From 81dd22393368862760e1cfb30a0d73d070cd38af Mon Sep 17 00:00:00 2001 From: Shane Pearson Date: Fri, 18 Nov 2011 20:49:35 -0600 Subject: add method get_vars() to CI_Loader to retrieve all variables loaded with $this->load->vars() --- system/core/Loader.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php index 4e14b54af..d42dbbf38 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -494,6 +494,20 @@ class CI_Loader { // -------------------------------------------------------------------- + /** + * Get Variables + * + * Retrieve all loaded variables + * + * @return array + */ + public function get_vars() + { + return $this->_ci_cached_vars; + } + + // -------------------------------------------------------------------- + /** * Load Helper * -- cgit v1.2.3-24-g4f1b From 03abee3df4534028c795e3c3da91034a3d3ee0f4 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 25 Dec 2011 00:31:29 -0600 Subject: Fixing soft tabs in a few files. --- system/core/Config.php | 2 +- system/core/Hooks.php | 2 +- system/core/Output.php | 2 +- system/core/Security.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'system/core') diff --git a/system/core/Config.php b/system/core/Config.php index abd2767d5..b0b4c9aa4 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -328,7 +328,7 @@ class CI_Config { $uri = $str; } } - return $uri; + return $uri; } // -------------------------------------------------------------------- diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 46bfec02a..aa251a389 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -94,7 +94,7 @@ class CI_Hooks { if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) { - include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); + include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); } elseif (is_file(APPPATH.'config/hooks.php')) { diff --git a/system/core/Output.php b/system/core/Output.php index 7b53f8e3e..9727a184f 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -108,7 +108,7 @@ class CI_Output { // Get mime types for later if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { - include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; + include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; } else { diff --git a/system/core/Security.php b/system/core/Security.php index ce3f7d3cc..60a64f358 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -182,7 +182,7 @@ class CI_Security { // Nothing should last forever unset($_COOKIE[$this->_csrf_cookie_name]); - $this->_csrf_hash = ''; + $this->_csrf_hash = ''; $this->_csrf_set_hash(); $this->csrf_set_cookie(); -- cgit v1.2.3-24-g4f1b From 5c1aa631c5f5ec2f6b75ba1158178418e50ba11a Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 25 Dec 2011 01:24:29 -0600 Subject: Abstracting the loading of files in the config directory depending on environments. --- system/core/CodeIgniter.php | 9 +- system/core/Common.php | 200 +++++++++++++++++++++++++------------------- system/core/Hooks.php | 11 +-- system/core/Loader.php | 9 +- system/core/Output.php | 10 +-- system/core/Router.php | 9 +- 6 files changed, 121 insertions(+), 127 deletions(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 97527e5ca..04f346c7c 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -59,14 +59,7 @@ * Load the framework constants * ------------------------------------------------------ */ - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php')) - { - require(APPPATH.'config/'.ENVIRONMENT.'/constants.php'); - } - else - { - require(APPPATH.'config/constants.php'); - } + load_environ_config('constants', TRUE); /* * ------------------------------------------------------ diff --git a/system/core/Common.php b/system/core/Common.php index b0921fe0c..9e05f3db4 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -47,7 +47,6 @@ * Since there are a few places where we conditionally test for PHP > 5 * we'll set a static variable. * -* @access public * @param string * @return bool TRUE if the current version is $version or higher */ @@ -76,7 +75,6 @@ if ( ! function_exists('is_php')) * the file, based on the read-only attribute. is_writable() is also unreliable * on Unix servers if safe_mode is on. * - * @access private * @return void */ if ( ! function_exists('is_really_writable')) @@ -118,18 +116,17 @@ if ( ! function_exists('is_really_writable')) // ------------------------------------------------------------------------ /** -* Class registry -* -* This function acts as a singleton. If the requested class does not -* exist it is instantiated and set to a static variable. If it has -* previously been instantiated the variable is returned. -* -* @access public -* @param string the class name being requested -* @param string the directory where the class should be found -* @param string the class name prefix -* @return object -*/ + * Class registry + * + * This function acts as a singleton. If the requested class does not + * exist it is instantiated and set to a static variable. If it has + * previously been instantiated the variable is returned. + * + * @param string the class name being requested + * @param string the directory where the class should be found + * @param string the class name prefix + * @return object + */ if ( ! function_exists('load_class')) { function &load_class($class, $directory = 'libraries', $prefix = 'CI_') @@ -191,12 +188,11 @@ if ( ! function_exists('load_class')) // -------------------------------------------------------------------- /** -* Keeps track of which libraries have been loaded. This function is -* called by the load_class() function above -* -* @access public -* @return array -*/ + * Keeps track of which libraries have been loaded. This function is + * called by the load_class() function above + * + * @return array + */ if ( ! function_exists('is_loaded')) { function is_loaded($class = '') @@ -215,14 +211,13 @@ if ( ! function_exists('is_loaded')) // ------------------------------------------------------------------------ /** -* Loads the main config.php file -* -* This function lets us grab the config file even if the Config class -* hasn't been instantiated yet -* -* @access private -* @return array -*/ + * Loads the main config.php file + * + * This function lets us grab the config file even if the Config class + * hasn't been instantiated yet + * + * @return array + */ if ( ! function_exists('get_config')) { function &get_config($replace = array()) @@ -273,11 +268,10 @@ if ( ! function_exists('get_config')) // ------------------------------------------------------------------------ /** -* Returns the specified config item -* -* @access public -* @return mixed -*/ + * Returns the specified config item + * + * @return mixed + */ if ( ! function_exists('config_item')) { function config_item($item) @@ -302,17 +296,16 @@ if ( ! function_exists('config_item')) // ------------------------------------------------------------------------ /** -* Error Handler -* -* This function lets us invoke the exception class and -* display errors using the standard error template located -* in application/errors/errors.php -* This function will send the error page directly to the -* browser and exit. -* -* @access public -* @return void -*/ + * Error Handler + * + * This function lets us invoke the exception class and + * display errors using the standard error template located + * in application/errors/errors.php + * This function will send the error page directly to the + * browser and exit. + * + * @return void + */ if ( ! function_exists('show_error')) { function show_error($message, $status_code = 500, $heading = 'An Error Was Encountered') @@ -326,15 +319,14 @@ if ( ! function_exists('show_error')) // ------------------------------------------------------------------------ /** -* 404 Page Handler -* -* This function is similar to the show_error() function above -* However, instead of the standard error template it displays -* 404 errors. -* -* @access public -* @return void -*/ + * 404 Page Handler + * + * This function is similar to the show_error() function above + * However, instead of the standard error template it displays + * 404 errors. + * + * @return void + */ if ( ! function_exists('show_404')) { function show_404($page = '', $log_error = TRUE) @@ -348,14 +340,13 @@ if ( ! function_exists('show_404')) // ------------------------------------------------------------------------ /** -* Error Logging Interface -* -* We use this as a simple mechanism to access the logging -* class and send messages to be logged. -* -* @access public -* @return void -*/ + * Error Logging Interface + * + * We use this as a simple mechanism to access the logging + * class and send messages to be logged. + * + * @return void + */ if ( ! function_exists('log_message')) { function log_message($level = 'error', $message, $php_error = FALSE) @@ -377,7 +368,6 @@ if ( ! function_exists('log_message')) /** * Set HTTP Status Header * - * @access public * @param int the status code * @param string * @return void @@ -464,19 +454,18 @@ if ( ! function_exists('set_status_header')) // -------------------------------------------------------------------- /** -* Exception Handler -* -* This is the custom exception handler that is declaired at the top -* of Codeigniter.php. The main reason we use this is to permit -* PHP errors to be logged in our own log files since the user may -* not have access to server logs. Since this function -* effectively intercepts PHP errors, however, we also need -* to display errors based on the current error_reporting level. -* We do that with the use of a PHP error template. -* -* @access private -* @return void -*/ + * Exception Handler + * + * This is the custom exception handler that is declaired at the top + * of Codeigniter.php. The main reason we use this is to permit + * PHP errors to be logged in our own log files since the user may + * not have access to server logs. Since this function + * effectively intercepts PHP errors, however, we also need + * to display errors based on the current error_reporting level. + * We do that with the use of a PHP error template. + * + * @return void + */ if ( ! function_exists('_exception_handler')) { function _exception_handler($severity, $message, $filepath, $line) @@ -518,7 +507,6 @@ if ( ! function_exists('_exception_handler')) * This prevents sandwiching null characters * between ascii characters, like Java\0script. * - * @access public * @param string * @return string */ @@ -552,12 +540,11 @@ if ( ! function_exists('remove_invisible_characters')) // ------------------------------------------------------------------------ /** -* Returns HTML escaped variable -* -* @access public -* @param mixed -* @return mixed -*/ + * Returns HTML escaped variable + * + * @param mixed + * @return mixed + */ if ( ! function_exists('html_escape')) { function html_escape($var) @@ -566,12 +553,57 @@ if ( ! function_exists('html_escape')) { return array_map('html_escape', $var); } + + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + } +} + +// ------------------------------------------------------------------------ + +/** + * Load Environmental config directory files. + * + * In several places we check to see if the environment is loaded up and if the file + * that is being requested lives in said environment. Otherwise load up the file from + * the main CI config dir. + * + * @todo Optimize a bit to lessen the file system hits if the file has been loaded. + * @param string filename without extension. eg: 'config' or 'hooks' + * @param boolean whether or not to do a `require_once()` or a simple `include()` + * @return void + */ + if ( ! function_exists('load_environ_config')) + { + function load_environ_config($file, $require=FALSE) + { + if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/'.$file.'.php')) + { + if ($require) + { + require_once(APPPATH.'config/'.ENVIRONMENT.'/'.$file.'.php'); + } + else + { + include(APPPATH.'config/'.ENVIRONMENT.'/'.$file.'.php'); + } + + return; + } + + if ($require) + { + require_once(APPPATH.'config/'.$file.'.php'); + } else { - return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + include(APPPATH.'config/'.$file.'.php'); } + + return; } -} + } + +// ------------------------------------------------------------------------ /* End of file Common.php */ /* Location: ./system/core/Common.php */ \ No newline at end of file diff --git a/system/core/Hooks.php b/system/core/Hooks.php index aa251a389..6a36ce963 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -91,16 +91,7 @@ class CI_Hooks { // Grab the "hooks" definition file. // If there are no hooks, we're done. - - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) - { - include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); - } - elseif (is_file(APPPATH.'config/hooks.php')) - { - include(APPPATH.'config/hooks.php'); - } - + load_environ_config('hooks'); if ( ! isset($hook) OR ! is_array($hook)) { diff --git a/system/core/Loader.php b/system/core/Loader.php index 4e14b54af..12d07bbe0 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -1125,14 +1125,7 @@ class CI_Loader { */ protected function _ci_autoloader() { - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) - { - include(APPPATH.'config/'.ENVIRONMENT.'/autoload.php'); - } - else - { - include(APPPATH.'config/autoload.php'); - } + load_environ_config('autoload'); if ( ! isset($autoload)) { diff --git a/system/core/Output.php b/system/core/Output.php index 9727a184f..4d1036ceb 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -106,15 +106,7 @@ class CI_Output { $this->_zlib_oc = @ini_get('zlib.output_compression'); // Get mime types for later - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) - { - include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; - } - else - { - include APPPATH.'config/mimes.php'; - } - + load_environ_config('mimes'); $this->mime_types = $mimes; diff --git a/system/core/Router.php b/system/core/Router.php index 748678d67..5388a9289 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -141,14 +141,7 @@ class CI_Router { } // Load the routes.php file. - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/routes.php')) - { - include(APPPATH.'config/'.ENVIRONMENT.'/routes.php'); - } - elseif (is_file(APPPATH.'config/routes.php')) - { - include(APPPATH.'config/routes.php'); - } + load_environ_config('routes'); $this->routes = ( ! isset($route) OR ! is_array($route)) ? array() : $route; unset($route); -- cgit v1.2.3-24-g4f1b From d2c4ec66946877ba4ef1c2bedf848eca9667c01d Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 25 Dec 2011 22:52:57 -0600 Subject: Changes in the UTF8 Class. - Adding error suppression ("@") on the preg_match() in the constructor to help prevent errors if PCRE doesn't support Unicode - Adding method visibility. - Changed comparisons on integers/booleans to explicit. eg: !==/=== --- system/core/Utf8.php | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) (limited to 'system/core') diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 7abe4e43b..1bcf526a5 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -44,19 +44,18 @@ class CI_Utf8 { * Constructor * * Determines if UTF-8 support is to be enabled - * */ - function __construct() + public function __construct() { log_message('debug', "Utf8 Class Initialized"); global $CFG; if ( - preg_match('/./u', 'é') === 1 // PCRE must support UTF-8 - AND function_exists('iconv') // iconv must be installed - AND ini_get('mbstring.func_overload') != 1 // Multibyte string function overloading cannot be enabled - AND $CFG->item('charset') == 'UTF-8' // Application charset must be UTF-8 + @preg_match('/./u', 'é') === 1 // PCRE must support UTF-8 + && function_exists('iconv') // iconv must be installed + && ini_get('mbstring.func_overload') !== 1 // Multibyte string function overloading cannot be enabled + && $CFG->item('charset') == 'UTF-8' // Application charset must be UTF-8 ) { log_message('debug', "UTF-8 Support Enabled"); @@ -90,11 +89,10 @@ class CI_Utf8 { * * Ensures strings are UTF-8 * - * @access public * @param string * @return string */ - function clean_string($str) + public function clean_string($str) { if ($this->_is_ascii($str) === FALSE) { @@ -113,11 +111,10 @@ class CI_Utf8 { * line feeds, and carriage returns, as all others can cause * problems in XML * - * @access public * @param string * @return string */ - function safe_ascii_for_xml($str) + public function safe_ascii_for_xml($str) { return remove_invisible_characters($str, FALSE); } @@ -129,12 +126,11 @@ class CI_Utf8 { * * Attempts to convert a string to UTF-8 * - * @access public * @param string * @param string - input encoding * @return string */ - function convert_to_utf8($str, $encoding) + public function convert_to_utf8($str, $encoding) { if (function_exists('iconv')) { @@ -159,13 +155,12 @@ class CI_Utf8 { * * Tests if a string is standard 7-bit ASCII or not * - * @access public * @param string * @return bool */ - function _is_ascii($str) + protected function _is_ascii($str) { - return (preg_match('/[^\x00-\x7F]/S', $str) == 0); + return (preg_match('/[^\x00-\x7F]/S', $str) === 0); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From d96f88277c1e9a4c069c2e2ee3d779385549f31a Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Tue, 27 Dec 2011 16:23:47 -0600 Subject: Revert "Abstracting the loading of files in the config directory depending on environments." This reverts commit 5c1aa631c5f5ec2f6b75ba1158178418e50ba11a. --- system/core/CodeIgniter.php | 9 +- system/core/Common.php | 200 +++++++++++++++++++------------------------- system/core/Hooks.php | 11 ++- system/core/Loader.php | 9 +- system/core/Output.php | 10 ++- system/core/Router.php | 9 +- 6 files changed, 127 insertions(+), 121 deletions(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 04f346c7c..97527e5ca 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -59,7 +59,14 @@ * Load the framework constants * ------------------------------------------------------ */ - load_environ_config('constants', TRUE); + if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php')) + { + require(APPPATH.'config/'.ENVIRONMENT.'