From 8cc0cfe1ab1e10aad71d14e0b43e05444c00693d Mon Sep 17 00:00:00 2001 From: freewil Date: Sat, 27 Aug 2011 21:53:00 -0400 Subject: always use charset config item --- system/core/Security.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 342455f27..cc21ddc91 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -525,9 +525,10 @@ class CI_Security { * @param string * @return string */ - public function entity_decode($str, $charset='UTF-8') + public function entity_decode($str, $charset = NULL) { if (stristr($str, '&') === FALSE) return $str; + if (empty($charset)) $charset = config_item('charset'); // The reason we are not using html_entity_decode() by itself is because // while it is not technically correct to leave out the semicolon -- cgit v1.2.3-24-g4f1b From 5c9b0d1b5618ade5c6aa70475b08b3066f14ff3e Mon Sep 17 00:00:00 2001 From: freewil Date: Sun, 28 Aug 2011 12:15:23 -0400 Subject: always use charset config item --- system/core/Security.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index cc21ddc91..e99418bdd 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -527,8 +527,15 @@ class CI_Security { */ public function entity_decode($str, $charset = NULL) { - if (stristr($str, '&') === FALSE) return $str; - if (empty($charset)) $charset = config_item('charset'); + if (stristr($str, '&') === FALSE) + { + return $str; + } + + if (empty($charset)) + { + $charset = config_item('charset'); + } // The reason we are not using html_entity_decode() by itself is because // while it is not technically correct to leave out the semicolon -- cgit v1.2.3-24-g4f1b From c9f84c1f916a7f3b92b02e45cc8c1cd9a040436b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 10:45:39 +0800 Subject: Update: if php version >= 5.2, use filter_var to check validate ip. --- system/core/Input.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 0dc2c4550..f99adad01 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -373,6 +373,12 @@ class CI_Input { */ function valid_ip($ip) { + // if php version >= 5.2, use filter_var to check validate ip. + if(is_php('5.2')) + { + return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + } + $ip_segments = explode('.', $ip); // Always 4 segments needed -- cgit v1.2.3-24-g4f1b From 4db872f861dbf48b55749c53c504481f99db3551 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 10:52:37 +0800 Subject: Update: add public or private prefix. --- system/core/Input.php | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index f99adad01..2395501f3 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -116,7 +116,7 @@ class CI_Input { * @param bool * @return string */ - function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + private function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { @@ -141,7 +141,7 @@ class CI_Input { * @param bool * @return string */ - function get($index = NULL, $xss_clean = FALSE) + public function get($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL AND ! empty($_GET)) @@ -169,7 +169,7 @@ class CI_Input { * @param bool * @return string */ - function post($index = NULL, $xss_clean = FALSE) + public function post($index = NULL, $xss_clean = FALSE) { // Check if a field has been provided if ($index === NULL AND ! empty($_POST)) @@ -198,7 +198,7 @@ class CI_Input { * @param bool XSS cleaning * @return string */ - function get_post($index = '', $xss_clean = FALSE) + public function get_post($index = '', $xss_clean = FALSE) { if ( ! isset($_POST[$index]) ) { @@ -220,7 +220,7 @@ class CI_Input { * @param bool * @return string */ - function cookie($index = '', $xss_clean = FALSE) + public function cookie($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); } @@ -243,7 +243,7 @@ class CI_Input { * @param bool true makes the cookie secure * @return void */ - function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) + public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE) { if (is_array($name)) { @@ -296,7 +296,7 @@ class CI_Input { * @param bool * @return string */ - function server($index = '', $xss_clean = FALSE) + public function server($index = '', $xss_clean = FALSE) { return $this->_fetch_from_array($_SERVER, $index, $xss_clean); } @@ -309,7 +309,7 @@ class CI_Input { * @access public * @return string */ - function ip_address() + public function ip_address() { if ($this->ip_address !== FALSE) { @@ -371,7 +371,7 @@ class CI_Input { * @param string * @return string */ - function valid_ip($ip) + public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. if(is_php('5.2')) @@ -413,7 +413,7 @@ class CI_Input { * @access public * @return string */ - function user_agent() + public function user_agent() { if ($this->user_agent !