From 2dce1ffda218456e19f28edce8b0d74122f4d55c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 20:49:04 +0300 Subject: Fix #1268 (or rather enforce some security measures, there's nothing really broken) --- system/core/Lang.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'system/core') diff --git a/system/core/Lang.php b/system/core/Lang.php index 3001f1b13..601348aa4 100644 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -65,11 +65,11 @@ class CI_Lang { /** * Load a language file * - * @param mixed the name of the language file to be loaded - * @param string the language (english, etc.) - * @param bool return loaded array of translations - * @param bool add suffix to $langfile - * @param string alternative path to look for language file + * @param mixed $langile the name of the language file to be loaded + * @param string $idiom = '' the language (english, etc.) + * @param bool $return = FALSE return loaded array of translations + * @param bool $add_suffix = TRUE add suffix to $langfile + * @param string $alt_path = '' alternative path to look for language file * @return mixed */ public function load($langfile, $idiom = '', $return = FALSE, $add_suffix = TRUE, $alt_path = '') @@ -83,10 +83,10 @@ class CI_Lang { $langfile .= '.php'; - if ($idiom === '') + if (empty($idiom) OR ! ctype_alpha($idiom)) { $config =& get_config(); - $idiom = ( ! empty($config['language'])) ? $config['language'] : 'english'; + $idiom = empty($config['language']) ? 'english' : $config['language']; } if ($return === FALSE && isset($this->is_loaded[$langfile]) && $this->is_loaded[$langfile] === $idiom) -- cgit v1.2.3-24-g4f1b From f795ab52dadaef20afd3a97ad4c8ed408e211dc2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 21:28:25 +0300 Subject: [ci skip] Document get_csrf_token_name(), get_csrf_hash() (issue #715) --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 2fbc5b34c..d7c82712d 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -161,7 +161,7 @@ class CI_Security { } // Do the tokens exist in both the _POST and _COOKIE arrays? - if ( ! isset($_POST[$this->_csrf_token_name]) OR ! isset($_COOKIE[$this->_csrf_cookie_name]) + if ( ! isset($_POST[$this->_csrf_token_name], $_COOKIE[$this->_csrf_cookie_name]) OR $_POST[$this->_csrf_token_name] !== $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match? { $this->csrf_show_error(); -- cgit v1.2.3-24-g4f1b From 9d0ab04e1e39bc93c59f60844dd2cf9176443028 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 21:47:39 +0300 Subject: Fix #191 --- system/core/Loader.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php index 5de2e5dde..b316c8e1b 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -318,9 +318,9 @@ class CI_Loader { /** * Database Loader * - * @param string the DB credentials - * @param bool whether to return the DB object - * @param bool whether to enable query builder (this allows us to override the config setting) + * @param mixed $params = '' the DB settings + * @param bool $return = FALSE whether to return the DB object + * @param bool $query_builder = NULL whether to enable query builder (overrides the config setting) * @return object */ public function database($params = '', $return = FALSE, $query_builder = NULL) @@ -329,7 +329,7 @@ class CI_Loader { $CI =& get_instance(); // Do we even need to load the database class? - if (class_exists('CI_DB') && $return === FALSE && $query_builder === NULL && isset($CI->db) && is_object($CI->db)) + if ($return === FALSE && $query_builder === NULL && isset($CI->db) && is_object($CI->db) && ! empty($CI->db->conn_id)) { return FALSE; } -- cgit v1.2.3-24-g4f1b From 4a7cc768a836a12c4839e482715b3859e0c16d7d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 23:52:05 +0300 Subject: Fix #1811 --- system/core/URI.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'system/core') diff --git a/system/core/URI.php b/system/core/URI.php index 15e6a5599..40eaaeb6b 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -433,9 +433,9 @@ class CI_URI { /** * Generate a key value pair from the URI string or Re-routed URI string * - * @param int the starting segment number - * @param array an array of default values - * @param string which array we should use + * @param int $n = 3 the starting segment number + * @param array $default = array() an array of default values + * @param string $which = 'segment' which array we should use * @return array */ protected function _uri_to_assoc($n = 3, $default = array(), $which = 'segment') @@ -445,9 +445,11 @@ class CI_URI { return $default; } - if (isset($this->keyval[$n])) + in_array($which, array('segment', 'rsegment'), TRUE) OR $which = 'segment'; + + if (isset($this->keyval[$which], $this->keyval[$which][$n])) { - return $this->keyval[$n]; + return $this->keyval[$which][$n]; } if ($which === 'segment') @@ -499,7 +501,7 @@ class CI_URI { } // Cache the array for reuse - $this->keyval[$n] = $retval; + $this->keyval[$which][$n] = $retval; return $retval; } -- cgit v1.2.3-24-g4f1b From 9093042c1f56bbdce2785ec5de0cd4180b4e6216 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 23:53:12 +0300 Subject: Improve fix for #1811 --- system/core/URI.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core') diff --git a/system/core/URI.php b/system/core/URI.php index 40eaaeb6b..72f293c18 100644 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -501,6 +501,7 @@ class CI_URI { } // Cache the array for reuse + isset($this->keyval[$which]) OR $this->keyval[$which] = array(); $this->keyval[$which][$n] = $retval; return $retval; } -- cgit v1.2.3-24-g4f1b