/constants.php'); + } + else + { + require(APPPATH.'config/constants.php'); + } /* * ------------------------------------------------------ diff --git a/system/core/Common.php b/system/core/Common.php index 9e05f3db4..b0921fe0c 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -47,6 +47,7 @@ * Since there are a few places where we conditionally test for PHP > 5 * we'll set a static variable. * +* @access public * @param string * @return bool TRUE if the current version is $version or higher */ @@ -75,6 +76,7 @@ if ( ! function_exists('is_php')) * the file, based on the read-only attribute. is_writable() is also unreliable * on Unix servers if safe_mode is on. * + * @access private * @return void */ if ( ! function_exists('is_really_writable')) @@ -116,17 +118,18 @@ if ( ! function_exists('is_really_writable')) // ------------------------------------------------------------------------ /** - * Class registry - * - * This function acts as a singleton. If the requested class does not - * exist it is instantiated and set to a static variable. If it has - * previously been instantiated the variable is returned. - * - * @param string the class name being requested - * @param string the directory where the class should be found - * @param string the class name prefix - * @return object - */ +* Class registry +* +* This function acts as a singleton. If the requested class does not +* exist it is instantiated and set to a static variable. If it has +* previously been instantiated the variable is returned. +* +* @access public +* @param string the class name being requested +* @param string the directory where the class should be found +* @param string the class name prefix +* @return object +*/ if ( ! function_exists('load_class')) { function &load_class($class, $directory = 'libraries', $prefix = 'CI_') @@ -188,11 +191,12 @@ if ( ! function_exists('load_class')) // -------------------------------------------------------------------- /** - * Keeps track of which libraries have been loaded. This function is - * called by the load_class() function above - * - * @return array - */ +* Keeps track of which libraries have been loaded. This function is +* called by the load_class() function above +* +* @access public +* @return array +*/ if ( ! function_exists('is_loaded')) { function is_loaded($class = '') @@ -211,13 +215,14 @@ if ( ! function_exists('is_loaded')) // ------------------------------------------------------------------------ /** - * Loads the main config.php file - * - * This function lets us grab the config file even if the Config class - * hasn't been instantiated yet - * - * @return array - */ +* Loads the main config.php file +* +* This function lets us grab the config file even if the Config class +* hasn't been instantiated yet +* +* @access private +* @return array +*/ if ( ! function_exists('get_config')) { function &get_config($replace = array()) @@ -268,10 +273,11 @@ if ( ! function_exists('get_config')) // ------------------------------------------------------------------------ /** - * Returns the specified config item - * - * @return mixed - */ +* Returns the specified config item +* +* @access public +* @return mixed +*/ if ( ! function_exists('config_item')) { function config_item($item) @@ -296,16 +302,17 @@ if ( ! function_exists('config_item')) // ------------------------------------------------------------------------ /** - * Error Handler - * - * This function lets us invoke the exception class and - * display errors using the standard error template located - * in application/errors/errors.php - * This function will send the error page directly to the - * browser and exit. - * - * @return void - */ +* Error Handler +* +* This function lets us invoke the exception class and +* display errors using the standard error template located +* in application/errors/errors.php +* This function will send the error page directly to the +* browser and exit. +* +* @access public +* @return void +*/ if ( ! function_exists('show_error')) { function show_error($message, $status_code = 500, $heading = 'An Error Was Encountered') @@ -319,14 +326,15 @@ if ( ! function_exists('show_error')) // ------------------------------------------------------------------------ /** - * 404 Page Handler - * - * This function is similar to the show_error() function above - * However, instead of the standard error template it displays - * 404 errors. - * - * @return void - */ +* 404 Page Handler +* +* This function is similar to the show_error() function above +* However, instead of the standard error template it displays +* 404 errors. +* +* @access public +* @return void +*/ if ( ! function_exists('show_404')) { function show_404($page = '', $log_error = TRUE) @@ -340,13 +348,14 @@ if ( ! function_exists('show_404')) // ------------------------------------------------------------------------ /** - * Error Logging Interface - * - * We use this as a simple mechanism to access the logging - * class and send messages to be logged. - * - * @return void - */ +* Error Logging Interface +* +* We use this as a simple mechanism to access the logging +* class and send messages to be logged. +* +* @access public +* @return void +*/ if ( ! function_exists('log_message')) { function log_message($level = 'error', $message, $php_error = FALSE) @@ -368,6 +377,7 @@ if ( ! function_exists('log_message')) /** * Set HTTP Status Header * + * @access public * @param int the status code * @param string * @return void @@ -454,18 +464,19 @@ if ( ! function_exists('set_status_header')) // -------------------------------------------------------------------- /** - * Exception Handler - * - * This is the custom exception handler that is declaired at the top - * of Codeigniter.php. The main reason we use this is to permit - * PHP errors to be logged in our own log files since the user may - * not have access to server logs. Since this function - * effectively intercepts PHP errors, however, we also need - * to display errors based on the current error_reporting level. - * We do that with the use of a PHP error template. - * - * @return void - */ +* Exception Handler +* +* This is the custom exception handler that is declaired at the top +* of Codeigniter.php. The main reason we use this is to permit +* PHP errors to be logged in our own log files since the user may +* not have access to server logs. Since this function +* effectively intercepts PHP errors, however, we also need +* to display errors based on the current error_reporting level. +* We do that with the use of a PHP error template. +* +* @access private +* @return void +*/ if ( ! function_exists('_exception_handler')) { function _exception_handler($severity, $message, $filepath, $line) @@ -507,6 +518,7 @@ if ( ! function_exists('_exception_handler')) * This prevents sandwiching null characters * between ascii characters, like Java\0script. * + * @access public * @param string * @return string */ @@ -540,11 +552,12 @@ if ( ! function_exists('remove_invisible_characters')) // ------------------------------------------------------------------------ /** - * Returns HTML escaped variable - * - * @param mixed - * @return mixed - */ +* Returns HTML escaped variable +* +* @access public +* @param mixed +* @return mixed +*/ if ( ! function_exists('html_escape')) { function html_escape($var) @@ -553,57 +566,12 @@ if ( ! function_exists('html_escape')) { return array_map('html_escape', $var); } - - return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); - } -} - -// ------------------------------------------------------------------------ - -/** - * Load Environmental config directory files. - * - * In several places we check to see if the environment is loaded up and if the file - * that is being requested lives in said environment. Otherwise load up the file from - * the main CI config dir. - * - * @todo Optimize a bit to lessen the file system hits if the file has been loaded. - * @param string filename without extension. eg: 'config' or 'hooks' - * @param boolean whether or not to do a `require_once()` or a simple `include()` - * @return void - */ - if ( ! function_exists('load_environ_config')) - { - function load_environ_config($file, $require=FALSE) - { - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/'.$file.'.php')) - { - if ($require) - { - require_once(APPPATH.'config/'.ENVIRONMENT.'/'.$file.'.php'); - } - else - { - include(APPPATH.'config/'.ENVIRONMENT.'/'.$file.'.php'); - } - - return; - } - - if ($require) - { - require_once(APPPATH.'config/'.$file.'.php'); - } else { - include(APPPATH.'config/'.$file.'.php'); + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); } - - return; } - } - -// ------------------------------------------------------------------------ +} /* End of file Common.php */ /* Location: ./system/core/Common.php */ \ No newline at end of file diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 6a36ce963..aa251a389 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -91,7 +91,16 @@ class CI_Hooks { // Grab the "hooks" definition file. // If there are no hooks, we're done. - load_environ_config('hooks'); + + if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) + { + include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); + } + elseif (is_file(APPPATH.'config/hooks.php')) + { + include(APPPATH.'config/hooks.php'); + } + if ( ! isset($hook) OR ! is_array($hook)) { diff --git a/system/core/Loader.php b/system/core/Loader.php index 83d134ef4..d42dbbf38 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -1139,7 +1139,14 @@ class CI_Loader { */ protected function _ci_autoloader() { - load_environ_config('autoload'); + if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/autoload.php')) + { + include(APPPATH.'config/'.ENVIRONMENT.'/autoload.php'); + } + else + { + include(APPPATH.'config/autoload.php'); + } if ( ! isset($autoload)) { diff --git a/system/core/Output.php b/system/core/Output.php index 4d1036ceb..9727a184f 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -106,7 +106,15 @@ class CI_Output { $this->_zlib_oc = @ini_get('zlib.output_compression'); // Get mime types for later - load_environ_config('mimes'); + if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) + { + include APPPATH.'config/'.ENVIRONMENT.'/mimes.php'; + } + else + { + include APPPATH.'config/mimes.php'; + } + $this->mime_types = $mimes; diff --git a/system/core/Router.php b/system/core/Router.php index 5388a9289..748678d67 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -141,7 +141,14 @@ class CI_Router { } // Load the routes.php file. - load_environ_config('routes'); + if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/routes.php')) + { + include(APPPATH.'config/'.ENVIRONMENT.'/routes.php'); + } + elseif (is_file(APPPATH.'config/routes.php')) + { + include(APPPATH.'config/routes.php'); + } $this->routes = ( ! isset($route) OR ! is_array($route)) ? array() : $route; unset($route); -- cgit v1.2.3-24-g4f1b From 2be25a6fdb9aa197debca28d1cfe0e0e542296b0 Mon Sep 17 00:00:00 2001 From: RS71 Date: Sat, 31 Dec 2011 16:02:04 -0200 Subject: Update system/core/Security.php --- system/core/Security.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 60a64f358..510f3d1ae 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -180,9 +180,14 @@ class CI_Security { // polute the _POST array unset($_POST[$this->_csrf_token_name]); - // Nothing should last forever - unset($_COOKIE[$this->_csrf_cookie_name]); - $this->_csrf_hash = ''; + // Regenerate on every submission? + if (config_item('csrf_regenerate')) + { + // Nothing should last forever + unset($_COOKIE[$this->_csrf_cookie_name]); + $this->_csrf_hash = ''; + } + $this->_csrf_set_hash(); $this->csrf_set_cookie(); -- cgit v1.2.3-24-g4f1b From 0defe5d33ee2633f377a109519ca818becc60f64 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 1 Jan 2012 18:46:41 -0600 Subject: Updating copyright date to 2012 --- system/core/Benchmark.php | 2 +- system/core/CodeIgniter.php | 2 +- system/core/Common.php | 2 +- system/core/Config.php | 2 +- system/core/Controller.php | 2 +- system/core/Exceptions.php | 2 +- system/core/Hooks.php | 2 +- system/core/Input.php | 2 +- system/core/Lang.php | 2 +- system/core/Loader.php | 2 +- system/core/Model.php | 2 +- system/core/Output.php | 2 +- system/core/Router.php | 2 +- system/core/Security.php | 2 +- system/core/URI.php | 2 +- system/core/Utf8.php | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) (limited to 'system/core') diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index 0f3104079..da246c9e0 100755 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 97527e5ca..5152073d5 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Common.php b/system/core/Common.php index b0921fe0c..f42bb640c 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Config.php b/system/core/Config.php index b0b4c9aa4..3e2635494 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Controller.php b/system/core/Controller.php index ca2bf41b5..55b3ec235 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index ead8d814e..3737f2930 100755 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Hooks.php b/system/core/Hooks.php index aa251a389..174adcb19 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Input.php b/system/core/Input.php index 3cbbe787f..7cfa4c63f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Lang.php b/system/core/Lang.php index e03afb07d..5eb2801f6 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Loader.php b/system/core/Loader.php index d42dbbf38..c4a6b501c 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Model.php b/system/core/Model.php index c34bab64b..fc640139a 100755 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Output.php b/system/core/Output.php index 9727a184f..e529f914d 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Router.php b/system/core/Router.php index 748678d67..8cad86888 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Security.php b/system/core/Security.php index 60a64f358..272a8bf3f 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/URI.php b/system/core/URI.php index 578d17429..3c26d307b 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 1bcf526a5..40a7ac4c0 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 2.0 -- cgit v1.2.3-24-g4f1b From 2fbbfe34033dba5f362382818d0ae4c809ff6698 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 18:37:15 +0200 Subject: Improve the Benchmark library --- system/core/Benchmark.php | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) (limited to 'system/core') diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index da246c9e0..f4dfd3dab 100755 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -1,13 +1,13 @@ -marker[$name] = microtime(); } @@ -75,13 +74,12 @@ class CI_Benchmark { * execution time to be shown in a template. The output class will * swap the real value for this variable. * - * @access public * @param string a particular marked point * @param string a particular marked point * @param integer the number of decimal places * @return mixed */ - function elapsed_time($point1 = '', $point2 = '', $decimals = 4) + public function elapsed_time($point1 = '', $point2 = '', $decimals = 4) { if ($point1 == '') { @@ -114,17 +112,14 @@ class CI_Benchmark { * without the memory being calculated until the end. * The output class will swap the real value for this variable. * - * @access public * @return string */ - function memory_usage() + public function memory_usage() { return '{memory_usage}'; } } -// END CI_Benchmark class - /* End of file Benchmark.php */ -/* Location: ./system/core/Benchmark.php */ \ No newline at end of file +/* Location: ./system/core/Benchmark.php */ -- cgit v1.2.3-24-g4f1b From 9c5c24a582b32659c89f74fb5f773d06db23e426 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 18:51:21 +0200 Subject: Improve core/CodeIgniter.php --- system/core/CodeIgniter.php | 38 +++++++++++++++----------------------- 1 file changed, 15 insertions(+), 23 deletions(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 5152073d5..e3d818825 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -1,13 +1,13 @@ -_call_hook('cache_override') === FALSE) + if ($EXT->_call_hook('cache_override') === FALSE + AND $OUT->_display_cache($CFG, $URI) == TRUE) { - if ($OUT->_display_cache($CFG, $URI) == TRUE) - { - exit; - } + exit; } /* @@ -273,13 +267,13 @@ $method = $RTR->fetch_method(); if ( ! class_exists($class) - OR strncmp($method, '_', 1) == 0 + OR strpos($method, '_', 1) === 0 OR in_array(strtolower($method), array_map('strtolower', get_class_methods('CI_Controller'))) ) { if ( ! empty($RTR->routes['404_override'])) { - $x = explode('/', $RTR->routes['404_override']); + $x = explode('/', $RTR->routes['404_override'], 2); $class = $x[0]; $method = (isset($x[1]) ? $x[1] : 'index'); if ( ! class_exists($class)) @@ -341,7 +335,7 @@ // Check and see if we are using a 404 override and use it. if ( ! empty($RTR->routes['404_override'])) { - $x = explode('/', $RTR->routes['404_override']); + $x = explode('/', $RTR->routes['404_override'], 2); $class = $x[0]; $method = (isset($x[1]) ? $x[1] : 'index'); if ( ! class_exists($class)) @@ -367,7 +361,6 @@ call_user_func_array(array(&$CI, $method), array_slice($URI->rsegments, 2)); } - // Mark a benchmark end point $BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_end'); @@ -405,6 +398,5 @@ $CI->db->close(); } - /* End of file CodeIgniter.php */ -/* Location: ./system/core/CodeIgniter.php */ \ No newline at end of file +/* Location: ./system/core/CodeIgniter.php */ -- cgit v1.2.3-24-g4f1b From 188abafcd3cc9b196755c0227eebc9a10f33d3a7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 19:09:42 +0200 Subject: Improve core/Common.php --- system/core/Common.php | 133 ++++++++++++++++++++++++------------------------- 1 file changed, 66 insertions(+), 67 deletions(-) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index f42bb640c..abbe789e2 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -1,13 +1,13 @@ - 'OK', - 201 => 'Created', - 202 => 'Accepted', - 203 => 'Non-Authoritative Information', - 204 => 'No Content', - 205 => 'Reset Content', - 206 => 'Partial Content', - - 300 => 'Multiple Choices', - 301 => 'Moved Permanently', - 302 => 'Found', - 304 => 'Not Modified', - 305 => 'Use Proxy', - 307 => 'Temporary Redirect', - - 400 => 'Bad Request', - 401 => 'Unauthorized', - 403 => 'Forbidden', - 404 => 'Not Found', - 405 => 'Method Not Allowed', - 406 => 'Not Acceptable', - 407 => 'Proxy Authentication Required', - 408 => 'Request Timeout', - 409 => 'Conflict', - 410 => 'Gone', - 411 => 'Length Required', - 412 => 'Precondition Failed', - 413 => 'Request Entity Too Large', - 414 => 'Request-URI Too Long', - 415 => 'Unsupported Media Type', - 416 => 'Requested Range Not Satisfiable', - 417 => 'Expectation Failed', - 422 => 'Unprocessable Entity', - - 500 => 'Internal Server Error', - 501 => 'Not Implemented', - 502 => 'Bad Gateway', - 503 => 'Service Unavailable', - 504 => 'Gateway Timeout', - 505 => 'HTTP Version Not Supported' - ); + 200 => 'OK', + 201 => 'Created', + 202 => 'Accepted', + 203 => 'Non-Authoritative Information', + 204 => 'No Content', + 205 => 'Reset Content', + 206 => 'Partial Content', + + 300 => 'Multiple Choices', + 301 => 'Moved Permanently', + 302 => 'Found', + 304 => 'Not Modified', + 305 => 'Use Proxy', + 307 => 'Temporary Redirect', + + 400 => 'Bad Request', + 401 => 'Unauthorized', + 403 => 'Forbidden', + 404 => 'Not Found', + 405 => 'Method Not Allowed', + 406 => 'Not Acceptable', + 407 => 'Proxy Authentication Required', + 408 => 'Request Timeout', + 409 => 'Conflict', + 410 => 'Gone', + 411 => 'Length Required', + 412 => 'Precondition Failed', + 413 => 'Request Entity Too Large', + 414 => 'Request-URI Too Long', + 415 => 'Unsupported Media Type', + 416 => 'Requested Range Not Satisfiable', + 417 => 'Expectation Failed', + 422 => 'Unprocessable Entity', + + 500 => 'Internal Server Error', + 501 => 'Not Implemented', + 502 => 'Bad Gateway', + 503 => 'Service Unavailable', + 504 => 'Gateway Timeout', + 505 => 'HTTP Version Not Supported' + ); if ($code == '' OR ! is_numeric($code)) { @@ -441,12 +441,12 @@ if ( ! function_exists('set_status_header')) if ($text == '') { - show_error('No status text available. Please check your status code number or supply your own message text.', 500); + show_error('No status text available. Please check your status code number or supply your own message text.', 500); } $server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; - if (substr(php_sapi_name(), 0, 3) == 'cgi') + if (strpos(php_sapi_name(), 'cgi') === 0) { header("Status: {$code} {$text}", TRUE); } @@ -527,16 +527,15 @@ if ( ! function_exists('remove_invisible_characters')) function remove_invisible_characters($str, $url_encoded = TRUE) { $non_displayables = array(); - - // every control character except newline (dec 10) - // carriage return (dec 13), and horizontal tab (dec 09) - + + // every control character except newline (dec 10), + // carriage return (dec 13) and horizontal tab (dec 09) if ($url_encoded) { $non_displayables[] = '/%0[0-8bcef]/'; // url encoded 00-08, 11, 12, 14, 15 $non_displayables[] = '/%1[0-9a-f]/'; // url encoded 16-31 } - + $non_displayables[] = '/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]+/S'; // 00-08, 11, 12, 14-31, 127 do @@ -574,4 +573,4 @@ if ( ! function_exists('html_escape')) } /* End of file Common.php */ -/* Location: ./system/core/Common.php */ \ No newline at end of file +/* Location: ./system/core/Common.php */ -- cgit v1.2.3-24-g4f1b From ccabcfd68919ecf146cd5f21079365afbffad000 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 19:30:47 +0200 Subject: Improve the Config library --- system/core/Config.php | 114 +++++++++++++++++-------------------------------- 1 file changed, 40 insertions(+), 74 deletions(-) (limited to 'system/core') diff --git a/system/core/Config.php b/system/core/Config.php index 3e2635494..55da4e338 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -1,13 +1,13 @@ -config =& get_config(); log_message('debug', "Config Class Initialized"); @@ -81,10 +81,9 @@ class CI_Config { if (isset($_SERVER['HTTP_HOST'])) { $base_url = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http'; - $base_url .