== FALSE) { @@ -441,7 +441,7 @@ class CI_Input { * @access private * @return void */ - function _sanitize_globals() + private function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', @@ -542,7 +542,7 @@ class CI_Input { * @param string * @return string */ - function _clean_input_data($str) + private function _clean_input_data($str) { if (is_array($str)) { @@ -600,7 +600,7 @@ class CI_Input { * @param string * @return string */ - function _clean_input_keys($str) + private function _clean_input_keys($str) { if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str)) { @@ -624,6 +624,7 @@ class CI_Input { * In Apache, you can simply call apache_request_headers(), however for * people running other webservers the function is undefined. * + * @access public * @param bool XSS cleaning * * @return array @@ -667,6 +668,7 @@ class CI_Input { * * Returns the value of a single member of the headers class member * + * @access public * @param string array key for $this->headers * @param boolean XSS Clean or not * @return mixed FALSE on failure, string on success @@ -698,6 +700,7 @@ class CI_Input { * * Test to see if a request contains the HTTP_X_REQUESTED_WITH header * + * @access public * @return boolean */ public function is_ajax_request() @@ -712,6 +715,7 @@ class CI_Input { * * Test to see if a request was made from the command line * + * @access public * @return boolean */ public function is_cli_request() -- cgit v1.2.3-24-g4f1b From 4ddee144b3493eaceeed6ca9eb6138c881f43eac Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 14:35:32 +0800 Subject: Update: check filter_var function exist --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 2395501f3..2b36ea3c7 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -374,7 +374,7 @@ class CI_Input { public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. - if(is_php('5.2')) + if(function_exists('filter_var')) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From 013c895e7f7e9122f8d2e8c80a3ac77f190c5171 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Mon, 12 Sep 2011 15:03:44 +0800 Subject: Update: modified return bool value on comment --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 2b36ea3c7..1e37b11ea 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -369,7 +369,7 @@ class CI_Input { * * @access public * @param string - * @return string + * @return bool */ public function valid_ip($ip) { -- cgit v1.2.3-24-g4f1b From 47213794f2b09fb3540e1d0e53e50e8b084345e6 Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Tue, 13 Sep 2011 22:44:07 +0800 Subject: Update: change _fetch_from_array form private to protected --- system/core/Input.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 1e37b11ea..f39371fb0 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -110,13 +110,13 @@ class CI_Input { * * This is a helper function to retrieve values from global arrays * - * @access private + * @access protected * @param array * @param string * @param bool * @return string */ - private function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) + protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE) { if ( ! isset($array[$index])) { @@ -374,7 +374,7 @@ class CI_Input { public function valid_ip($ip) { // if php version >= 5.2, use filter_var to check validate ip. - if(function_exists('filter_var')) + if (function_exists('filter_var')) { return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); } -- cgit v1.2.3-24-g4f1b From e378a39304723d77f1a3a378706d2a20b83f8e28 Mon Sep 17 00:00:00 2001 From: Rommel Castro A Date: Thu, 22 Sep 2011 18:52:25 -0600 Subject: fixed issue #192 --- system/core/Security.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index e99418bdd..6c4c59057 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -169,6 +169,7 @@ class CI_Security { // Nothing should last forever unset($_COOKIE[$this->_csrf_cookie_name]); + $this->_csrf_hash = ''; $this->_csrf_set_hash(); $this->csrf_set_cookie(); -- cgit v1.2.3-24-g4f1b From 8d263b02c56e25305621535e184333e8cdace9bd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 18:47:09 +0300 Subject: Suppress warnings generated by get_magic_quotes_gpc() (issue #467) --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index f39371fb0..6f8442107 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -555,7 +555,7 @@ class CI_Input { } // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b From d93e6f3890fd50b9aaf1e116fa8ceb7e3f0caa05 Mon Sep 17 00:00:00 2001 From: Chris Berthe Date: Sun, 25 Sep 2011 10:33:25 -0400 Subject: Fix #484 - Hash is never set to the cookie --- system/core/Security.