_ci_', 4) === 0) - { - unset($_ci_vars[$key]); - } - } - - $this->_ci_cached_vars = array_merge($this->_ci_cached_vars, $_ci_vars); - } + empty($_ci_vars) OR $this->_ci_cached_vars = array_merge($this->_ci_cached_vars, $_ci_vars); extract($this->_ci_cached_vars); /* @@ -1382,17 +1365,32 @@ class CI_Loader { // -------------------------------------------------------------------- /** - * CI Object to Array translator + * Prepare variables for _ci_vars, to be later extract()-ed inside views * - * Takes an object as input and converts the class variables to - * an associative array with key/value pairs. + * Converts objects to associative arrays and filters-out internal + * variable names (i.e. keys prexied with '_ci_'). * - * @param object $object Object data to translate + * @param mixed $vars * @return array */ - protected function _ci_object_to_array($object) + protected function _ci_prepare_view_vars($vars) { - return is_object($object) ? get_object_vars($object) : $object; + if ( ! is_array($vars)) + { + $vars = is_object($vars) + ? get_object_vars($object) + : array(); + } + + foreach (array_keys($vars) as $key) + { + if (strncmp($key, '_ci_', 4) === 0) + { + unset($vars[$key]); + } + } + + return $vars; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From b9ac1a1c268dd6590bb8fb283f45326ce3e0c919 Mon Sep 17 00:00:00 2001 From: Chris Faulkner Date: Tue, 10 Jan 2017 16:02:40 +1030 Subject: Fix Undefined variable: object error Change the undefined variable $object to $vars when calling get_object_vars(). This fixes an error when passing an object to a view. --- system/core/Loader.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core/Loader.php') diff --git a/system/core/Loader.php b/system/core/Loader.php index 17ff2362c..acfc739dd 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -1368,7 +1368,7 @@ class CI_Loader { * Prepare variables for _ci_vars, to be later extract()-ed inside views * * Converts objects to associative arrays and filters-out internal - * variable names (i.e. keys prexied with '_ci_'). + * variable names (i.e. keys prefixed with '_ci_'). * * @param mixed $vars * @return array @@ -1378,7 +1378,7 @@ class CI_Loader { if ( ! is_array($vars)) { $vars = is_object($vars) - ? get_object_vars($object) + ? get_object_vars($vars) : array(); } -- cgit v1.2.3-24-g4f1b