= '://'. $_SERVER['HTTP_HOST']; - $base_url .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); + $base_url .= '://'. $_SERVER['HTTP_HOST'] + . str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); } - else { $base_url = 'http://localhost/'; @@ -99,27 +98,25 @@ class CI_Config { /** * Load Config File * - * @access public * @param string the config file name - * @param boolean if configuration values should be loaded into their own section - * @param boolean true if errors should just return false, false if an error message should be displayed + * @param boolean if configuration values should be loaded into their own section + * @param boolean true if errors should just return false, false if an error message should be displayed * @return boolean if the file was loaded correctly */ - function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE) + public function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE) { $file = ($file == '') ? 'config' : str_replace('.php', '', $file); - $found = FALSE; - $loaded = FALSE; + $found = $loaded = FALSE; foreach ($this->_config_paths as $path) { $check_locations = defined('ENVIRONMENT') - ? array(ENVIRONMENT.'/'.$file, $file) + ? array(ENVIRONMENT.DIRECTORY_SEPARATOR.$file, $file) : array($file); foreach ($check_locations as $location) { - $file_path = $path.'config/'.$location.'.php'; + $file_path = $path.'config'.DIRECTORY_SEPARATOR.$location.'.php'; if (in_array($file_path, $this->is_loaded, TRUE)) { @@ -192,39 +189,19 @@ class CI_Config { * Fetch a config file item * * - * @access public * @param string the config item name * @param string the index name * @param bool * @return string */ - function item($item, $index = '') + public function item($item, $index = '') { if ($index == '') { - if ( ! isset($this->config[$item])) - { - return FALSE; - } - - $pref = $this->config[$item]; - } - else - { - if ( ! isset($this->config[$index])) - { - return FALSE; - } - - if ( ! isset($this->config[$index][$item])) - { - return FALSE; - } - - $pref = $this->config[$index][$item]; + return isset($this->config[$item]) ? $this->config[$item] : FALSE; } - return $pref; + return isset($this->config[$index], $this->config[$index][$item]) ? $this->config[$index][$item] : FALSE; } // -------------------------------------------------------------------- @@ -232,18 +209,17 @@ class CI_Config { /** * Fetch a config file item - adds slash after item (if item is not empty) * - * @access public * @param string the config item name * @param bool * @return string */ - function slash_item($item) + public function slash_item($item) { if ( ! isset($this->config[$item])) { return FALSE; } - if( trim($this->config[$item]) == '') + elseif (trim($this->config[$item]) == '') { return ''; } @@ -257,11 +233,10 @@ class CI_Config { * Site URL * Returns base_url . index_page [. uri_string] * - * @access public * @param string the URI string * @return string */ - function site_url($uri = '') + public function site_url($uri = '') { if ($uri == '') { @@ -285,11 +260,10 @@ class CI_Config { * Base URL * Returns base_url [. uri_string] * - * @access public * @param string $uri * @return string */ - function base_url($uri = '') + public function base_url($uri = '') { return $this->slash_item('base_url').ltrim($this->_uri_string($uri),'/'); } @@ -299,8 +273,7 @@ class CI_Config { /** * Build URI string for use in Config::site_url() and Config::base_url() * - * @access protected - * @param $uri + * @param mixed $uri * @return string */ protected function _uri_string($uri) @@ -311,23 +284,21 @@ class CI_Config { { $uri = implode('/', $uri); } - $uri = trim($uri, '/'); + return trim($uri, '/'); } - else + elseif (is_array($uri)) { - if (is_array($uri)) + $i = 0; + $str = ''; + foreach ($uri as $key => $val) { - $i = 0; - $str = ''; - foreach ($uri as $key => $val) - { - $prefix = ($i == 0) ? '' : '&'; - $str .= $prefix.$key.'='.$val; - $i++; - } - $uri = $str; + $prefix = ($i === 0) ? '' : '&'; + $str .= $prefix.$key.'='.$val; + $i++; } + return $str; } + return $uri; } @@ -336,12 +307,11 @@ class CI_Config { /** * System URL * - * @access public * @return string */ - function system_url() + public function system_url() { - $x = explode("/", preg_replace("|/*(.+?)/*$|", "\\1", BASEPATH)); + $x = explode('/', preg_replace('|/*(.+?)/*$|', '\\1', BASEPATH)); return $this->slash_item('base_url').end($x).'/'; } @@ -350,12 +320,11 @@ class CI_Config { /** * Set a config file item * - * @access public * @param string the config item key * @param string the config item value * @return void */ - function set_item($item, $value) + public function set_item($item, $value) { $this->config[$item] = $value; } @@ -366,14 +335,13 @@ class CI_Config { * Assign to Config * * This function is called by the front controller (CodeIgniter.php) - * after the Config class is instantiated. It permits config items + * after the Config class is instantiated. It permits config items * to be assigned or overriden by variables contained in the index.php file * - * @access private * @param array * @return void */ - function _assign_to_config($items = array()) + public function _assign_to_config($items = array()) { if (is_array($items)) { @@ -385,7 +353,5 @@ class CI_Config { } } -// END CI_Config class - /* End of file Config.php */ /* Location: ./system/core/Config.php */ -- cgit v1.2.3-24-g4f1b From 7ac33d7a615f9b5e27fe92a0a91c4ebfb19faad3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 19:39:39 +0200 Subject: Improve core Controller & Exceptions libraries --- system/core/Controller.php | 16 +++------ system/core/Exceptions.php | 83 +++++++++++++++++++--------------------------- 2 files changed, 40 insertions(+), 59 deletions(-) (limited to 'system/core') diff --git a/system/core/Controller.php b/system/core/Controller.php index 55b3ec235..5ae0b0924 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -1,13 +1,13 @@ -load =& load_class('Loader', 'core'); - $this->load->initialize(); - log_message('debug', "Controller Class Initialized"); } @@ -70,7 +65,6 @@ class CI_Controller { return self::$instance; } } -// END Controller class /* End of file Controller.php */ -/* Location: ./system/core/Controller.php */ \ No newline at end of file +/* Location: ./system/core/Controller.php */ diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index 3737f2930..9b672ac54 100755 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -1,13 +1,13 @@ - 'Error', - E_WARNING => 'Warning', - E_PARSE => 'Parsing Error', - E_NOTICE => 'Notice', - E_CORE_ERROR => 'Core Error', - E_CORE_WARNING => 'Core Warning', - E_COMPILE_ERROR => 'Compile Error', - E_COMPILE_WARNING => 'Compile Warning', - E_USER_ERROR => 'User Error', - E_USER_WARNING => 'User Warning', - E_USER_NOTICE => 'User Notice', - E_STRICT => 'Runtime Notice' - ); + public $levels = array( + E_ERROR => 'Error', + E_WARNING => 'Warning', + E_PARSE => 'Parsing Error', + E_NOTICE => 'Notice', + E_CORE_ERROR => 'Core Error', + E_CORE_WARNING => 'Core Warning', + E_COMPILE_ERROR => 'Compile Error', + E_COMPILE_WARNING => 'Compile Warning', + E_USER_ERROR => 'User Error', + E_USER_WARNING => 'User Warning', + E_USER_NOTICE => 'User Notice', + E_STRICT => 'Runtime Notice' + ); - - /** - * Constructor - */ public function __construct() { $this->ob_level = ob_get_level(); - // Note: Do not log messages from this constructor. + // Note: Do not log messages from this constructor. } // -------------------------------------------------------------------- @@ -89,17 +84,15 @@ class CI_Exceptions { * * This function logs PHP generated error messages * - * @access private * @param string the error severity * @param string the error string * @param string the error filepath * @param string the error line number - * @return string + * @return void */ - function log_exception($severity, $message, $filepath, $line) + public function log_exception($severity, $message, $filepath, $line) { $severity = ( ! isset($this->levels[$severity])) ? $severity : $this->levels[$severity]; - log_message('error', 'Severity: '.$severity.' --> '.$message. ' '.$filepath.' '.$line, TRUE); } @@ -108,15 +101,14 @@ class CI_Exceptions { /** * 404 Page Not Found Handler * - * @access private * @param string the page * @param bool log error yes/no * @return string */ - function show_404($page = '', $log_error = TRUE) + public function show_404($page = '', $log_error = TRUE) { - $heading = "404 Page Not Found"; - $message = "The page you requested was not found."; + $heading = '404 Page Not Found'; + $message = 'The page you requested was not found.'; // By default we log this, but allow a dev to skip it if ($log_error) @@ -137,14 +129,13 @@ class CI_Exceptions { * (either as a string or an array) and displays * it using the specified template. * - * @access private * @param string the heading * @param string the message * @param string the template name * @param int the status code * @return string */ - function show_error($heading, $message, $template = 'error_general', $status_code = 500) + public function show_error($heading, $message, $template = 'error_general', $status_code = 500) { set_status_header($status_code); @@ -155,7 +146,7 @@ class CI_Exceptions { ob_end_flush(); } ob_start(); - include(APPPATH.'errors/'.$template.'.php'); + include(APPPATH.'errors'.DIRECTORY_SEPARATOR.$template.'.php'); $buffer = ob_get_contents(); ob_end_clean(); return $buffer; @@ -166,7 +157,6 @@ class CI_Exceptions { /** * Native PHP error handler * - * @access private * @param string the error severity * @param string the error string * @param string the error filepath @@ -176,8 +166,7 @@ class CI_Exceptions { function show_php_error($severity, $message, $filepath, $line) { $severity = ( ! isset($this->levels[$severity])) ? $severity : $this->levels[$severity]; - - $filepath = str_replace("\\", "/", $filepath); + $filepath = str_replace('\\', '/', $filepath); // For safety reasons we do not show the full file path if (FALSE !== strpos($filepath, '/')) @@ -191,15 +180,13 @@ class CI_Exceptions { ob_end_flush(); } ob_start(); - include(APPPATH.'errors/error_php.php'); + include(APPPATH.'errors'.DIRECTORY_SEPARATOR.'error_php.php'); $buffer = ob_get_contents(); ob_end_clean(); echo $buffer; } - } -// END Exceptions Class /* End of file Exceptions.php */ -/* Location: ./system/core/Exceptions.php */ \ No newline at end of file +/* Location: ./system/core/Exceptions.php */ -- cgit v1.2.3-24-g4f1b From 64e98aab6ba2c692a881035245efb94a76deb428 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 20:29:10 +0200 Subject: Improve code Input & Model libraries --- system/core/Input.php | 97 ++++++++++++++++++--------------------------------- system/core/Model.php | 19 ++++------ 2 files changed, 39 insertions(+), 77 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 7cfa4c63f..07bb30b15 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -1,13 +1,13 @@ -_allow_get_array = (config_item('allow_get_array') === TRUE); - $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); - $this->_enable_csrf = (config_item('csrf_protection') === TRUE); + $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); + $this->_enable_csrf = (config_item('csrf_protection') === TRUE); global $SEC; $this->security =& $SEC; @@ -122,7 +122,6 @@ class CI_Input { * * This is a helper function to retrieve values from global arrays * - * @access protected * @param array * @param string * @param bool @@ -148,7 +147,6 @@ class CI_Input { /** * Fetch an item from the GET array * - * @access public * @param string * @param bool * @return string @@ -176,7 +174,6 @@ class CI_Input { /** * Fetch an item from the POST array * - * @access public * @param string * @param bool * @return string @@ -205,21 +202,15 @@ class CI_Input { /** * Fetch an item from either the GET array or the POST * - * @access public * @param string The index key * @param bool XSS cleaning * @return string */ public function get_post($index = '', $xss_clean = FALSE) { - if ( ! isset($_POST[$index]) ) - { - return $this->get($index, $xss_clean); - } - else - { - return $this->post($index, $xss_clean); - } + return ( ! isset($_POST[$index])) + ? $this->get($index, $xss_clean) + : $this->post($index, $xss_clean); } // -------------------------------------------------------------------- @@ -227,7 +218,6 @@ class CI_Input { /** * Fetch an item from the COOKIE array * - * @access public * @param string * @param bool * @return string @@ -245,7 +235,6 @@ class CI_Input { * Accepts six parameter, or you can submit an associative * array in the first parameter containing all the values. * - * @access public * @param mixed * @param string the value of the cookie * @param string the number of seconds until expiration @@ -303,7 +292,6 @@ class CI_Input { /** * Fetch an item from the SERVER array * - * @access public * @param string * @param bool * @return string @@ -318,7 +306,6 @@ class CI_Input { /** * Fetch the IP Address * - * @access public * @return string */ public function ip_address() @@ -335,7 +322,7 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } @@ -354,8 +341,7 @@ class CI_Input { if ($this->ip_address === FALSE) { - $this->ip_address = '0.0.0.0'; - return $this->ip_address; + return $this->ip_address = '0.0.0.0'; } if (strpos($this->ip_address, ',') !== FALSE) @@ -366,7 +352,7 @@ class CI_Input { if ( ! $this->valid_ip($this->ip_address)) { - $this->ip_address = '0.0.0.0'; + return $this->ip_address = '0.0.0.0'; } return $this->ip_address; @@ -379,7 +365,6 @@ class CI_Input { * * Updated version suggested by Geert De Deckere * - * @access public * @param string * @return bool */ @@ -394,7 +379,7 @@ class CI_Input { $ip_segments = explode('.', $ip); // Always 4 segments needed - if (count($ip_segments) != 4) + if (count($ip_segments) !== 4) { return FALSE; } @@ -422,7 +407,6 @@ class CI_Input { /** * User Agent * - * @access public * @return string */ public function user_agent() @@ -432,9 +416,7 @@ class CI_Input { return $this->user_agent; } - $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; - - return $this->user_agent; + return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; } // -------------------------------------------------------------------- @@ -444,22 +426,20 @@ class CI_Input { * * This function does the following: * - * Unsets $_GET data (if query strings are not enabled) - * - * Unsets all globals if register_globals is enabled + * - Unsets $_GET data (if query strings are not enabled) + * - Unsets all globals if register_globals is enabled + * - Standardizes newline characters to \n * - * Standardizes newline characters to \n - * - * @access private * @return void */ private function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', - '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', - 'system_folder', 'application_folder', 'BM', 'EXT', - 'CFG', 'URI', 'RTR', 'OUT', 'IN'); + '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', + 'system_folder', 'application_folder', 'BM', 'EXT', + 'CFG', 'URI', 'RTR', 'OUT', 'IN' + ); // Unset globals for securiy. // This is effectively the same as register_globals = off @@ -532,7 +512,6 @@ class CI_Input { // Sanitize PHP_SELF $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); - // CSRF Protection check if ($this->_enable_csrf == TRUE) { @@ -550,7 +529,6 @@ class CI_Input { * This is a helper function. It escapes data and * standardizes newline characters to \n * - * @access private * @param string * @return string */ @@ -592,12 +570,9 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE) + if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE) { - if (strpos($str, "\r") !== FALSE) - { - $str = str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); - } + return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } return $str; @@ -612,13 +587,12 @@ class CI_Input { * from trying to exploit keys we make sure that keys are * only named with alpha-numeric text and a few other items. * - * @access private * @param string * @return string */ private function _clean_input_keys($str) { - if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) + if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { exit('Disallowed Key Characters.'); } @@ -626,7 +600,7 @@ class CI_Input { // Clean UTF-8 if supported if (UTF8_ENABLED === TRUE) { - $str = $this->uni->clean_string($str); + return $this->uni->clean_string($str); } return $str; @@ -640,10 +614,8 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * - * @access public * @param bool XSS cleaning - * - * @return array + * @return array */ public function request_headers($xss_clean = FALSE) { @@ -658,7 +630,7 @@ class CI_Input { foreach ($_SERVER as $key => $val) { - if (strncmp($key, 'HTTP_', 5) === 0) + if (strpos($key, 'HTTP_') === 0) { $headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); } @@ -684,7 +656,6 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @access public * @param string array key for $this->headers * @param boolean XSS Clean or not * @return mixed FALSE on failure, string on success @@ -716,7 +687,6 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @access public * @return boolean */ public function is_ajax_request() @@ -731,12 +701,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @access public * @return boolean */ public function is_cli_request() { - return (php_sapi_name() == 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli') or defined('STDIN'); } } diff --git a/system/core/Model.php b/system/core/Model.php index fc640139a..cd64468b8 100755 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -1,13 +1,13 @@ -$key; } } -// END Model Class /* End of file Model.php */ -/* Location: ./system/core/Model.php */ \ No newline at end of file +/* Location: ./system/core/Model.php */ -- cgit v1.2.3-24-g4f1b From 1f5fbb6cb35f5d234f9f2c95f730b13a9015f3c2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 20:53:29 +0200 Subject: Improve the core Output library --- system/core/Output.php | 150 +++++++++++++++---------------------------------- 1 file changed, 46 insertions(+), 104 deletions(-) (limited to 'system/core') diff --git a/system/core/Output.php b/system/core/Output.php index e529f914d..272545046 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -1,13 +1,13 @@ -_zlib_oc = @ini_get('zlib.output_compression'); @@ -117,8 +105,7 @@ class CI_Output { $this->mime_types = $mimes; - - log_message('debug', "Output Class Initialized"); + log_message('debug', 'Output Class Initialized'); } // -------------------------------------------------------------------- @@ -128,10 +115,9 @@ class CI_Output { * * Returns the current output string * - * @access public * @return string */ - function get_output() + public function get_output() { return $this->final_output; } @@ -147,10 +133,9 @@ class CI_Output { * @param string * @return void */ - function set_output($output) + public function set_output($output) { $this->final_output = $output; - return $this; } @@ -161,11 +146,10 @@ class CI_Output { * * Appends data onto the output string * - * @access public * @param string * @return void */ - function append_output($output) + public function append_output($output) { if ($this->final_output == '') { @@ -189,25 +173,22 @@ class CI_Output { * Note: If a file is cached, headers will not be sent. We need to figure out * how to permit header data to be saved with the cache data... * - * @access public * @param string * @param bool * @return void */ - function set_header($header, $replace = TRUE) + public function set_header($header, $replace = TRUE) { // If zlib.output_compression is enabled it will compress the output, // but it will not modify the content-length header to compensate for // the reduction, causing the browser to hang waiting for more data. // We'll just skip content-length in those cases. - if ($this->_zlib_oc && strncasecmp($header, 'content-length', 14) == 0) { return; } $this->headers[] = array($header, $replace); - return $this; } @@ -216,11 +197,10 @@ class CI_Output { /** * Set Content Type Header * - * @access public * @param string extension of the file we're outputting * @return void */ - function set_content_type($mime_type) + public function set_content_type($mime_type) { if (strpos($mime_type, '/') === FALSE) { @@ -241,7 +221,6 @@ class CI_Output { $header = 'Content-Type: '.