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 6c4c59057..84ecb06db 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -886,7 +886,8 @@ class CI_Security { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } - return $this->_csrf_hash = md5(uniqid(rand(), TRUE)); + $this->_csrf_hash = md5(uniqid(rand(), TRUE)); + $this->csrf_set_cookie(); } return $this->_csrf_hash; -- cgit v1.2.3-24-g4f1b From f6faa536b11f2ded3973a3e976938e99537ba16a Mon Sep 17 00:00:00 2001 From: freewil Date: Thu, 29 Sep 2011 21:57:27 -0400 Subject: cleanup docblocks, remove dated CI_CORE constant --- system/core/CodeIgniter.php | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index aca4fb23c..9f88384b1 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,28 +33,8 @@ * @var string * */ - /** - * CodeIgniter Version - * - * @var string - * - */ define('CI_VERSION', '2.1.0-dev'); -/** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var boolean - * - */ - /** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var string - * - */ - define('CI_CORE', FALSE); - /* * ------------------------------------------------------ * Load the global functions -- cgit v1.2.3-24-g4f1b From 3d113bd40ba0688c548a52c7eee13b8a87defecd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Oct 2011 00:03:20 +0300 Subject: Clean up core Security class --- system/core/Security.php | 69 +++++++++++++----------------------------------- 1 file changed, 19 insertions(+), 50 deletions(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index 84ecb06db..f71f7d228 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -33,7 +33,7 @@ class CI_Security { * @access protected */ protected $_xss_hash = ''; - + /** * Random Hash for Cross Site Request Forgery Protection Cookie * @@ -41,7 +41,7 @@ class CI_Security { * @access protected */ protected $_csrf_hash = ''; - + /** * Expiration time for Cross Site Request Forgery Protection Cookie * Defaults to two hours (in seconds) @@ -50,7 +50,7 @@ class CI_Security { * @access protected */ protected $_csrf_expire = 7200; - + /** * Token name for Cross Site Request Forgery Protection Cookie * @@ -58,7 +58,7 @@ class CI_Security { * @access protected */ protected $_csrf_token_name = 'ci_csrf_token'; - + /** * Cookie name for Cross Site Request Forgery Protection Cookie * @@ -66,14 +66,14 @@ class CI_Security { * @access protected */ protected $_csrf_cookie_name = 'ci_csrf_token'; - + /** * List of never allowed strings * * @var array * @access protected */ - + protected $_never_allowed_str = array( 'document.cookie' => '[removed]', 'document.write' => '[removed]', @@ -139,7 +139,7 @@ class CI_Security { { return $this->csrf_set_cookie(); } - + // Check if URI has been whitelisted from CSRF checks if ($exclude_uris = config_item('csrf_exclude_uris')) { @@ -172,9 +172,9 @@ class CI_Security { $this->_csrf_hash = ''; $this->_csrf_set_hash(); $this->csrf_set_cookie(); - + log_message('debug', "CSRF token verified"); - + return $this; } @@ -188,7 +188,7 @@ class CI_Security { public function csrf_set_cookie() { $expire = time() + $this->_csrf_expire; - $secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0; + $secure_cookie = (bool) config_item('cookie_secure'); if ($secure_cookie) { @@ -385,16 +385,11 @@ class CI_Security { foreach ($words as $word) { - $temp = ''; - - for ($i = 0, $wordlen = strlen($word); $i < $wordlen; $i++) - { - $temp .= substr($word, $i, 1)."\s*"; - } + $word = implode("\s*", str_split($word)) . "\s*"; // We only want to do this when it is followed by a non-word character // That way valid stuff like "dealer to" does not become "dealerto" - $str = preg_replace_callback('#('.substr($temp, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str); + $str = preg_replace_callback('#('.substr($word, 0, -3).')(\W)#is', array($this, '_compact_exploded_words'), $str); } /* @@ -473,7 +468,7 @@ class CI_Security { if ($is_image === TRUE) { - return ($str == $converted_string) ? TRUE: FALSE; + return ($str === $converted_string) ? TRUE : FALSE; } log_message('debug', "XSS Filtering completed"); @@ -513,26 +508,17 @@ class CI_Security { * * This function is a replacement for html_entity_decode() * - * In some versions of PHP the native function does not work - * when UTF-8 is the specified character set, so this gives us - * a work-around. More info here: - * http://bugs.php.net/bug.php?id=25670 - * - * NOTE: html_entity_decode() has a bug in some PHP versions when UTF-8 is the - * character set, and the PHP developers said they were not back porting the - * fix to versions other than PHP 5.x. - * * @param string * @param string * @return string */ public function entity_decode($str, $charset = NULL) { - if (stristr($str, '&') === FALSE) + if (strpos($str, '&') === FALSE) { return $str; } - + if (empty($charset)) { $charset = config_item('charset'); @@ -543,26 +529,9 @@ class CI_Security { // at the end of an entity most browsers will still