$mime_type; $this->headers[] = array($header, TRUE); - return $this; } @@ -251,15 +230,13 @@ class CI_Output { * Set HTTP Status Header * moved to Common procedural functions in 1.7.2 * - * @access public * @param int the status code * @param string * @return void */ - function set_status_header($code = 200, $text = '') + public function set_status_header($code = 200, $text = '') { set_status_header($code, $text); - return $this; } @@ -268,14 +245,12 @@ class CI_Output { /** * Enable/disable Profiler * - * @access public * @param bool * @return void */ - function enable_profiler($val = TRUE) + public function enable_profiler($val = TRUE) { $this->enable_profiler = (is_bool($val)) ? $val : TRUE; - return $this; } @@ -286,11 +261,10 @@ class CI_Output { * * Allows override of default / config settings for Profiler section display * - * @access public * @param array * @return void */ - function set_profiler_sections($sections) + public function set_profiler_sections($sections) { foreach ($sections as $section => $enable) { @@ -305,14 +279,12 @@ class CI_Output { /** * Set Cache * - * @access public * @param integer * @return void */ - function cache($time) + publi function cache($time) { $this->cache_expiration = ( ! is_numeric($time)) ? 0 : $time; - return $this; } @@ -329,11 +301,10 @@ class CI_Output { * with any server headers and profile data. It also stops the * benchmark timer so the page rendering speed and memory usage can be shown. * - * @access public * @param string * @return mixed */ - function _display($output = '') + public function _display($output = '') { // Note: We use globals because we can't use $CI =& get_instance() // since this function is sometimes called by the caching mechanism, @@ -375,22 +346,17 @@ class CI_Output { { $memory = ( ! function_exists('memory_get_usage')) ? '0' : round(memory_get_usage()/1024/1024, 2).'MB'; - $output = str_replace('{elapsed_time}', $elapsed, $output); - $output = str_replace('{memory_usage}', $memory, $output); + $output = str_replace(array('{elapsed_time}', '{memory_usage}'), array($elapsed, $memory), $output); } // -------------------------------------------------------------------- // Is compression requested? - if ($CFG->item('compress_output') === TRUE && $this->_zlib_oc == FALSE) + if ($CFG->item('compress_output') === TRUE && $this->_zlib_oc == FALSE + && extension_loaded('zlib') + && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE) { - if (extension_loaded('zlib')) - { - if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) AND strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE) - { - ob_start('ob_gzhandler'); - } - } + ob_start('ob_gzhandler'); } // -------------------------------------------------------------------- @@ -412,8 +378,8 @@ class CI_Output { if ( ! isset($CI)) { echo $output; - log_message('debug', "Final output sent to browser"); - log_message('debug', "Total execution time: ".$elapsed); + log_message('debug', 'Final output sent to browser'); + log_message('debug', 'Total execution time: '.$elapsed); return TRUE; } @@ -424,7 +390,6 @@ class CI_Output { if ($this->enable_profiler == TRUE) { $CI->load->library('profiler'); - if ( ! empty($this->_profiler_sections)) { $CI->profiler->set_sections($this->_profiler_sections); @@ -432,16 +397,11 @@ class CI_Output { // If the output data contains closing and tags // we will remove them and add them back after we insert the profile data - if (preg_match("|.*?|is", $output)) + $output = preg_replace('|.*?|is', '', $output, $count).$CI->profiler->run(); + if ($count > 0) { - $output = preg_replace("|.*?|is", '', $output); - $output .= $CI->profiler->run(); $output .= ''; } - else - { - $output .= $CI->profiler->run(); - } } // -------------------------------------------------------------------- @@ -457,8 +417,8 @@ class CI_Output { echo $output; // Send it to the browser! } - log_message('debug', "Final output sent to browser"); - log_message('debug', "Total execution time: ".$elapsed); + log_message('debug', 'Final output sent to browser'); + log_message('debug', 'Total execution time: '.$elapsed); } // -------------------------------------------------------------------- @@ -466,20 +426,18 @@ class CI_Output { /** * Write a Cache File * - * @access public * @param string * @return void */ - function _write_cache($output) + public function _write_cache($output) { $CI =& get_instance(); $path = $CI->config->item('cache_path'); - $cache_path = ($path == '') ? APPPATH.'cache/' : $path; if ( ! is_dir($cache_path) OR ! is_really_writable($cache_path)) { - log_message('error', "Unable to write cache file: ".$cache_path); + log_message('error', 'Unable to write cache file: '.$cache_path); return; } @@ -491,7 +449,7 @@ class CI_Output { if ( ! $fp = @fopen($cache_path, FOPEN_WRITE_CREATE_DESTRUCTIVE)) { - log_message('error', "Unable to write cache file: ".$cache_path); + log_message('error', 'Unable to write cache file: '.$cache_path); return; } @@ -504,13 +462,13 @@ class CI_Output { } else { - log_message('error', "Unable to secure a file lock for file at: ".$cache_path); + log_message('error', 'Unable to secure a file lock for file at: '.$cache_path); return; } fclose($fp); @chmod($cache_path, FILE_WRITE_MODE); - log_message('debug', "Cache file written: ".$cache_path); + log_message('debug', 'Cache file written: '.$cache_path); } // -------------------------------------------------------------------- @@ -518,69 +476,53 @@ class CI_Output { /** * Update/serve a cached file * - * @access public * @param object config class * @param object uri class * @return void */ - function _display_cache(&$CFG, &$URI) + public function _display_cache(&$CFG, &$URI) { $cache_path = ($CFG->item('cache_path') == '') ? APPPATH.'cache/' : $CFG->item('cache_path'); - // Build the file path. The file name is an MD5 hash of the full URI - $uri = $CFG->item('base_url'). - $CFG->item('index_page'). - $URI->uri_string; - + // Build the file path. The file name is an MD5 hash of the full URI + $uri = $CFG->item('base_url').$CFG->item('index_page').$URI->uri_string; $filepath = $cache_path.md5($uri); - if ( ! @file_exists($filepath)) - { - return FALSE; - } - - if ( ! $fp = @fopen($filepath, FOPEN_READ)) + if ( ! @file_exists($filepath) + OR ! $fp = @fopen($filepath, FOPEN_READ)) { return FALSE; } flock($fp, LOCK_SH); - $cache = ''; - if (filesize($filepath) > 0) - { - $cache = fread($fp, filesize($filepath)); - } + $cache = (filesize($filepath) > 0) ? fread($fp, filesize($filepath)) : ''; flock($fp, LOCK_UN); fclose($fp); // Strip out the embedded timestamp - if ( ! preg_match("/(\d+TS--->)/", $cache, $match)) + if ( ! preg_match('/(\d+TS--->)/', $cache, $match)) { return FALSE; } // Has the file expired? If so we'll delete it. - if (time() >= trim(str_replace('TS--->', '', $match['1']))) + if (time() >= trim(str_replace('TS--->', '', $match[1])) + AND is_really_writable($cache_path)) { - if (is_really_writable($cache_path)) - { - @unlink($filepath); - log_message('debug', "Cache file has expired. File deleted"); - return FALSE; - } + @unlink($filepath); + log_message('debug', 'Cache file has expired. File deleted.'); + return FALSE; } // Display the cache - $this->_display(str_replace($match['0'], '', $cache)); - log_message('debug', "Cache file is current. Sending it to browser."); + $this->_display(str_replace($match[0], '', $cache)); + log_message('debug', 'Cache file is current. Sending it to browser.'); return TRUE; } - } -// END Output Class /* End of file Output.php */ -/* Location: ./system/core/Output.php */ \ No newline at end of file +/* Location: ./system/core/Output.php */ -- cgit v1.2.3-24-g4f1b From ba6c04113313d49618b00c434fd5eedc6ab8a653 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 21:10:09 +0200 Subject: Improve the core Router library --- system/core/Router.php | 107 +++++++++++++++++-------------------------------- 1 file changed, 37 insertions(+), 70 deletions(-) (limited to 'system/core') diff --git a/system/core/Router.php b/system/core/Router.php index 8cad86888..d21319565 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -1,13 +1,13 @@ -config =& load_class('Config', 'core'); $this->uri =& load_class('URI', 'core'); - log_message('debug', "Router Class Initialized"); + log_message('debug', 'Router Class Initialized'); } // -------------------------------------------------------------------- @@ -110,12 +103,11 @@ class CI_Router { * This function determines what should be served based on the URI request, * as well as any "routes" that have been set in the routing config file. * - * @access private * @return void */ - function _set_routing() + public function _set_routing() { - // Are query strings enabled in the config file? Normally CI doesn't utilize query strings + // Are query strings enabled in the config file? Normally CI doesn't utilize query strings // since URI segments are more search-engine friendly, but they can optionally be used. // If this feature is enabled, we will gather the directory/class/method a little differently $segments = array(); @@ -157,7 +149,7 @@ class CI_Router { // the URI doesn't correlated to a valid controller. $this->default_controller = ( ! isset($this->routes['default_controller']) OR $this->routes['default_controller'] == '') ? FALSE : strtolower($this->routes['default_controller']); - // Were there any query string segments? If so, we'll validate them and bail out since we're done. + // Were there any query string segments? If so, we'll validate them and bail out since we're done. if (count($segments) > 0) { return $this->_validate_request($segments); @@ -172,17 +164,10 @@ class CI_Router { return $this->_set_default_controller(); } - // Do we need to remove the URL suffix? - $this->uri->_remove_url_suffix(); - - // Compile the segments into an array - $this->uri->_explode_segments(); - - // Parse any custom routing that may exist - $this->_parse_routes(); - - // Re-index the segment array so that it starts with 1 rather than 0 - $this->uri->_reindex_segments(); + $this->uri->_remove_url_suffix(); // Remove the URL suffix + $this->uri->_explode_segments(); // Compile the segments into an array + $this->_parse_routes(); // Parse any custom routing that may exist + $this->uri->_reindex_segments(); // Re-index the segment array so that it starts with 1 rather than 0 } // -------------------------------------------------------------------- @@ -190,20 +175,18 @@ class CI_Router { /** * Set the default controller * - * @access private * @return void */ - function _set_default_controller() + protected function _set_default_controller() { if ($this->default_controller === FALSE) { - show_error("Unable to determine what should be displayed. A default route has not been specified in the routing file."); + show_error('Unable to determine what should be displayed. A default route has not been specified in the routing file.'); } // Is the method being specified? if (strpos($this->default_controller, '/') !== FALSE) { $x = explode('/', $this->default_controller); - $this->set_class($x[0]); $this->set_method($x[1]); $this->_set_request($x); @@ -218,7 +201,7 @@ class CI_Router { // re-index the routed segments array so it starts with 1 rather than 0 $this->uri->_reindex_segments(); - log_message('debug', "No URI present. Default controller set."); + log_message('debug', 'No URI present. Default controller set.'); } // -------------------------------------------------------------------- @@ -229,16 +212,15 @@ class CI_Router { * This function takes an array of URI segments as * input, and sets the current class/method * - * @access private * @param array * @param bool * @return void */ - function _set_request($segments = array()) + protected function _set_request($segments = array()) { $segments = $this->_validate_request($segments); - if (count($segments) == 0) + if (count($segments) === 0) { return $this->_set_default_controller(); } @@ -269,13 +251,12 @@ class CI_Router { * Validates the supplied segments. Attempts to determine the path to * the controller. * - * @access private * @param array * @return array */ - function _validate_request($segments) + protected function _validate_request($segments) { - if (count($segments) == 0) + if (count($segments) === 0) { return $segments; } @@ -301,7 +282,6 @@ class CI_Router { if ( ! empty($this->routes['404_override'])) { $x = explode('/', $this->routes['404_override']); - $this->set_directory(''); $this->set_class($x[0]); $this->set_method(isset($x[1]) ? $x[1] : 'index'); @@ -320,7 +300,6 @@ class CI_Router { if (strpos($this->default_controller, '/') !== FALSE) { $x = explode('/', $this->default_controller); - $this->set_class($x[0]); $this->set_method($x[1]); } @@ -344,18 +323,16 @@ class CI_Router { // If we've gotten this far it means that the URI does not correlate to a valid - // controller class. We will now see if there is an override + // controller class. We will now see if there is an override if ( ! empty($this->routes['404_override'])) { $x = explode('/', $this->routes['404_override']); - $this->set_class($x[0]); $this->set_method(isset($x[1]) ? $x[1] : 'index'); return $x; } - // Nothing else to do at this point but show a 404 show_404($segments[0]); } @@ -369,10 +346,9 @@ class CI_Router { * the config/routes.php file against the URI to * determine if the class/method need to be remapped. * - * @access private * @return void */ - function _parse_routes() + protected function _parse_routes() { // Turn the segment array into a URI string $uri = implode('/', $this->uri->segments); @@ -387,7 +363,7 @@ class CI_Router { foreach ($this->routes as $key => $val) { // Convert wild-cards to RegEx - $key = str_replace(':any', '.+', str_replace(':num', '[0-9]+', $key)); + $key = str_replace(array(':any', ':num'), array('.+', '[0-9]+'), $key); // Does the RegEx match? if (preg_match('#^'.$key.'$#', $uri)) @@ -412,11 +388,10 @@ class CI_Router { /** * Set the class name * - * @access public * @param string * @return void */ - function set_class($class) + public function set_class($class) { $this->class = str_replace(array('/', '.'), '', $class); } @@ -426,10 +401,9 @@ class CI_Router { /** * Fetch the current class * - * @access public * @return string */ - function fetch_class() + public function fetch_class() { return $this->class; } @@ -439,11 +413,10 @@ class CI_Router { /** * Set the method name * - * @access public * @param string * @return void */ - function set_method($method) + public function set_method($method) { $this->method = $method; } @@ -453,10 +426,9 @@ class CI_Router { /** * Fetch the current method * - * @access public * @return string */ - function fetch_method() + public function fetch_method() { if ($this->method == $this->fetch_class()) { @@ -471,11 +443,10 @@ class CI_Router { /** * Set the directory name * - * @access public * @param string * @return void */ - function set_directory($dir) + public function set_directory($dir) { $this->directory = str_replace(array('/', '.'), '', $dir).'/'; } @@ -485,10 +456,9 @@ class CI_Router { /** * Fetch the sub-directory (if any) that contains the requested controller class * - * @access public * @return string */ - function fetch_directory() + public function fetch_directory() { return $this->directory; } @@ -498,11 +468,10 @@ class CI_Router { /** * Set the controller overrides * - * @access public * @param array * @return null */ - function _set_overrides($routing) + public function _set_overrides($routing) { if ( ! is_array($routing)) { @@ -526,9 +495,7 @@ class CI_Router { } } - } -// END Router Class /* End of file Router.php */ -/* Location: ./system/core/Router.php */ \ No newline at end of file +/* Location: ./system/core/Router.php */ -- cgit v1.2.3-24-g4f1b From fdc63828a876e87742380a4ae077e43f514320b8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 21:17:46 +0200 Subject: Revert DIRECTORY_SEPARATOR changes --- system/core/Controller.php | 2 +- system/core/Exceptions.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core') diff --git a/system/core/Controller.php b/system/core/Controller.php index 5ae0b0924..0dc131701 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -57,7 +57,7 @@ class CI_Controller { $this->load =& load_class('Loader', 'core'); $this->load->initialize(); - log_message('debug', "Controller Class Initialized"); + log_message('debug', 'Controller Class Initialized'); } public static function &get_instance() diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index 9b672ac54..bf9901252 100755 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -146,7 +146,7 @@ class CI_Exceptions { ob_end_flush(); } ob_start(); - include(APPPATH.'errors'.DIRECTORY_SEPARATOR.$template.'.php'); + include(APPPATH.'errors/'.$template.'.php'); $buffer = ob_get_contents(); ob_end_clean(); return $buffer; @@ -180,7 +180,7 @@ class CI_Exceptions { ob_end_flush(); } ob_start(); - include(APPPATH.'errors'.DIRECTORY_SEPARATOR.'error_php.php'); + include(APPPATH.'errors/'.'error_php.php'); $buffer = ob_get_contents(); ob_end_clean(); echo $buffer; -- cgit v1.2.3-24-g4f1b From d52b242545376db2eb8146f16125819a391db763 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 21:28:32 +0200 Subject: Reverted DIRECTORY_SEPARATOR changes --- system/core/Config.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core') diff --git a/system/core/Config.php b/system/core/Config.php index 55da4e338..66369115a 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -73,7 +73,7 @@ class CI_Config { public function __construct() { $this->config =& get_config(); - log_message('debug', "Config Class Initialized"); + log_message('debug', 'Config Class Initialized'); // Set the base_url automatically if none was provided if ($this->config['base_url'] == '') @@ -111,12 +111,12 @@ class CI_Config { foreach ($this->_config_paths as $path) { $check_locations = defined('ENVIRONMENT') - ? array(ENVIRONMENT.DIRECTORY_SEPARATOR.$file, $file) + ? array(ENVIRONMENT.'/'.$file, $file) : array($file); foreach ($check_locations as $location) { - $file_path = $path.'config'.DIRECTORY_SEPARATOR.$location.'.php'; + $file_path = $path.'config/'.$location.'.php'; if (in_array($file_path, $this->is_loaded, TRUE)) { -- cgit v1.2.3-24-g4f1b From 536b771cfe2f459890c2c0865fd08411df352318 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 21:31:25 +0200 Subject: Reverted DIRECTORY_SEPARATOR changes --- system/core/Common.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index abbe789e2..6ef229629 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -94,7 +94,7 @@ if ( ! function_exists('is_really_writable')) */ if (is_dir($file)) { - $file = rtrim($file, '/\\').DIRECTORY_SEPARATOR.md5(mt_rand(1,100).mt_rand(1,100)); + $file = rtrim($file, '/').'/'.md5(mt_rand(1,100).mt_rand(1,100)); if (($fp = @fopen($file, FOPEN_WRITE_CREATE)) === FALSE) { return FALSE; @@ -148,13 +148,13 @@ if ( ! function_exists('load_class')) // then in the native system/libraries folder foreach (array(APPPATH, BASEPATH) as $path) { - if (file_exists($path.$directory.DIRECTORY_SEPARATOR.$class.'.php')) + if (file_exists($path.$directory.'/'.$class.'.php')) { $name = $prefix.$class; if (class_exists($name) === FALSE) { - require($path.$directory.DIRECTORY_SEPARATOR.$class.'.php'); + require($path.$directory.'/'.$class.'.php'); } break; @@ -162,13 +162,13 @@ if ( ! function_exists('load_class')) } // Is the request a class extension? If so we load it too - if (file_exists(APPPATH.$directory.DIRECTORY_SEPARATOR.config_item('subclass_prefix').$class.'.php')) + if (file_exists(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php')) { $name = config_item('subclass_prefix').$class; if (class_exists($name) === FALSE) { - require(APPPATH.$directory.DIRECTORY_SEPARATOR.config_item('subclass_prefix').$class.'.php'); + require(APPPATH.$directory.'/'.config_item('subclass_prefix').$class.'.php'); } } @@ -235,9 +235,9 @@ if ( ! function_exists('get_config')) } // Is the config file in the environment folder? - if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config'.DIRECTORY_SEPARATOR.ENVIRONMENT.DIRECTORY_SEPARATOR.'config.php')) + if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT..'/config.php')) { - $file_path = APPPATH.'config'.DIRECTORY_SEPARATOR.'config.php'; + $file_path = APPPATH.'config/config.php'; } // Fetch the config file -- cgit v1.2.3-24-g4f1b From 88d03c48d5a11f3419feb2409a76bf0591575fd2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 21:59:00 +0200 Subject: Switch quotes --- system/core/Model.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Model.php b/system/core/Model.php index cd64468b8..a595a6ae2 100755 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -40,7 +40,7 @@ class CI_Model { public function __construct() { - log_message('debug', "Model Class Initialized"); + log_message('debug', 'Model Class Initialized'); } /** -- cgit v1.2.3-24-g4f1b From f9938a2cf9af2341b1f44e6c465852405fc15897 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 22:10:47 +0200 Subject: Improve core Hooks & Lang libraries --- system/core/Hooks.php | 41 ++++++++++++++--------------------------- system/core/Lang.php | 26 +++++++++----------------- 2 files changed, 23 insertions(+), 44 deletions(-) (limited to 'system/core') diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 174adcb19..e1ac58e6e 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -1,13 +1,13 @@ -_initialize(); - log_message('debug', "Hooks Class Initialized"); + log_message('debug', 'Hooks Class Initialized'); } // -------------------------------------------------------------------- @@ -74,24 +70,20 @@ class CI_Hooks { /** * Initialize the Hooks Preferences * - * @access private * @return void */ - function _initialize() + private function _initialize() { $CFG =& load_class('Config', 'core'); // If hooks are not enabled in the config file // there is nothing else to do - if ($CFG->item('enable_hooks') == FALSE) { return; } // Grab the "hooks" definition file. - // If there are no hooks, we're done. - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/hooks.php')) { include(APPPATH.'config/'.ENVIRONMENT.'/hooks.php'); @@ -101,7 +93,7 @@ class CI_Hooks { include(APPPATH.'config/hooks.php'); } - + // If there are no hooks, we're done. if ( ! isset($hook) OR ! is_array($hook)) { return; @@ -116,13 +108,12 @@ class CI_Hooks { /** * Call Hook * - * Calls a particular hook + * Calls a particular hook. Called by CodeIgniter.php. * - * @access private * @param string the hook name * @return mixed */ - function _call_hook($which = '') + public function _call_hook($which = '') { if ( ! $this->enabled OR ! isset($this->hooks[$which])) { @@ -151,11 +142,10 @@ class CI_Hooks { * * Runs a particular hook * - * @access private * @param array the hook details * @return bool */ - function _run_hook($data) + protected function _run_hook($data) { if ( ! is_array($data)) { @@ -168,7 +158,6 @@ class CI_Hooks { // If the script being called happens to have the same // hook call within it a loop can happen - if ($this->in_progress == TRUE) { return; @@ -254,7 +243,5 @@ class CI_Hooks { } -// END CI_Hooks class - /* End of file Hooks.php */ -/* Location: ./system/core/Hooks.php */ \ No newline at end of file +/* Location: ./system/core/Hooks.php */ diff --git a/system/core/Lang.php b/system/core/Lang.php index 5eb2801f6..088cb6c9c 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -1,13 +1,13 @@ -language[$line])) ? FALSE : $this->language[$line]; @@ -166,7 +159,6 @@ class CI_Lang { } } -// END Language Class /* End of file Lang.php */ /* Location: ./system/core/Lang.php */ -- cgit v1.2.3-24-g4f1b From d72973519623f40f121e9cd2df93146ee2543a1f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 22:53:14 +0200 Subject: Improve the core Loader library --- system/core/Loader.php | 90 +++++++++++++++++++++----------------------------- 1 file changed, 37 insertions(+), 53 deletions(-) (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php index c4a6b501c..689ae1ecd 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -1,13 +1,13 @@ - 'unit', - 'user_agent' => 'agent'); + protected $_ci_varmap = array( + 'unit_test' => 'unit', + 'user_agent' => 'agent' + ); /** * Constructor @@ -141,7 +130,7 @@ class CI_Loader { $this->_ci_model_paths = array(APPPATH); $this->_ci_view_paths = array(VIEWPATH => TRUE); - log_message('debug', "Loader Class Initialized"); + log_message('debug', 'Loader Class Initialized'); } // -------------------------------------------------------------------- @@ -162,7 +151,6 @@ class CI_Loader { $this->_base_classes =& is_loaded(); $this->_ci_autoloader(); - return $this; } @@ -311,9 +299,7 @@ class CI_Loader { require_once($mod_path.'models/'.$path.$model.'.php'); $model = ucfirst($model); - $CI->$name = new $model(); - $this->_ci_models[] = $name; return; } @@ -350,7 +336,7 @@ class CI_Loader { return DB($params, $active_record); } - // Initialize the db variable. Needed to prevent + // Initialize the db variable. Needed to prevent // reference errors with some configurations $CI->db = ''; @@ -716,11 +702,11 @@ class CI_Loader { if ($path == '') { - $void = array_shift($this->_ci_library_paths); - $void = array_shift($this->_ci_model_paths); - $void = array_shift($this->_ci_helper_paths); - $void = array_shift($this->_ci_view_paths); - $void = array_shift($config->_config_paths); + array_shift($this->_ci_library_paths); + array_shift($this->_ci_model_paths); + array_shift($this->_ci_helper_paths); + array_shift($this->_ci_view_paths); + array_shift($config->_config_paths); } else { @@ -808,7 +794,6 @@ class CI_Loader { // This allows anything loaded using $this->load (views, files, etc.) // to become accessible from within the Controller and Model functions. - $_ci_CI =& get_instance(); foreach (get_object_vars($_ci_CI) as $_ci_key => $_ci_var) { @@ -837,12 +822,11 @@ class CI_Loader { * * We buffer the output for two reasons: * 1. Speed. You get a significant speed boost. - * 2. So that the final rendered template can be - * post-processed by the output class. Why do we - * need post processing? For one thing, in order to - * show the elapsed page load time. Unless we - * can intercept the content right before it's sent to - * the browser and then stop the timer it won't be accurate. + * 2. So that the final rendered template can be post-processed by + * the output class. Why do we need post processing? For one thing, + * in order to show the elapsed page load time. Unless we can + * intercept the content right before it's sent to the browser and + * then stop the timer it won't be accurate. */ ob_start(); @@ -915,10 +899,10 @@ class CI_Loader { if (($last_slash = strrpos($class, '/')) !== FALSE) { // Extract the path - $subdir = substr($class, 0, $last_slash + 1); + $subdir = substr($class, 0, ++$last_slash); // Get the filename from the path - $class = substr($class, $last_slash + 1); + $class = substr($class, $last_slash); } // We'll test for both lowercase and capitalized versions of the file name @@ -933,15 +917,15 @@ class CI_Loader { if ( ! file_exists($baseclass)) { - log_message('error', "Unable to load the requested class: ".$class); - show_error("Unable to load the requested class: ".$class); + log_message('error', 'Unable to load the requested class: '.$class); + show_error('Unable to load the requested class: '.$class); } - // Safety: Was the class already loaded by a previous call? + // Safety: Was the class already loaded by a previous call? if (in_array($subclass, $this->_ci_loaded_files)) { // Before we deem this to be a duplicate request, let's see - // if a custom object name is being supplied. If so, we'll + // if a custom object name is being supplied. If so, we'll // return a new instance of the object if ( ! is_null($object_name)) { @@ -953,7 +937,7 @@ class CI_Loader { } $is_duplicate = TRUE; - log_message('debug', $class." class already loaded. Second attempt ignored."); + log_message('debug', $class.' class already loaded. Second attempt ignored.'); return; } @@ -970,17 +954,17 @@ class CI_Loader { { $filepath = $path.'libraries/'.$subdir.$class.'.php'; - // Does the file exist? No? Bummer... + // Does the file exist? No? Bummer... if ( ! file_exists($filepath)) { continue; } - // Safety: Was the class already loaded by a previous call? + // Safety: Was the class already loaded by a previous call? if (in_array($filepath, $this->_ci_loaded_files)) { // Before we deem this to be a duplicate request, let's see - // if a custom object name is being supplied. If so, we'll + // if a custom object name is being supplied. If so, we'll // return a new instance of the object if ( ! is_null($object_name)) { @@ -992,7 +976,7 @@ class CI_Loader { } $is_duplicate = TRUE; - log_message('debug', $class." class already loaded. Second attempt ignored."); + log_message('debug', $class.' class already loaded. Second attempt ignored.'); return; } @@ -1003,7 +987,7 @@ class CI_Loader { } // END FOREACH - // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified? + // One last attempt. Maybe the library is in a subdirectory, but it wasn't specified? if ($subdir == '') { $path = strtolower($class).'/'.$class; @@ -1014,8 +998,8 @@ class CI_Loader { // We do not issue errors if the load call failed due to a duplicate request if ($is_duplicate == FALSE) { - log_message('error', "Unable to load the requested class: ".$class); - show_error("Unable to load the requested class: ".$class); + log_message('error', 'Unable to load the requested class: '.$class); + show_error('Unable to load the requested class: '.$class); } } @@ -1094,12 +1078,12 @@ class CI_Loader { // Is the class name valid? if ( ! class_exists($name)) { - log_message('error', "Non-existent class: ".$name); - show_error("Non-existent class: ".$class); + log_message('error', 'Non-existent class: '.$name); + show_error('Non-existent class: '.$class); } // Set the variable name we will assign the class to - // Was a custom class name supplied? If so we'll use it + // Was a custom class name supplied? If so we'll use it $class = strtolower($class); if (is_null($object_name)) @@ -1271,4 +1255,4 @@ class CI_Loader { } /* End of file Loader.php */ -/* Location: ./system/core/Loader.php */ \ No newline at end of file +/* Location: ./system/core/Loader.php */ -- cgit v1.2.3-24-g4f1b From bb488dc3d4bbac9ac9a1860f066069e4bb4afdcb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 7 Jan 2012 23:35:16 +0200 Subject: Improve the core Security library --- system/core/Security.php | 254 ++++++++++++++++++----------------------------- 1 file changed, 99 insertions(+), 155 deletions(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 272a8bf3f..d0d3c0803 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -1,13 +1,13 @@ - '[removed]', - 'document.write' => '[removed]', - '.parentNode' => '[removed]', - '.innerHTML' => '[removed]', - 'window.location' => '[removed]', - '-moz-binding' => '[removed]', - '' => '-->', - ' '<![CDATA[', - '' => '<comment>' - ); + 'document.cookie' => '[removed]', + 'document.write' => '[removed]', + '.parentNode' => '[removed]', + '.innerHTML' => '[removed]', + 'window.location' => '[removed]', + '-moz-binding' => '[removed]', + '' => '-->', + ' '<![CDATA[', + '' => '<comment>' + ); /** * List of never allowed regex replacement * * @var array - * @access protected */ protected $_never_allowed_regex = array( - "javascript\s*:" => '[removed]', - "expression\s*(\(|&\#40;)" => '[removed]', // CSS and IE - "vbscript\s*:" => '[removed]', // IE, surprise! - "Redirect\s+302" => '[removed]' - ); + 'javascript\s*:', + 'expression\s*(\(|&\#40;)', // CSS and IE + 'vbscript\s*:', // IE, surprise! + 'Redirect\s+302' + ); - /** - * Constructor - */ public function __construct() { // CSRF config @@ -135,7 +124,7 @@ class CI_Security { // Set the CSRF hash $this->_csrf_set_hash(); - log_message('debug', "Security Class Initialized"); + log_message('debug', 'Security Class Initialized'); } // -------------------------------------------------------------------- @@ -148,7 +137,7 @@ class CI_Security { public function csrf_verify() { // If no POST data exists we will set the CSRF cookie - if (count($_POST) == 0) + if (count($_POST) === 0) { return $this->csrf_set_cookie(); } @@ -186,8 +175,7 @@ class CI_Security { $this->_csrf_set_hash(); $this->csrf_set_cookie(); - log_message('debug', "CSRF token verified"); - + log_message('debug', 'CSRF token verified'); return $this; } @@ -203,19 +191,13 @@ class CI_Security { $expire = time() + $this->_csrf_expire; $secure_cookie = (bool) config_item('cookie_secure'); - if ($secure_cookie) + if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS'])) { - $req = isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] : FALSE; - - if ( ! $req OR $req == 'off') - { - return FALSE; - } + return FALSE; } setcookie($this->_csrf_cookie_name, $this->_csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie); - - log_message('debug', "CRSF cookie Set"); + log_message('debug', 'CRSF cookie Set'); return $this; } @@ -253,7 +235,7 @@ class CI_Security { * * Getter Method * - * @return string self::csrf_token_name + * @return string self::_csrf_token_name */ public function get_csrf_token_name() { @@ -273,7 +255,7 @@ class CI_Security { * the filter. * * Note: This function should only be used to deal with data - * upon submission. It's not something that should + * upon submission. It's not something that should * be used for general runtime processing. * * This function was based in part on some code and ideas I @@ -290,10 +272,7 @@ class CI_Security { */ public function xss_clean($str, $is_image = FALSE) { - /* - * Is the string an array? - * - */ + // Is the string an array? if (is_array($str)) { while (list($key) = each($str)) @@ -304,13 +283,8 @@ class CI_Security { return $str; } - /* - * Remove Invisible Characters - */ - $str = remove_invisible_characters($str); - - // Validate Entities in URLs - $str = $this->_validate_entities($str); + // Remove Invisible Characters and validate entities in URLs + $str = $this->_validate_entities(remove_invisible_characters($str)); /* * URL Decode @@ -320,7 +294,6 @@ class CI_Security { * Google * * Note: Use rawurldecode() so it does not remove plus signs - * */ $str = rawurldecode($str); @@ -332,14 +305,10 @@ class CI_Security { * these are the ones that will pose security problems. * */ - $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); - $str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", array($this, '_decode_entity'), $str); - /* - * Remove Invisible Characters Again! - */ + // Remove Invisible Characters Again! $str = remove_invisible_characters($str); /* @@ -350,11 +319,7 @@ class CI_Security { * NOTE: preg_replace was found to be amazingly slow here on * large blocks of data, so we use str_replace. */ - - if (strpos($str, "\t") !== FALSE) - { - $str = str_replace("\t", ' ', $str); - } + $str = str_replace("\t", ' ', $str); /* * Capture converted string for later comparison @@ -378,7 +343,7 @@ class CI_Security { // Images have a tendency to have the PHP short opening and // closing tags every so often so we skip those and only // do the long opening tags. - $str = preg_replace('/<\?(php)/i', "<?\\1", $str); + $str = preg_replace('/<\?(php)/i', '<?\\1', $str); } else { @@ -415,19 +380,19 @@ class CI_Security { { $original = $str; - if (preg_match("/]*?)(>|$)#si", array($this, '_js_link_removal'), $str); + $str = preg_replace_callback('#]*?)(>|$)#si', array($this, '_js_link_removal'), $str); } - if (preg_match("/]*?)(\s?/?>|$)#si", array($this, '_js_img_removal'), $str); + $str = preg_replace_callback('#]*?)(\s?/?>|$)#si', array($this, '_js_img_removal'), $str); } - if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str)) + if (preg_match('/(script|xss)/i', $str)) { - $str = preg_replace("#<(/*)(script|xss)(.*?)\>#si", '[removed]', $str); + $str = preg_replace('#<(/*)(script|xss)(.*?)\>#si', '[removed]', $str); } } while($original != $str); @@ -454,14 +419,16 @@ class CI_Security { * * Similar to above, only instead of looking for * tags it looks for PHP and JavaScript commands - * that are disallowed. Rather than removing the + * that are disallowed. Rather than removing the * code, it simply converts the parenthesis to entities * rendering the code un-executable. * * For example: eval('some code') - * Becomes: eval('some code') + * Becomes: eval('some code') */ - $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str); + $str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', + '\\1\\2(\\3)', + $str); // Final clean up @@ -478,13 +445,12 @@ class CI_Security { * string post-removal of XSS, then it fails, as there was unwanted XSS * code found and removed/changed during processing. */ - if ($is_image === TRUE) { - return ($str === $converted_string) ? TRUE : FALSE; + return ($str === $converted_string); } - log_message('debug', "XSS Filtering completed"); + log_message('debug', 'XSS Filtering completed'); return $str; } @@ -516,7 +482,7 @@ class CI_Security { * The reason we are not using html_entity_decode() by itself is because * while it is not technically correct to leave out the semicolon * at the end of an entity most browsers will still interpret the entity - * correctly. html_entity_decode() does not convert entities without + * correctly. html_entity_decode() does not convert entities without * semicolons, so we are left with our own little solution here. Bummer. * * @param string @@ -552,38 +518,23 @@ class CI_Security { public function sanitize_filename($str, $relative_path = FALSE) { $bad = array( - "../", - "", - "<", - ">", - "'", - '"', - '&', - '$', - '#', - '{', - '}', - '[', - ']', - '=', - ';', - '?', - "%20", - "%22", - "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; - "%3d" // = - ); + '../', '', '<', '>', + "'", '"', '&', '$', '#', + '{', '}', '[', ']', '=', + ';', '?', '%20', '%22', + '%3c', // < + '%253c', // < + '%3e', // > + '%0e', // > + '%28', // ( + '%29', // ) + '%2528', // ( + '%26', // & + '%24', // $ + '%3f', // ? + '%3b', // ; + '%3d' // = + ); if ( ! $relative_path) { @@ -636,26 +587,26 @@ class CI_Security { if ($is_image === TRUE) { /* - * Adobe Photoshop puts XML metadata into JFIF images, + * Adobe Photoshop puts XML metadata into JFIF images, * including namespacing, so we have to allow this for images. */ unset($evil_attributes[array_search('xmlns', $evil_attributes)]); } - + do { $count = 0; $attribs = array(); - + // find occurrences of illegal attribute strings without quotes - preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*([^\s]*)/is", $str, $matches, PREG_SET_ORDER); - + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s]*)/is', $str, $matches, PREG_SET_ORDER); + foreach ($matches as $attr) { $attribs[] = preg_quote($attr[0], '/'); } - + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER); + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -665,11 +616,11 @@ class CI_Security { // replace illegal attribute strings that are inside an html tag if (count($attribs) > 0) { - $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count); + $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z\-])('.implode('|', $attribs).')([\s><])([><]*)/i', '<$1$2$4$5', $str, -1, $count); } - + } while ($count); - + return $str; } @@ -685,14 +636,9 @@ class CI_Security { */ protected function _sanitize_naughty_html($matches) { - // encode opening brace - $str = '<'.$matches[1].$matches[2].$matches[3]; - - // encode captured opening or closing brace to prevent recursive vectors - $str .= str_replace(array('>', '<'), array('>', '<'), - $matches[4]); - - return $str; + return '<'.$matches[1].$matches[2].