interpret the entity // correctly. html_entity_decode() does not convert entities without // semicolons, so we are left with our own little solution here. Bummer. - - if (function_exists('html_entity_decode') && - (strtolower($charset) != 'utf-8')) - { - $str = html_entity_decode($str, ENT_COMPAT, $charset); - $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); - return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); - } - - // Numeric Entities - $str = preg_replace('~&#x(0*[0-9a-f]{2,5});{0,1}~ei', 'chr(hexdec("\\1"))', $str); - $str = preg_replace('~&#([0-9]{2,4});{0,1}~e', 'chr(\\1)', $str); - - // Literal Entities - Slightly slow so we do another check - if (stristr($str, '&') === FALSE) - { - $str = strtr($str, array_flip(get_html_translation_table(HTML_ENTITIES))); - } - - return $str; + $str = html_entity_decode($str, ENT_COMPAT, $charset); + $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); + return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); } // -------------------------------------------------------------------- @@ -896,4 +865,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */ \ No newline at end of file +/* Location: ./system/libraries/Security.php */ -- cgit v1.2.3-24-g4f1b From 064da7b408102cf8dadc1fd2b968f9852a58d9cf Mon Sep 17 00:00:00 2001 From: purwandi Date: Wed, 5 Oct 2011 17:51:26 +0700 Subject: Fix location file Security Class to core folder --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index f71f7d228..65338ced3 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -865,4 +865,4 @@ class CI_Security { } /* End of file Security.php */ -/* Location: ./system/libraries/Security.php */ +/* Location: ./system/core/Security.php */ -- cgit v1.2.3-24-g4f1b From 6a15b2d8e84b38e1a42d7c27ae2f6ed393e72399 Mon Sep 17 00:00:00 2001 From: Tom Klingenberg Date: Fri, 7 Oct 2011 20:03:30 +0200 Subject: CI_Loader::driver() processes empty library. Fixed. This causes endless recursion calls _ci_load_class(), see #550 --- system/core/Loader.php | 5 +++++ 1 file changed, 5 insertions(+) mode change 100755 => 100644 system/core/Loader.php (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php old mode 100755 new mode 100644 index de0fc06d2..5539aae14 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -616,6 +616,11 @@ class CI_Loader { require BASEPATH.'libraries/Driver.php'; } + if ($library == '') + { + return FALSE; + } + // We can save the loader some time since Drivers will *always* be in a subfolder, // and typically identically named to the library if ( ! strpos($library, '/')) -- cgit v1.2.3-24-g4f1b From af7286251ec2c0dfd69ae764dbc0e3e8d0b736bf Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Oct 2011 10:11:59 +0300 Subject: get_magic_quotes_gpc() to be executed only if PHP version is 5.3 or lower --- system/core/Input.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 6f8442107..f8e89066e 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -554,8 +554,12 @@ class CI_Input { return $new_array; } - // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) + /* We strip slashes if magic quotes is on to keep things consistent + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b From f4a4bd8fac188ebc9cda822ffc811c218fd92b45 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 20 Oct 2011 12:18:42 -0500 Subject: adding new license file (OSL 3.0) and updating readme to ReST added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change --- system/core/Benchmark.php | 20 ++++++++++++++++---- system/core/CodeIgniter.php | 22 +++++++++++++++++----- system/core/Common.php | 20 ++++++++++++++++---- system/core/Config.php | 20 ++++++++++++++++---- system/core/Controller.php | 20 ++++++++++++++++---- system/core/Exceptions.php | 20 ++++++++++++++++---- system/core/Hooks.php | 20 ++++++++++++++++---- system/core/Input.php | 20 ++++++++++++++++---- system/core/Lang.php | 20 ++++++++++++++++---- system/core/Loader.php | 20 ++++++++++++++++---- system/core/Model.php | 20 ++++++++++++++++---- system/core/Output.php | 20 ++++++++++++++++---- system/core/Router.php | 20 ++++++++++++++++---- system/core/Security.php | 20 ++++++++++++++++---- system/core/URI.php | 20 ++++++++++++++++---- system/core/Utf8.php | 20 ++++++++++++++++---- 16 files changed, 257 insertions(+), 65 deletions(-) (limited to 'system/core') diff --git a/system/core/Benchmark.php b/system/core/Benchmark.php index a200727ab..0f3104079 100755 --- a/system/core/Benchmark.php +++ b/system/core/Benchmark.