$matches[3] // encode opening brace + // encode captured opening or closing brace to prevent recursive vectors: + . str_replace(array('>', '<'), array('>', '<'), $matches[4]); } // -------------------------------------------------------------------- @@ -710,9 +656,12 @@ class CI_Security { */ protected function _js_link_removal($match) { - $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])); - - return str_replace($match[1], preg_replace("#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|_filter_attributes(str_replace(array('<', '>'), '', $match[1])) + ), + $match[0]); } // -------------------------------------------------------------------- @@ -730,9 +679,12 @@ class CI_Security { */ protected function _js_img_removal($match) { - $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])); - - return str_replace($match[1], preg_replace("#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|_filter_attributes(str_replace(array('<', '>'), '', $match[1])) + ), + $match[0]); } // -------------------------------------------------------------------- @@ -806,33 +758,28 @@ class CI_Security { * Protect GET variables in URLs */ - // 901119URL5918AMP18930PROTECT8198 - - $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash()."\\1=\\2", $str); + // 901119URL5918AMP18930PROTECT8198 + $str = preg_replace('|\&([a-z\_0-9\-]+)\=([a-z\_0-9\-]+)|i', $this->xss_hash().'\\1=\\2', $str); /* * Validate standard character entities * * Add a semicolon if missing. We do this to enable * the conversion of entities to ASCII later. - * */ - $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', "\\1;\\2", $str); + $str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', '\\1;\\2', $str); /* * Validate UTF16 two byte encoding (x00) * * Just as above, adds a semicolon if missing. - * */ - $str = preg_replace('#(&\#x?)([0-9A-F]+);?#i',"\\1\\2;",$str); + $str = preg_replace('#(&\#x?)([0-9A-F]+);?#i', '\\1\\2;', $str); /* * Un-Protect GET variables in URLs */ - $str = str_replace($this->xss_hash(), '&', $str); - - return $str; + return str_replace($this->xss_hash(), '&', $str); } // ---------------------------------------------------------------------- @@ -847,14 +794,11 @@ class CI_Security { */ protected function _do_never_allowed($str) { - foreach ($this->_never_allowed_str as $key => $val) - { - $str = str_replace($key, $val, $str); - } + $str = str_replace(array_keys($this->_never_allowed_str), $this->_never_allowed_str, $str); - foreach ($this->_never_allowed_regex as $key => $val) + foreach ($this->_never_allowed_regex as $regex) { - $str = preg_replace("#".$key."#i", $val, $str); + $str = preg_replace('#'.$regex.'#i', '[removed]', $str); } return $str; @@ -891,4 +835,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/core/Security.php */ \ No newline at end of file +/* Location: ./system/core/Security.php */ -- cgit v1.2.3-24-g4f1b From c123e118de32e2b31b9bf21fdb43458bc9f4cbda Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 00:17:34 +0200 Subject: Improve core URI & UTF8 libraries --- system/core/URI.php | 197 ++++++++++++++++++++++----------------------------- system/core/Utf8.php | 32 ++++----- 2 files changed, 96 insertions(+), 133 deletions(-) (limited to 'system/core') diff --git a/system/core/URI.php b/system/core/URI.php index 3c26d307b..93105b1fd 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -1,13 +1,13 @@ -config =& load_class('Config', 'core'); - log_message('debug', "URI Class Initialized"); + log_message('debug', 'URI Class Initialized'); } - // -------------------------------------------------------------------- /** * Get the URI String * - * @access private - * @return string + * Called by CI_Router + * + * @return void */ - function _fetch_uri_string() + public function _fetch_uri_string() { - if (strtoupper($this->config->item('uri_protocol')) == 'AUTO') + if (strtoupper($this->config->item('uri_protocol')) === 'AUTO') { // Is the request coming from the command line? - if (php_sapi_name() == 'cli' or defined('STDIN')) + if (php_sapi_name() === 'cli' OR defined('STDIN')) { $this->_set_uri_string($this->_parse_cli_args()); return; @@ -115,14 +109,14 @@ class CI_URI { // Is there a PATH_INFO variable? // Note: some servers seem to have trouble with getenv() so we'll test it two ways $path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO'); - if (trim($path, '/') != '' && $path != "/".SELF) + if (trim($path, '/') != '' && $path !== '/'.SELF) { $this->_set_uri_string($path); return; } // No PATH_INFO?... What about QUERY_STRING? - $path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING'); + $path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING'); if (trim($path, '/') != '') { $this->_set_uri_string($path); @@ -130,7 +124,7 @@ class CI_URI { } // As a last ditch effort lets try using the $_GET array - if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') + if (is_array($_GET) && count($_GET) === 1 && trim(key($_GET), '/') != '') { $this->_set_uri_string(key($_GET)); return; @@ -143,12 +137,12 @@ class CI_URI { $uri = strtoupper($this->config->item('uri_protocol')); - if ($uri == 'REQUEST_URI') + if ($uri === 'REQUEST_URI') { $this->_set_uri_string($this->_detect_uri()); return; } - elseif ($uri == 'CLI') + elseif ($uri === 'CLI') { $this->_set_uri_string($this->_parse_cli_args()); return; @@ -163,17 +157,16 @@ class CI_URI { /** * Set the URI String * - * @access public * @param string - * @return string + * @return void */ - function _set_uri_string($str) + public function _set_uri_string($str) { // Filter out control characters $str = remove_invisible_characters($str, FALSE); // If the URI contains only a slash we'll kill it - $this->uri_string = ($str == '/') ? '' : $str; + $this->uri_string = ($str === '/') ? '' : $str; } // -------------------------------------------------------------------- @@ -184,7 +177,6 @@ class CI_URI { * This function will detect the URI automatically and fix the query string * if necessary. * - * @access private * @return string */ protected function _detect_uri() @@ -194,12 +186,11 @@ class CI_URI { return ''; } - $uri = $_SERVER['REQUEST_URI']; - if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0) + if (strpos($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME']) === 0) { $uri = substr($uri, strlen($_SERVER['SCRIPT_NAME'])); } - elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0) + elseif (strpos($_SERVER['REQUEST_URI'], dirname($_SERVER['SCRIPT_NAME'])) === 0) { $uri = substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME']))); } @@ -223,7 +214,7 @@ class CI_URI { $_GET = array(); } - if ($uri == '/' || empty($uri)) + if ($uri == '/' OR empty($uri)) { return '/'; } @@ -241,13 +232,11 @@ class CI_URI { * * Take each command line argument and assume it is a URI segment. * - * @access private * @return string */ protected function _parse_cli_args() { $args = array_slice($_SERVER['argv'], 1); - return $args ? '/' . implode('/', $args) : ''; } @@ -256,27 +245,28 @@ class CI_URI { /** * Filter segments for malicious characters * - * @access private + * Called by CI_Router + * * @param string * @return string */ - function _filter_uri($str) + public function _filter_uri($str) { if ($str != '' && $this->config->item('permitted_uri_chars') != '' && $this->config->item('enable_query_strings') == FALSE) { // preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards // compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern - if ( ! preg_match("|^[".str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-'))."]+$|i", $str)) + if ( ! preg_match('|^['.str_replace(array('\\-', '\-'), '-', preg_quote($this->config->item('permitted_uri_chars'), '-')).']+$|i', $str)) { show_error('The URI you submitted has disallowed characters.', 400); } } - // Convert programatic characters to entities - $bad = array('$', '(', ')', '%28', '%29'); - $good = array('$', '(', ')', '(', ')'); - - return str_replace($bad, $good, $str); + // Convert programatic characters to entities and return + return str_replace( + array('$', '(', ')', '%28', '%29'), // Bad + array('$', '(', ')', '(', ')'), // Good + $str); } // -------------------------------------------------------------------- @@ -284,14 +274,15 @@ class CI_URI { /** * Remove the suffix from the URL if needed * - * @access private + * Called by CI_Router + * * @return void */ - function _remove_url_suffix() + public function _remove_url_suffix() { - if ($this->config->item('url_suffix') != "") + if ($this->config->item('url_suffix') != '') { - $this->uri_string = preg_replace("|".preg_quote($this->config->item('url_suffix'))."$|", "", $this->uri_string); + $this->uri_string = preg_replace('|'.preg_quote($this->config->item('url_suffix')).'$|', '', $this->uri_string); } } @@ -301,12 +292,13 @@ class CI_URI { * Explode the URI Segments. The individual segments will * be stored in the $this->segments array. * - * @access private + * Called by CI_Router + * * @return void */ - function _explode_segments() + public function _explode_segments() { - foreach (explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val) + foreach (explode('/', preg_replace('|/*(.+?)/*$|', '\\1', $this->uri_string)) as $val) { // Filter segments for security $val = trim($this->_filter_uri($val)); @@ -323,14 +315,15 @@ class CI_URI { * Re-index Segments * * This function re-indexes the $this->segment array so that it - * starts at 1 rather than 0. Doing so makes it simpler to + * starts at 1 rather than 0. Doing so makes it simpler to * use functions like $this->uri->segment(n) since there is * a 1:1 relationship between the segment array and the actual segments. * - * @access private + * Called by CI_Router + * * @return void */ - function _reindex_segments() + public function _reindex_segments() { array_unshift($this->segments, NULL); array_unshift($this->rsegments, NULL); @@ -345,12 +338,11 @@ class CI_URI { * * This function returns the URI segment based on the number provided. * - * @access public * @param integer * @param bool * @return string */ - function segment($n, $no_result = FALSE) + public function segment($n, $no_result = FALSE) { return ( ! isset($this->segments[$n])) ? $no_result : $this->segments[$n]; } @@ -364,12 +356,11 @@ class CI_URI { * based on the number provided. If there is no routing this function returns the * same result as $this->segment() * - * @access public * @param integer * @param bool * @return string */ - function rsegment($n, $no_result = FALSE) + public function rsegment($n, $no_result = FALSE) { return ( ! isset($this->rsegments[$n])) ? $no_result : $this->rsegments[$n]; } @@ -392,25 +383,22 @@ class CI_URI { * gender => male * ) * - * @access public * @param integer the starting segment number * @param array an array of default values * @return array */ - function uri_to_assoc($n = 3, $default = array()) + public function uri_to_assoc($n = 3, $default = array()) { return $this->_uri_to_assoc($n, $default, 'segment'); } /** * Identical to above only it uses the re-routed segment array * - * @access public * @param integer the starting segment number * @param array an array of default values * @return array - * */ - function ruri_to_assoc($n = 3, $default = array()) + public function ruri_to_assoc($n = 3, $default = array()) { return $this->_uri_to_assoc($n, $default, 'rsegment'); } @@ -420,25 +408,13 @@ class CI_URI { /** * Generate a key value pair from the URI string or Re-routed URI string * - * @access private * @param integer the starting segment number * @param array an array of default values * @param string which array we should use * @return array */ - function _uri_to_assoc($n = 3, $default = array(), $which = 'segment') + protected function _uri_to_assoc($n = 3, $default = array(), $which = 'segment') { - if ($which == 'segment') - { - $total_segments = 'total_segments'; - $segment_array = 'segment_array'; - } - else - { - $total_segments = 'total_rsegments'; - $segment_array = 'rsegment_array'; - } - if ( ! is_numeric($n)) { return $default; @@ -449,23 +425,30 @@ class CI_URI { return $this->keyval[$n]; } + if ($which === 'segment') + { + $total_segments = 'total_segments'; + $segment_array = 'segment_array'; + } + else + { + $total_segments = 'total_rsegments'; + $segment_array = 'rsegment_array'; + } + if ($this->$total_segments() < $n) { - if (count($default) == 0) + if (count($default) === 0) { return array(); } - $retval = array(); - foreach ($default as $val) - { - $retval[$val] = FALSE; - } - return $retval; + return function_exists('array_fill_keys') + ? array_fill_keys($default, FALSE) + : array_combine($default, array_fill(0, count($default), FALSE)); } $segments = array_slice($this->$segment_array(), ($n - 1)); - $i = 0; $lastval = ''; $retval = array(); @@ -506,16 +489,15 @@ class CI_URI { * Generate a URI string from an associative array * * - * @access public * @param array an associative array of key/values * @return array */ - function assoc_to_uri($array) + public function assoc_to_uri($array) { $temp = array(); foreach ((array)$array as $key => $val) { - $temp[] = $key; + $temp[] = $key; $temp[] = $val; } @@ -527,12 +509,11 @@ class CI_URI { /** * Fetch a URI Segment and add a trailing slash * - * @access public * @param integer * @param string * @return string */ - function slash_segment($n, $where = 'trailing') + public function slash_segment($n, $where = 'trailing') { return $this->_slash_segment($n, $where, 'segment'); } @@ -542,12 +523,11 @@ class CI_URI { /** * Fetch a URI Segment and add a trailing slash * - * @access public * @param integer * @param string * @return string */ - function slash_rsegment($n, $where = 'trailing') + public function slash_rsegment($n, $where = 'trailing') { return $this->_slash_segment($n, $where, 'rsegment'); } @@ -557,22 +537,20 @@ class CI_URI { /** * Fetch a URI Segment and add a trailing slash - helper function * - * @access private * @param integer * @param string * @param string * @return string */ - function _slash_segment($n, $where = 'trailing', $which = 'segment') + protected function _slash_segment($n, $where = 'trailing', $which = 'segment') { - $leading = '/'; - $trailing = '/'; + $leading = $trailing = '/'; - if ($where == 'trailing') + if ($where === 'trailing') { $leading = ''; } - elseif ($where == 'leading') + elseif ($where === 'leading') { $trailing = ''; } @@ -585,10 +563,9 @@ class CI_URI { /** * Segment Array * - * @access public * @return array */ - function segment_array() + public function segment_array() { return $this->segments; } @@ -598,10 +575,9 @@ class CI_URI { /** * Routed Segment Array * - * @access public * @return array */ - function rsegment_array() + public function rsegment_array() { return $this->rsegments; } @@ -611,10 +587,9 @@ class CI_URI { /** * Total number of segments * - * @access public * @return integer */ - function total_segments() + public function total_segments() { return count($this->segments); } @@ -624,10 +599,9 @@ class CI_URI { /** * Total number of routed segments * - * @access public * @return integer */ - function total_rsegments() + public function total_rsegments() { return count($this->rsegments); } @@ -637,10 +611,9 @@ class CI_URI { /** * Fetch the entire URI string * - * @access public * @return string */ - function uri_string() + public function uri_string() { return $this->uri_string; } @@ -651,16 +624,14 @@ class CI_URI { /** * Fetch the entire Re-routed URI string * - * @access public * @return string */ - function ruri_string() + public function ruri_string() { return '/'.implode('/', $this->rsegment_array()); } } -// END URI Class /* End of file URI.php */ -/* Location: ./system/core/URI.php */ \ No newline at end of file +/* Location: ./system/core/URI.php */ diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 40a7ac4c0..0e180d36f 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -1,13 +1,13 @@ -item('charset') == 'UTF-8' // Application charset must be UTF-8 + && @ini_get('mbstring.func_overload') != 1 // Multibyte string function overloading cannot be enabled + && $CFG->item('charset') === 'UTF-8' // Application charset must be UTF-8 ) { - log_message('debug', "UTF-8 Support Enabled"); - define('UTF8_ENABLED', TRUE); + log_message('debug', 'UTF-8 Support Enabled'); // set internal encoding for multibyte string functions if necessary // and set a flag so we don't have to repeatedly use extension_loaded() @@ -77,8 +76,8 @@ class CI_Utf8 { } else { - log_message('debug', "UTF-8 Support Disabled"); define('UTF8_ENABLED', FALSE); + log_message('debug', 'UTF-8 Support Disabled'); } } @@ -134,18 +133,14 @@ class CI_Utf8 { { if (function_exists('iconv')) { - $str = @iconv($encoding, 'UTF-8', $str); + return @iconv($encoding, 'UTF-8', $str); } elseif (function_exists('mb_convert_encoding')) { - $str = @mb_convert_encoding($str, 'UTF-8', $encoding); - } - else - { - return FALSE; + return @mb_convert_encoding($str, 'UTF-8', $encoding); } - return $str; + return FALSE; } // -------------------------------------------------------------------- @@ -163,10 +158,7 @@ class CI_Utf8 { return (preg_match('/[^\x00-\x7F]/S', $str) === 0); } - // -------------------------------------------------------------------- - } -// End Utf8 Class /* End of file Utf8.php */ -/* Location: ./system/core/Utf8.php */ \ No newline at end of file +/* Location: ./system/core/Utf8.php */ -- cgit v1.2.3-24-g4f1b From a798fdb9a08a6f549bcc2a4ea6c6bad45cfef0a2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 00:20:49 +0200 Subject: Remove a space :) --- system/core/URI.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/URI.php b/system/core/URI.php index 93105b1fd..eaf7b752b 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -497,7 +497,7 @@ class CI_URI { $temp = array(); foreach ((array)$array as $key => $val) { - $temp[] = $key; + $temp[] = $key; $temp[] = $val; } -- cgit v1.2.3-24-g4f1b From 75f7c12815c62782163a54e84707f50459b6ef5d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 03:49:25 +0200 Subject: Remove loading of ['core'] elements --- system/core/Loader.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php index 689ae1ecd..272fe4291 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -1165,13 +1165,6 @@ class CI_Loader { } } - // A little tweak to remain backward compatible - // The $autoload['core'] item was deprecated - if ( ! isset($autoload['libraries']) AND isset($autoload['core'])) - { - $autoload['libraries'] = $autoload['core']; - } - // Load libraries if (isset($autoload['libraries']) AND count($autoload['libraries']) > 0) { -- cgit v1.2.3-24-g4f1b From 137749793d6cce57e03904f05239fa80eec48d13 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 04:30:33 +0200 Subject: Switch some public properties to protected --- system/core/Input.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 07bb30b15..13bf76fd6 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -57,20 +57,20 @@ class CI_Input { * * @var bool */ - public $_allow_get_array = TRUE; + protected $_allow_get_array = TRUE; /** * If TRUE, then newlines are standardized * * @var bool */ - public $_standardize_newlines = TRUE; + protected $_standardize_newlines = TRUE; /** * Determines whether the XSS filter is always active when GET, POST or COOKIE data is encountered * Set automatically based on config setting * * @var bool */ - public $_enable_xss = FALSE; + protected $_enable_xss = FALSE; /** * Enables a CSRF cookie token to be set. * Set automatically based on config setting @@ -85,17 +85,15 @@ class CI_Input { */ protected $headers = array(); - /** * Constructor * * Sets whether to globally enable the XSS processing * and whether to allow the $_GET array - * */ public function __construct() { - log_message('debug', "Input Class Initialized"); + log_message('debug', 'Input Class Initialized'); $this->_allow_get_array = (config_item('allow_get_array') === TRUE); $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); -- cgit v1.2.3-24-g4f1b From c90d651e8531142d36326d5c3451d7899fb00f76 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 04:35:02 +0200 Subject: Style guide stuff --- system/core/Output.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'system/core') diff --git a/system/core/Output.php b/system/core/Output.php index 272545046..1beee734f 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -488,8 +488,7 @@ class CI_Output { $uri = $CFG->item('base_url').