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -24,7 +36,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/benchmark.html */ class CI_Benchmark { diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 9f88384b1..4d76a5587 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage codeigniter * @category Front-controller - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/ */ @@ -33,7 +45,7 @@ * @var string * */ - define('CI_VERSION', '2.1.0-dev'); + define('CI_VERSION', '3.0-dev'); /* * ------------------------------------------------------ diff --git a/system/core/Common.php b/system/core/Common.php index d79375475..e43bb8db3 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage codeigniter * @category Common Functions - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/ */ diff --git a/system/core/Config.php b/system/core/Config.php index 714c4667b..abd2767d5 100755 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/config.html */ class CI_Config { diff --git a/system/core/Controller.php b/system/core/Controller.php index fddb81e19..ca2bf41b5 100644 --- a/system/core/Controller.php +++ b/system/core/Controller.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -24,7 +36,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/general/controllers.html */ class CI_Controller { diff --git a/system/core/Exceptions.php b/system/core/Exceptions.php index 869739a5a..ead8d814e 100755 --- a/system/core/Exceptions.php +++ b/system/core/Exceptions.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -21,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Exceptions - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/exceptions.html */ class CI_Exceptions { diff --git a/system/core/Hooks.php b/system/core/Hooks.php index 33f1c034c..46bfec02a 100755 --- a/system/core/Hooks.php +++ b/system/core/Hooks.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/encryption.html */ class CI_Hooks { diff --git a/system/core/Input.php b/system/core/Input.php index f8e89066e..946d9296f 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Input - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/input.html */ class CI_Input { diff --git a/system/core/Lang.php b/system/core/Lang.php index d61d1029a..e03afb07d 100755 --- a/system/core/Lang.php +++ b/system/core/Lang.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -21,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Language - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/language.html */ class CI_Lang { diff --git a/system/core/Loader.php b/system/core/Loader.php index 5539aae14..4e14b54af 100644 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -22,7 +34,7 @@ * * @package CodeIgniter * @subpackage Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @category Loader * @link http://codeigniter.com/user_guide/libraries/loader.html */ diff --git a/system/core/Model.php b/system/core/Model.php index e15ffbebc..c34bab64b 100755 --- a/system/core/Model.php +++ b/system/core/Model.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -21,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/config.html */ class CI_Model { diff --git a/system/core/Output.php b/system/core/Output.php index ccecafd2b..7b53f8e3e 100755 --- a/system/core/Output.php +++ b/system/core/Output.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Output - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/output.html */ class CI_Output { diff --git a/system/core/Router.php b/system/core/Router.php index 6da667472..748678d67 100755 --- a/system/core/Router.php +++ b/system/core/Router.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -22,7 +34,7 @@ * * @package CodeIgniter * @subpackage Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @category Libraries * @link http://codeigniter.com/user_guide/general/routing.html */ diff --git a/system/core/Security.php b/system/core/Security.php index 65338ced3..ee4f0a08d 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -21,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Security - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/security.html */ class CI_Security { diff --git a/system/core/URI.php b/system/core/URI.php index 8946bc76b..578d17429 100755 --- a/system/core/URI.php +++ b/system/core/URI.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category URI - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/uri.html */ class CI_URI { diff --git a/system/core/Utf8.php b/system/core/Utf8.php index 2a27d1f35..7abe4e43b 100644 --- a/system/core/Utf8.php +++ b/system/core/Utf8.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 2.