$CFG->item('index_page').$URI->uri_string; $filepath = $cache_path.md5($uri); - if ( ! @file_exists($filepath) - OR ! $fp = @fopen($filepath, FOPEN_READ)) + if ( ! @file_exists($filepath) OR ! $fp = @fopen($filepath, FOPEN_READ)) { return FALSE; } @@ -508,8 +507,7 @@ class CI_Output { } // Has the file expired? If so we'll delete it. - if (time() >= trim(str_replace('TS--->', '', $match[1])) - AND is_really_writable($cache_path)) + if (time() >= trim(str_replace('TS--->', '', $match[1])) && is_really_writable($cache_path)) { @unlink($filepath); log_message('debug', 'Cache file has expired. File deleted.'); -- cgit v1.2.3-24-g4f1b From 29ce5d90b4276fc8a4e9354c1435963111f09a24 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 04:43:31 +0200 Subject: Replace AND with && --- system/core/CodeIgniter.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index e3d818825..cb5d439bd 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -59,7 +59,7 @@ * Load the framework constants * ------------------------------------------------------ */ - if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php')) + if (defined('ENVIRONMENT') && file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php')) { require(APPPATH.'config/'.ENVIRONMENT.'/constants.php'); } @@ -96,7 +96,7 @@ * Note: Since the config file data is cached it doesn't * hurt to load it here. */ - if (isset($assign_to_config['subclass_prefix']) AND $assign_to_config['subclass_prefix'] != '') + if (isset($assign_to_config['subclass_prefix']) && $assign_to_config['subclass_prefix'] != '') { get_config(array('subclass_prefix' => $assign_to_config['subclass_prefix'])); } @@ -106,8 +106,8 @@ * Set a liberal script execution time limit * ------------------------------------------------------ */ - if (function_exists('set_time_limit') AND @ini_get('safe_mode') == 0 - AND php_sapi_name() !== 'cli') // Do not override the Time Limit value if running from Command Line + if (function_exists('set_time_limit') && @ini_get('safe_mode') == 0 + && php_sapi_name() !== 'cli') // Do not override the Time Limit value if running from Command Line { @set_time_limit(300); } @@ -195,7 +195,7 @@ * ------------------------------------------------------ */ if ($EXT->_call_hook('cache_override') === FALSE - AND $OUT->_display_cache($CFG, $URI) == TRUE) + && $OUT->_display_cache($CFG, $URI) == TRUE) { exit; } @@ -393,7 +393,7 @@ * Close the DB connection if one exists * ------------------------------------------------------ */ - if (class_exists('CI_DB') AND isset($CI->db)) + if (class_exists('CI_DB') && isset($CI->db)) { $CI->db->close(); } -- cgit v1.2.3-24-g4f1b From 90cfe14b8458a3c84825a741cd750c5a02690f3b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 04:46:42 +0200 Subject: Switch private methods to protected --- system/core/Input.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 13bf76fd6..7a16e51ab 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -391,7 +391,7 @@ class CI_Input { { // IP segments must be digits and can not be // longer than 3 digits or greater then 255 - if ($segment == '' OR preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3) + if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3) { return FALSE; } @@ -430,7 +430,7 @@ class CI_Input { * * @return void */ - private function _sanitize_globals() + protected function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', @@ -516,7 +516,7 @@ class CI_Input { $this->security->csrf_verify(); } - log_message('debug', "Global POST and COOKIE data sanitized"); + log_message('debug', 'Global POST and COOKIE data sanitized'); } // -------------------------------------------------------------------- @@ -530,7 +530,7 @@ class CI_Input { * @param string * @return string */ - private function _clean_input_data($str) + protected function _clean_input_data($str) { if (is_array($str)) { @@ -588,7 +588,7 @@ class CI_Input { * @param string * @return string */ - private function _clean_input_keys($str) + protected function _clean_input_keys($str) { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { -- cgit v1.2.3-24-g4f1b From 8a7d078233bfb80fa01ee090e14ce0664f23b96b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 05:43:42 +0200 Subject: Remove some tabs --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index f09298bba..d7881d846 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -176,7 +176,7 @@ class CI_Security { unset($_COOKIE[$this->_csrf_cookie_name]); $this->_csrf_hash = ''; } - + $this->_csrf_set_hash(); $this->csrf_set_cookie(); -- cgit v1.2.3-24-g4f1b From 0609d588a4340fc9a9cfbc0ff76c39bba9ab09fb Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Sun, 8 Jan 2012 13:26:17 +0100 Subject: Fixes for issue 896 --- system/core/Common.php | 2 +- system/core/Output.php | 3 +-- system/core/URI.php | 5 +++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index 6ef229629..1f59c02d7 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -235,7 +235,7 @@ if ( ! function_exists('get_config')) } // Is the config file in the environment folder? - if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT..'/config.php')) + if ( ! defined('ENVIRONMENT') OR ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/config.php')) { $file_path = APPPATH.'config/config.php'; } diff --git a/system/core/Output.php b/system/core/Output.php index 1beee734f..da5c29044 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -129,7 +129,6 @@ class CI_Output { * * Sets the output string * - * @access public * @param string * @return void */ @@ -282,7 +281,7 @@ class CI_Output { * @param integer * @return void */ - publi function cache($time) + public function cache($time) { $this->cache_expiration = ( ! is_numeric($time)) ? 0 : $time; return $this; diff --git a/system/core/URI.php b/system/core/URI.php index eaf7b752b..b28ee198b 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -186,11 +186,12 @@ class CI_URI { return ''; } - if (strpos($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME']) === 0) + $uri = $_SERVER['REQUEST_URI']; + if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0) { $uri = substr($uri, strlen($_SERVER['SCRIPT_NAME'])); } - elseif (strpos($_SERVER['REQUEST_URI'], dirname($_SERVER['SCRIPT_NAME'])) === 0) + elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0) { $uri = substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME']))); } -- cgit v1.2.3-24-g4f1b From edc875593d3ddbd0fe86caf6380a62b00a20f245 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 9 Jan 2012 09:35:10 +0200 Subject: Fix a possible notice in Output library --- system/core/Output.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'system/core') diff --git a/system/core/Output.php b/system/core/Output.php index da5c29044..69a2e5f88 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -397,14 +397,12 @@ class CI_Output { // If the output data contains closing and tags // we will remove them and add them back after we insert the profile data $output = preg_replace('|.*?|is', '', $output, $count).$CI->profiler->run(); - if ($count > 0) + if (isset($count) && $count > 0) { $output .= ''; } } - // -------------------------------------------------------------------- - // Does the controller contain a function named _output()? // If so send the output there. Otherwise, echo it. if (method_exists($CI, '_output')) @@ -413,7 +411,7 @@ class CI_Output { } else { - echo $output; // Send it to the browser! + echo $output; // Send it to the browser! } log_message('debug', 'Final output sent to browser'); -- cgit v1.2.3-24-g4f1b From cba20b164fdb1e60225b4f1fc04b7a31c4ffa106 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 9 Jan 2012 10:16:41 +0200 Subject: Really fix this ... --- system/core/Output.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'system/core') diff --git a/system/core/Output.php b/system/core/Output.php index 69a2e5f88..d27133d37 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -396,8 +396,9 @@ class CI_Output { // If the output data contains closing and tags // we will remove them and add them back after we insert the profile data - $output = preg_replace('|.*?|is', '', $output, $count).$CI->profiler->run(); - if (isset($count) && $count > 0) + $count = 0; + $output = preg_replace('|.*?|is', '', $output, -1, $count).$CI->profiler->run(); + if ($count > 0) { $output .= ''; } -- cgit v1.2.3-24-g4f1b From a96a9c8e6c7a113c808ba047808180b33360d3dd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 9 Jan 2012 11:01:15 +0200 Subject: Remove once again ... --- system/core/Output.php | 1 - 1 file changed, 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Output.php b/system/core/Output.php index d27133d37..abd8a0ea9 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -396,7 +396,6 @@ class CI_Output { // If the output data contains closing and tags // we will remove them and add them back after we insert the profile data - $count = 0; $output = preg_replace('|.*?|is', '', $output, -1, $count).$CI->profiler->run(); if ($count > 0) { -- cgit v1.2.3-24-g4f1b From d47baab1bd4d655a68981834d11727ae8c2a3a45 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 9 Jan 2012 16:56:46 +0200 Subject: Fix issue #904 --- system/core/Common.php | 2 +- system/core/Loader.php | 12 +++++------- 2 files changed, 6 insertions(+), 8 deletions(-) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index 1f59c02d7..2f9c4ff43 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -199,7 +199,7 @@ if ( ! function_exists('load_class')) */ if ( ! function_exists('is_loaded')) { - function is_loaded($class = '') + function &is_loaded($class = '') { static $_is_loaded = array(); diff --git a/system/core/Loader.php b/system/core/Loader.php index 272fe4291..12daaa928 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -250,10 +250,10 @@ class CI_Loader { if (($last_slash = strrpos($model, '/')) !== FALSE) { // The path is in front of the last slash - $path = substr($model, 0, $last_slash + 1); + $path = substr($model, 0, ++$last_slash); // And the model name behind it - $model = substr($model, $last_slash + 1); + $model = substr($model, $last_slash); } if ($name == '') @@ -833,10 +833,9 @@ class CI_Loader { // If the PHP installation does not support short tags we'll // do a little string replacement, changing the short tags // to standard PHP echo statements. - if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE) { - echo eval('?>'.preg_replace("/;*\s*\?>/", "; ?>", str_replace(''.preg_replace('/;*\s*\?>/', '; ?>', str_replace(' $this->_ci_ob_level + 1) { @@ -1233,13 +1231,13 @@ class CI_Loader { { if ( ! is_array($filename)) { - return array(strtolower(str_replace('.php', '', str_replace($extension, '', $filename)).$extension)); + return array(strtolower(str_replace(array($extension, '.php'), '', $filename).$extension)); } else { foreach ($filename as $key => $val) { - $filename[$key] = strtolower(str_replace('.php', '', str_replace($extension, '', $val)).$extension); + $filename[$key] = strtolower(str_replace(array($extension, '.php'), '', $val).$extension); } return $filename; -- cgit v1.2.3-24-g4f1b From 4562f2cbb3e5346c6e341516a31ca87dfa47bafd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 9 Jan 2012 23:39:50 +0200 Subject: Some more stuff ... --- system/core/Security.php | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index d7881d846..1007f61f4 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -153,20 +153,13 @@ class CI_Security { } // Do the tokens exist in both the _POST and _COOKIE arrays? - if ( ! isset($_POST[$this->_csrf_token_name]) OR - ! isset($_COOKIE[$this->_csrf_cookie_name])) + if ( ! isset($_POST[$this->_csrf_token_name]) OR ! isset($_COOKIE[$this->_csrf_cookie_name]) + OR $_POST[$this->_csrf_token_name] != $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match? { $this->csrf_show_error(); } - // Do the tokens match? - if ($_POST[$this->_csrf_token_name] != $_COOKIE[$this->_csrf_cookie_name]) - { - $this->csrf_show_error(); - } - - // We kill this since we're done and we don't want to - // polute the _POST array + // We kill this since we're done and we don't want to polute the _POST array unset($_POST[$this->_csrf_token_name]); // Regenerate on every submission? @@ -308,10 +301,9 @@ class CI_Security { * This permits our tests below to work reliably. * We only convert entities that are within tags since * these are the ones that will pose security problems. - * */ $str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str); - $str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", array($this, '_decode_entity'), $str); + $str = preg_replace_callback('/<\w+.*?(?=>|<|$)/si', array($this, '_decode_entity'), $str); // Remove Invisible Characters Again! $str = remove_invisible_characters($str); @@ -326,9 +318,7 @@ class CI_Security { */ $str = str_replace("\t", ' ', $str); - /* - * Capture converted string for later comparison - */ + // Capture converted string for later comparison $converted_string = $str; // Remove Strings that are never allowed @@ -720,12 +710,11 @@ class CI_Security { protected function _filter_attributes($str) { $out = ''; - if (preg_match_all('#\s*[a-z\-]+\s*=\s*(\042|\047)([^\\1]*?)\\1#is', $str, $matches)) { foreach ($matches[0] as $match) { - $out .= preg_replace("#/\*.*?\*/#s", '', $match); + $out .= preg_replace('#/\*.*?\*/#s', '', $match); } } -- cgit v1.2.3-24-g4f1b From 4b13061308301cd307fe5317604265ab934fb046 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 10 Jan 2012 16:09:55 +0200 Subject: Fixed a bug in CI_Lang::load() --- system/core/Lang.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Lang.php b/system/core/Lang.php index 088cb6c9c..c40a6856e 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -130,7 +130,7 @@ class CI_Lang { } $this->is_loaded[] = $langfile; - $this->language = $this->language + $lang; + $this->language = array_merge($this->language, $lang); unset($lang); log_message('debug', 'Language file loaded: language/'.$idiom.'/'.$langfile); -- cgit v1.2.3-24-g4f1b From 176b363e534da12a38a75c9e2ba273846dfa35a7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 10 Jan 2012 18:14:28 +0200 Subject: Fix a bug in system/core/CodeIgniter.php --- system/core/CodeIgniter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index cb5d439bd..7af3c485d 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -267,7 +267,7 @@ $method = $RTR->fetch_method(); if ( ! class_exists($class) - OR strpos($method, '_', 1) === 0 + OR strpos($method, '_') === 0 OR in_array(strtolower($method), array_map('strtolower', get_class_methods('CI_Controller'))) ) { -- cgit v1.2.3-24-g4f1b From 0a9325c86cd5ccbdfe0c70ffb9bf816c8e15e148 Mon Sep 17 00:00:00 2001 From: Ross Duggan Date: Tue, 31 Jan 2012 15:47:52 +0000 Subject: HTTPS detection fix More closely follow the wording of the $_SERVER['HTTPS'] description in the PHP manual, which specifies a "non-empty" value rather than "non-null" --- system/core/Config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Config.php b/system/core/Config.php index 66369115a..68417435d 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -80,7 +80,7 @@ class CI_Config { { if (isset($_SERVER['HTTP_HOST'])) { - $base_url = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http'; + $base_url = ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http'; $base_url .= '://'. $_SERVER['HTTP_HOST'] . str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); } -- cgit v1.2.3-24-g4f1b From d63e40138e675df40f3a17e04972e82e7a748307 Mon Sep 17 00:00:00 2001 From: Kevin Cupp Date: Sun, 5 Feb 2012 14:14:32 -0500 Subject: Adding in a few 503 status codes for common errors in response to this ExpressionEngine bug about errors getting cached by reverse proxies who cache 200 responses: http://expressionengine.com/bug_tracker/bug/17420 --- system/core/Common.php | 3 +++ system/core/Input.php | 1 + 2 files changed, 4 insertions(+) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index 2f9c4ff43..225227d17 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -177,6 +177,7 @@ if ( ! function_exists('load_class')) { // Note: We use exit() rather then show_error() in order to avoid a // self-referencing loop with the Excptions class + set_status_header(503); exit('Unable to locate the specified class: '.$class.'.php'); } @@ -243,6 +244,7 @@ if ( ! function_exists('get_config')) // Fetch the config file if ( ! file_exists($file_path)) { + set_status_header(503); exit('The configuration file does not exist.'); } @@ -251,6 +253,7 @@ if ( ! function_exists('get_config')) // Does the $config array exist in the file? if ( ! isset($config) OR ! is_array($config)) { + set_status_header(503); exit('Your config file does not appear to be formatted correctly.'); } diff --git a/system/core/Input.php b/system/core/Input.php index 7a16e51ab..3339d97c5 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -592,6 +592,7 @@ class CI_Input { { if ( ! preg_match('/^[a-z0-9:_\/-]+$/i', $str)) { + set_status_header(503); exit('Disallowed Key Characters.'); } -- cgit v1.2.3-24-g4f1b From 9448afb6da995098ce4ca2d24eb3d82b26434b4b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Feb 2012 19:49:19 +0200 Subject: Fix CI_Input::is_ajax_request() --- system/core/Input.php | 66 ++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 37 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 3339d97c5..670f7a11f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Input Class * @@ -152,7 +150,7 @@ class CI_Input { public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_GET)) + if ($index === NULL && ! empty($_GET)) { $get = array(); @@ -179,7 +177,7 @@ class CI_Input { public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided - if ($index === NULL AND ! empty($_POST)) + if ($index === NULL && ! empty($_POST)) { $post = array(); @@ -206,9 +204,9 @@ class CI_Input { */ public function get_post($index = '', $xss_clean = FALSE) { - return ( ! isset($_POST[$index])) - ? $this->get($index, $xss_clean) - : $this->post($index, $xss_clean); + return isset($_POST[$index]) + ? $this->post($index, $xss_clean) + : $this->get($index, $xss_clean); } // -------------------------------------------------------------------- @@ -256,19 +254,19 @@ class CI_Input { } } - if ($prefix == '' AND config_item('cookie_prefix') != '') + if ($prefix == '' && config_item('cookie_prefix') != '') { $prefix = config_item('cookie_prefix'); } - if ($domain == '' AND config_item('cookie_domain') != '') + if ($domain == '' && config_item('cookie_domain') != '') { $domain = config_item('cookie_domain'); } - if ($path == '/' AND config_item('cookie_path') != '/') + if ($path == '/' && config_item('cookie_path') !== '/') { $path = config_item('cookie_path'); } - if ($secure == FALSE AND config_item('cookie_secure') != FALSE) + if ($secure == FALSE && config_item('cookie_secure') != FALSE) { $secure = config_item('cookie_secure'); } @@ -320,11 +318,11 @@ class CI_Input { $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; } - elseif ( ! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR')) + elseif ( ! $this->server('HTTP_CLIENT_IP') && $this->server('REMOTE_ADDR')) { $this->ip_address = $_SERVER['REMOTE_ADDR']; } - elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP')) + elseif ($this->server('REMOTE_ADDR') && $this->server('HTTP_CLIENT_IP')) { $this->ip_address = $_SERVER['HTTP_CLIENT_IP']; } @@ -414,7 +412,7 @@ class CI_Input { return $this->user_agent; } - return $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT']; + return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : FALSE; } // -------------------------------------------------------------------- @@ -469,19 +467,16 @@ class CI_Input { { $_GET = array(); } - else + elseif (is_array($_GET) && count($_GET) > 0) { - if (is_array($_GET) AND count($_GET) > 0) + foreach ($_GET as $key => $val) { - foreach ($_GET as $key => $val) - { - $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); - } + $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); } } // Clean $_POST Data - if (is_array($_POST) AND count($_POST) > 0) + if (is_array($_POST) && count($_POST) > 0) { foreach ($_POST as $key => $val) { @@ -490,7 +485,7 @@ class CI_Input { } // Clean $_COOKIE Data - if (is_array($_COOKIE) AND count($_COOKIE) > 0) + if (is_array($_COOKIE) && count($_COOKIE) > 0) { // Also get rid of specially treated cookies that might be set by a server // or silly application, that are of no use to a CI application anyway @@ -568,7 +563,7 @@ class CI_Input { } // Standardize newlines if needed - if ($this->_standardize_newlines == TRUE AND strpos($str, "\r") !== FALSE) + if ($this->_standardize_newlines == TRUE && strpos($str, "\r") !== FALSE) { return str_replace(array("\r\n", "\r", "\r\n\n"), PHP_EOL, $str); } @@ -625,7 +620,7 @@ class CI_Input { } else { - $headers['Content-Type'] = (isset($_SERVER['CONTENT_TYPE'])) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); foreach ($_SERVER as $key => $val) { @@ -655,9 +650,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers - * @param boolean XSS Clean or not - * @return mixed FALSE on failure, string on success + * @param string array key for $this->headers + * @param bool XSS Clean or not + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { @@ -671,12 +666,9 @@ class CI_Input { return FALSE; } - if ($xss_clean === TRUE) - { - return $this->security->xss_clean($this->headers[$index]); - } - - return $this->headers[$index]; + return ($xss_clean === TRUE) + ? $this->security->xss_clean($this->headers[$index]) + : $this->headers[$index]; } // -------------------------------------------------------------------- @@ -686,11 +678,11 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * - * @return boolean + * @return bool */ public function is_ajax_request() { - return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest'); + return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'); } // -------------------------------------------------------------------- @@ -700,11 +692,11 @@ class CI_Input { * * Test to see if a request was made from the command line * - * @return boolean + * @return bool */ public function is_cli_request() { - return (php_sapi_name() === 'cli') or defined('STDIN'); + return (php_sapi_name() === 'cli' OR defined('STDIN')); } } -- cgit v1.2.3-24-g4f1b From 773e117f0bfd103116397d26f0ea1d1854de5ca8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Feb 2012 23:02:19 +0200 Subject: Remove a few spaces --- system/core/Input.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 670f7a11f..ee15f4013 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -650,9 +650,9 @@ class CI_Input { * * Returns the value of a single member of the headers class member * - * @param string array key for $this->headers + * @param string array key for $this->headers * @param bool XSS Clean or not - * @return mixed FALSE on failure, string on success + * @return mixed FALSE on failure, string on success */ public function get_request_header($index, $xss_clean = FALSE) { -- cgit v1.2.3-24-g4f1b From b7b439681f466974dbb2533b70eaa230a40908c0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 27 Feb 2012 22:45:48 +0200 Subject: Just some style changes and removed a useless check --- system/core/Common.php | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index 225227d17..491979350 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -56,7 +56,7 @@ if ( ! function_exists('is_php')) function is_php($version = '5.0.0') { static $_is_php; - $version = (string)$version; + $version = (string) $version; if ( ! isset($_is_php[$version])) { @@ -84,7 +84,7 @@ if ( ! function_exists('is_really_writable')) function is_really_writable($file) { // If we're on a Unix server with safe_mode off we call is_writable - if (DIRECTORY_SEPARATOR === '/' AND @ini_get('safe_mode') == FALSE) + if (DIRECTORY_SEPARATOR === '/' && (bool) @ini_get('safe_mode') === FALSE) { return is_writable($file); } @@ -120,7 +120,7 @@ if ( ! function_exists('is_really_writable')) /** * Class registry * -* This function acts as a singleton. If the requested class does not +* This function acts as a singleton. If the requested class does not * exist it is instantiated and set to a static variable. If it has * previously been instantiated the variable is returned. * @@ -192,7 +192,7 @@ if ( ! function_exists('load_class')) // -------------------------------------------------------------------- /** -* Keeps track of which libraries have been loaded. This function is +* Keeps track of which libraries have been loaded. This function is * called by the load_class() function above * * @access public @@ -437,7 +437,7 @@ if ( ! function_exists('set_status_header')) show_error('Status codes must be numeric', 500); } - if (isset($stati[$code]) AND $text == '') + if (isset($stati[$code]) && $text == '') { $text = $stati[$code]; } @@ -447,19 +447,19 @@ if ( ! function_exists('set_status_header')) show_error('No status text available. Please check your status code number or supply your own message text.', 500); } - $server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; + $server_protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : FALSE; if (strpos(php_sapi_name(), 'cgi') === 0) { - header("Status: {$code} {$text}", TRUE); + header('Status: '.$code.' '.$text, TRUE); } - elseif ($server_protocol == 'HTTP/1.1' OR $server_protocol == 'HTTP/1.0') + elseif ($server_protocol === 'HTTP/1.0') { - header($server_protocol." {$code} {$text}", TRUE, $code); + header('HTTP/1.0 '.$code.' '.$text, TRUE, $code); } else { - header("HTTP/1.1 {$code} {$text}", TRUE, $code); + header('HTTP/1.1 '.$code.' '.$text, TRUE, $code); } } } @@ -564,14 +564,9 @@ if ( ! function_exists('html_escape')) { function html_escape($var) { - if (is_array($var)) - { - return array_map('html_escape', $var); - } - else - { - return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); - } + return is_array($var) + ? array_map('html_escape', $var) + : htmlspecialchars($var, ENT_QUOTES, config_item('charset')); } } -- cgit v1.2.3-24-g4f1b From 67ccdc02e1b66750b0e13eadcfacc47f01c1de67 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 27 Feb 2012 23:57:58 +0200 Subject: Do not create a CSRF cookie if CSRF protection is not enabled --- system/core/Security.php | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 1007f61f4..688aeba33 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * Security Class * @@ -106,23 +104,27 @@ class CI_Security { public function __construct() { - // CSRF config - foreach(array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) + // Is CSRF protection enabled? + if (config_item('csrf_protection') === TRUE) { - if (FALSE !== ($val = config_item($key))) + // CSRF config + foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key) { - $this->{'_'.$key} = $val; + if (FALSE !== ($val = config_item($key))) + { + $this->{'_'.$key} = $val; + } } - } - // Append application specific cookie prefix - if (config_item('cookie_prefix')) - { - $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; - } + // Append application specific cookie prefix + if (config_item('cookie_prefix')) + { + $this->_csrf_cookie_name = config_item('cookie_prefix').$this->_csrf_cookie_name; + } - // Set the CSRF hash - $this->_csrf_set_hash(); + // Set the CSRF hash + $this->_csrf_set_hash(); + } log_message('debug', 'Security Class Initialized'); } @@ -189,7 +191,7 @@ class CI_Security { $expire = time() + $this->_csrf_expire; $secure_cookie = (bool) config_item('cookie_secure'); - if ($secure_cookie && ( ! isset($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] == 'off' OR ! $_SERVER['HTTPS'])) + if ($secure_cookie && (empty($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] === 'off')) { return FALSE; } @@ -358,7 +360,7 @@ class CI_Security { foreach ($words as $word) { - $word = implode("\s*", str_split($word)) . "\s*"; + $word = implode('\s*', str_split($word)).'\s*'; // We only want to do this when it is followed by a non-word character // That way valid stuff like "dealer to" does not become "dealerto" @@ -425,7 +427,6 @@ class CI_Security { '\\1\\2(\\3)', $str); - // Final clean up // This adds a bit of extra precaution in case // something got through the above filters @@ -601,7 +602,7 @@ class CI_Security { } // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) - preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER); foreach ($matches as $attr) { @@ -633,7 +634,7 @@ class CI_Security { { return '<'.$matches[1].$matches[2].$matches[3] // encode opening brace // encode captured opening or closing brace to prevent recursive vectors: - . str_replace(array('>', '<'), array('>', '<'), $matches[4]); + .str_replace(array('>', '<'), array('>', '<'), $matches[4]); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From a10c8e17bbd1eb75aed1bb74523449f81ee393a2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 29 Feb 2012 18:56:12 +0200 Subject: Add strtolower to the HTTPS check --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 688aeba33..6f25fb5bb 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -191,7 +191,7 @@ class CI_Security { $expire = time() + $this->_csrf_expire; $secure_cookie = (bool) config_item('cookie_secure'); - if ($secure_cookie && (empty($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] === 'off')) + if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off')) { return FALSE; } -- cgit v1.2.3-24-g4f1b From f5e8e1c61e4ed82db42d82d01c4e52b767effa78 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 6 Mar 2012 13:11:27 +0200 Subject: Changed rewrite_short_tags to have no effect on PHP 5.4 --- system/core/Loader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php index 12daaa928..20cf7ef33 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -833,7 +833,7 @@ class CI_Loader { // If the PHP installation does not support short tags we'll // do a little string replacement, changing the short tags // to standard PHP echo statements. - if ((bool) @ini_get('short_open_tag') === FALSE AND config_item('rewrite_short_tags') == TRUE) + if ( ! is_php('5.4') && (bool) @ini_get('short_open_tag') === FALSE && config_item('rewrite_short_tags') == TRUE) { echo eval('?>'.preg_replace('/;*\s*\?>/', '; ?>', str_replace(' Date: Wed, 7 Mar 2012 19:09:51 +0100 Subject: added method() and is_method() --- system/core/Input.php | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index ee15f4013..e8e3b1d9c 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -699,6 +699,35 @@ class CI_Input { return (php_sapi_name() === 'cli' OR defined('STDIN')); } + // -------------------------------------------------------------------- + + /** + * Get Request Method + * + * Return the Request Method in lowercase + * + * @return mixed + */ + public function method() + { + return strtolower($this->server('REQUEST_METHOD')); + } + + // -------------------------------------------------------------------- + + /** + * Validate parameter against $_SERVER['REQUEST_METHOD'] + * + * Return TRUE if method equals $_SERVER['REQUEST_METHOD'], otherwise return FALSE + * + * @param string request method to match + * @return bool + */ + public function is_method($method = '') + { + return ($this->method() === strtolower($method)); + } + } /* End of file Input.php */ -- cgit v1.2.3-24-g4f1b From dc900df67972ed1c961fc3e4173db98047bdbd1b Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:41:37 +0100 Subject: removed is_method --- system/core/Input.php | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index e8e3b1d9c..65de8c824 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -704,28 +704,16 @@ class CI_Input { /** * Get Request Method * - * Return the Request Method in lowercase + * Return the Request Method * + * @param bool uppercase or lowercase * @return mixed */ - public function method() + public function method($upper = TRUE) { - return strtolower($this->server('REQUEST_METHOD')); - } - - // -------------------------------------------------------------------- - - /** - * Validate parameter against $_SERVER['REQUEST_METHOD'] - * - * Return TRUE if method equals $_SERVER['REQUEST_METHOD'], otherwise return FALSE - * - * @param string request method to match - * @return bool - */ - public function is_method($method = '') - { - return ($this->method() === strtolower($method)); + return ($upper) + ? strtoupper($this->server('REQUEST_METHOD')) + : strtolower($this->server('REQUEST_METHOD')); } } -- cgit v1.2.3-24-g4f1b From 704fb1697f0db2369a9395c362c931999c8831f1 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:42:33 +0100 Subject: oops --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 65de8c824..79910890e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -709,7 +709,7 @@ class CI_Input { * @param bool uppercase or lowercase * @return mixed */ - public function method($upper = TRUE) + public function method($upper = FALSE) { return ($upper) ? strtoupper($this->server('REQUEST_METHOD')) -- cgit v1.2.3-24-g4f1b From 7c8841f7b2fca5822e05b5d3044c748e07c800e4 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 7 Mar 2012 20:49:06 +0100 Subject: comment fix --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 79910890e..5a4659a5a 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -707,7 +707,7 @@ class CI_Input { * Return the Request Method * * @param bool uppercase or lowercase - * @return mixed + * @return bool */ public function method($upper = FALSE) { -- cgit v1.2.3-24-g4f1b From 5d27c43d29fc049497010ea62ac7877a64bfed92 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 8 Mar 2012 12:01:52 +0200 Subject: Fix issue #940 --- system/core/Security.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 6f25fb5bb..2bffa41b7 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -138,8 +138,8 @@ class CI_Security { */ public function csrf_verify() { - // If no POST data exists we will set the CSRF cookie - if (count($_POST) === 0) + // If it's not a POST request we will set the CSRF cookie + if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') { return $this->csrf_set_cookie(); } -- cgit v1.2.3-24-g4f1b From 07c1ac830b4e98aa40f48baef3dd05fb68c0a836 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Fri, 9 Mar 2012 17:03:37 +0000 Subject: Bumped CodeIgniter's PHP requirement to 5.2.4. Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway... --- system/core/Benchmark.php | 2 +- system/core/CodeIgniter.php | 2 +- system/core/Common.php | 2 +- system/core/Config.php | 2 +- system/core/Controller.php | 2 +- system/core/Exceptions.php | 2 +- system/core/Hooks.php | 2 +- system/core/Input.php | 2 +- system/core/Lang.php | 2 +- system/core/Loader.php | 2 +- system/core/Model.php | 2 +- system/core/Output.php | 2 +- system/core/Router.php | 2 +- system/core/Security.php | 2 +- system/core/URI.php | 2 +- system/core/Utf8.php | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) (limited to 'system/core') diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index f4dfd3dab..f6b634deb 100755 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 7af3c485d..a79a69590 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Common.php b/system/core/Common.php index 491979350..f20acafd4 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Config.php b/system/core/Config.php index 68417435d..1e149d005 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Controller.php b/system/core/Controller.php index 0dc131701..05e1bf5bf 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index bf9901252..d7282b1f3 100755 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Hooks.php b/system/core/Hooks.php index e1ac58e6e..493822f36 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Input.php b/system/core/Input.php index ee15f4013..9a05034ba 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Lang.php b/system/core/Lang.php index c40a6856e..9ef76f4d6 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Loader.php b/system/core/Loader.php index 12daaa928..971d30325 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Model.php b/system/core/Model.php index a595a6ae2..49b8d34e4 100755 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Output.php b/system/core/Output.php index abd8a0ea9..faebbbe72 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Router.php b/system/core/Router.php index d21319565..b251abb4b 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Security.php b/system/core/Security.php index 6f25fb5bb..bf73bd15d 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/URI.php b/system/core/URI.php index b28ee198b..db5b8e44b 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 0e180d36f..ba3567453 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * -- cgit v1.2.3-24-g4f1b From 9929d6f77a0e54288b1696343439b0e91b21866e Mon Sep 17 00:00:00 2001 From: Christopher Guiney Date: Fri, 9 Mar 2012 19:53:24 -0800 Subject: Allow drivers to be loaded as an array, like models and libraries. --- system/core/Loader.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php index 3d91915c4..42d8162bb 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -615,13 +615,22 @@ class CI_Loader { * * Loads a driver library * - * @param string the name of the class + * @param mixed the name of the class or array of classes * @param mixed the optional parameters * @param string an optional object name * @return void */ public function driver($library = '', $params = NULL, $object_name = NULL) { + if(is_array($library)) + { + foreach ( $library as $driver ) + { + $this->driver($driver); + } + return FALSE; + } + if ( ! class_exists('CI_Driver_Library')) { // we aren't instantiating an object here, that'll be done by the Library itself -- cgit v1.2.3-24-g4f1b From 1ae651655888383a4d7f97fbf6e97a7ac00a9630 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 10 Mar 2012 16:11:34 +0200 Subject: Remove PHP 5.1.6-specific code --- system/core/Input.php | 31 +------------------------------ system/core/URI.php | 4 +--- 2 files changed, 2 insertions(+), 33 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 54b7e0923..901b4147e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -366,36 +366,7 @@ class CI_Input { */ public function valid_ip($ip) { - // if php version >= 5.2, use filter_var to check validate ip. - if (function_exists('filter_var')) - { - return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); - } - - $ip_segments = explode('.', $ip); - - // Always 4 segments needed - if (count($ip_segments) !== 4) - { - return FALSE; - } - // IP can not start with 0 - if ($ip_segments[0][0] == '0') - { - return FALSE; - } - // Check each segment - foreach ($ip_segments as $segment) - { - // IP segments must be digits and can not be - // longer than 3 digits or greater then 255 - if ($segment == '' OR preg_match('/[^0-9]/', $segment) OR $segment > 255 OR strlen($segment) > 3) - { - return FALSE; - } - } - - return TRUE; + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } // -------------------------------------------------------------------- diff --git a/system/core/URI.php b/system/core/URI.php index db5b8e44b..4a2e87c2a 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -444,9 +444,7 @@ class CI_URI { return array(); } - return function_exists('array_fill_keys') - ? array_fill_keys($default, FALSE) - : array_combine($default, array_fill(0, count($default), FALSE)); + return array_fill_keys($default, FALSE); } $segments = array_slice($this->$segment_array(), ($n - 1)); -- cgit v1.2.3-24-g4f1b From b54d355faabef775703119a23dd55004b84a1140 Mon Sep 17 00:00:00 2001 From: Christopher Guiney Date: Sat, 10 Mar 2012 08:38:10 -0800 Subject: Fixing some spacing. --- system/core/Loader.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php index 42d8162bb..9b9cc2fef 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -622,9 +622,9 @@ class CI_Loader { */ public function driver($library = '', $params = NULL, $object_name = NULL) { - if(is_array($library)) + if (is_array($library)) { - foreach ( $library as $driver ) + foreach ($library as $driver) { $this->driver($driver); } -- cgit v1.2.3-24-g4f1b