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category UTF-8 - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/utf8.html */ class CI_Utf8 { -- cgit v1.2.3-24-g4f1b From e8349294d8638dac1e689d137188bb7c7c7c19c5 Mon Sep 17 00:00:00 2001 From: Tom Klingenberg Date: Fri, 7 Oct 2011 20:03:30 +0200 Subject: CI_Loader::driver() processes empty library. Fixed. This causes endless recursion calls _ci_load_class(), see #550 --- system/core/Loader.php | 5 +++++ 1 file changed, 5 insertions(+) mode change 100755 => 100644 system/core/Loader.php (limited to 'system/core') diff --git a/system/core/Loader.php b/system/core/Loader.php old mode 100755 new mode 100644 index e7fa3d3f6..6b7ee0c28 --- a/system/core/Loader.php +++ b/system/core/Loader.php @@ -616,6 +616,11 @@ class CI_Loader { require BASEPATH.'libraries/Driver.php'; } + if ($library == '') + { + return FALSE; + } + // We can save the loader some time since Drivers will *always* be in a subfolder, // and typically identically named to the library if ( ! strpos($library, '/')) -- cgit v1.2.3-24-g4f1b From 75b1f3991013c17cacac18e47879c483fe1cf542 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Oct 2011 10:11:59 +0300 Subject: get_magic_quotes_gpc() to be executed only if PHP version is 5.3 or lower --- system/core/Input.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'system/core') diff --git a/system/core/Input.php b/system/core/Input.php index 5a033e7b8..9bfb5f1fb 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -548,8 +548,12 @@ class CI_Input { return $new_array; } - // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + /* We strip slashes if magic quotes is on to keep things consistent + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $str = stripslashes($str); } @@ -714,7 +718,6 @@ class CI_Input { } } -// END Input class /* End of file Input.php */ -/* Location: ./system/core/Input.php */ +/* Location: ./system/core/Input.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 9c63d0bb34be4007178d5a7e46348d5e23fee3ff Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Thu, 27 Oct 2011 01:55:44 +0100 Subject: Bumped CodeIgniter version to 2.1.0. --- system/core/CodeIgniter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index 0a1391d18..d9977e1ca 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -39,7 +39,7 @@ * @var string * */ - define('CI_VERSION', '2.0.2'); + define('CI_VERSION', '2.1.0'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) -- cgit v1.2.3-24-g4f1b From 55027807e4826dfe722598172ab7ffbd9dc0b48c Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 25 Aug 2011 10:51:44 +0900 Subject: add html_escape() function to escape HTML. --- system/core/Common.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index db9fbeb9f..3d6931bc0 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -536,5 +536,29 @@ if ( ! function_exists('remove_invisible_characters')) } } +// ------------------------------------------------------------------------ + +/** +* Returns HTML escaped variable +* +* @access public +* @param mixed +* @return mixed +*/ +if ( ! function_exists('html_escape')) +{ + function html_escape($var) + { + if (is_array($var)) + { + return array_map('html_escape', $var); + } + else + { + return htmlspecialchars($var, ENT_QUOTES, config_item('charset')); + } + } +} + /* End of file Common.php */ /* Location: ./system/core/Common.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 8d0a31314fbf8040cce5d7601a12fffe208ae884 Mon Sep 17 00:00:00 2001 From: Shane Pearson Date: Mon, 22 Aug 2011 16:11:20 -0500 Subject: Fix #8 - Load core classes from the application folder first. --- system/core/Common.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index 3d6931bc0..d79375475 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -132,9 +132,9 @@ if ( ! function_exists('load_class')) $name = FALSE; - // Look for the class first in the native system/libraries folder - // thenin the local application/libraries folder - foreach (array(BASEPATH, APPPATH) as $path) + // Look for the class first in the local application/libraries folder + // then in the native system/libraries folder + foreach (array(APPPATH, BASEPATH) as $path) { if (file_exists($path.$directory.'/'.$class.'.php')) { -- cgit v1.2.3-24-g4f1b From fbcf88b9687ed25c71f0036112f9a120a7623302 Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Mon, 14 Nov 2011 13:39:37 -0500 Subject: Removing stray docblocks --- system/core/CodeIgniter.php | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'system/core') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index d9977e1ca..db1aee574 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,12 +33,6 @@ * @var string * */ - /** - * CodeIgniter Version - * - * @var string - * - */ define('CI_VERSION', '2.1.0'); /** @@ -47,12 +41,6 @@ * @var boolean * */ - /** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var string - * - */ define('CI_CORE', FALSE); /* -- cgit v1.2.3-24-g4f1b From c38e3b672335e3a00d68decf2b629a0afc7c769d Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Mon, 14 Nov 2011 13:55:00 -0500 Subject: Tweaking the xss filter for IE tags, parameter injection, and weird html5 attributes. --- system/core/Security.php | 91 ++++++++++++++++++++++-------------------------- 1 file changed, 41 insertions(+), 50 deletions(-) (limited to 'system/core') diff --git a/system/core/Security.php b/system/core/Security.php index dcc680a11..a3e227437 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -77,7 +77,8 @@ class CI_Security { '-moz-binding' => '[removed]', '' => '-->', - ' '<![CDATA[' + ' '<![CDATA[', + '' => '<comment>' ); /* never allowed, regex replacement */ @@ -475,15 +476,7 @@ class CI_Security { { if ($this->_xss_hash == '') { - if (phpversion() >= 4.2) - { - mt_srand(); - } - else - { - mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff); - } - + mt_srand(); $this->_xss_hash = md5(time() + mt_rand(0, 1999999999)); } @@ -497,14 +490,11 @@ class CI_Security { * * This function is a replacement for html_entity_decode() * - * In some versions of PHP the native function does not work - * when UTF-8 is the specified character set, so this gives us - * a work-around. More info here: - * http://bugs.php.net/bug.php?id=25670 - * - * NOTE: html_entity_decode() has a bug in some PHP versions when UTF-8 is the - * character set, and the PHP developers said they were not back porting the - * fix to versions other than PHP 5.x. + * The reason we are not using html_entity_decode() by itself is because + * while it is not technically correct to leave out the semicolon + * at the end of an entity most browsers will still interpret the entity + * correctly. html_entity_decode() does not convert entities without + * semicolons, so we are left with our own little solution here. Bummer. * * @param string * @param string @@ -512,33 +502,14 @@ class CI_Security { */ public function entity_decode($str, $charset='UTF-8') { - if (stristr($str, '&') === FALSE) return $str; - - // The reason we are not using html_entity_decode() by itself is because - // while it is not technically correct to leave out the semicolon - // at the end of an entity most browsers will still interpret the entity - // correctly. html_entity_decode() does not convert entities without - // semicolons, so we are left with our own little solution here. Bummer. - - if (function_exists('html_entity_decode') && - (strtolower($charset) != 'utf-8')) - { - $str = html_entity_decode($str, ENT_COMPAT, $charset); - $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); - return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); - } - - // Numeric Entities - $str = preg_replace('~&#x(0*[0-9a-f]{2,5});{0,1}~ei', 'chr(hexdec("\\1"))', $str); - $str = preg_replace('~&#([0-9]{2,4});{0,1}~e', 'chr(\\1)', $str); - - // Literal Entities - Slightly slow so we do another check if (stristr($str, '&') === FALSE) { - $str = strtr($str, array_flip(get_html_translation_table(HTML_ENTITIES))); + return $str; } - return $str; + $str = html_entity_decode($str, ENT_COMPAT, $charset); + $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str); + return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str); } // -------------------------------------------------------------------- @@ -632,25 +603,45 @@ class CI_Security { protected function _remove_evil_attributes($str, $is_image) { // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns - $evil_attributes = array('on\w*', 'style', 'xmlns'); + $evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction'); if ($is_image === TRUE) { /* - * Adobe Photoshop puts XML metadata into JFIF images, + * Adobe Photoshop puts XML metadata into JFIF images, * including namespacing, so we have to allow this for images. */ unset($evil_attributes[array_search('xmlns', $evil_attributes)]); } - + do { - $str = preg_replace( - "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i", - "<$1$6", - $str, -1, $count - ); - } while ($count); + $count = 0; + $attribs = array(); + + // find occurrences of illegal attribute strings without quotes + preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*([^\s]*)/is", $str, $matches, PREG_SET_ORDER); + + foreach ($matches as $attr) + { + $attribs[] = preg_quote($attr[0], '/'); + } + + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) + preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER); + foreach ($matches as $attr) + { + $attribs[] = preg_quote($attr[0], '/'); + } + + // replace illegal attribute strings that are inside an html tag + if (count($attribs) > 0) + { + $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count); + } + + } while ($count); + return $str; } -- cgit v1.2.3-24-g4f1b From 0ec05c1e582805d9b71f06e357846abeaf0e40a4 Mon Sep 17 00:00:00 2001 From: Chris Rosser Date: Mon, 21 Nov 2011 17:56:13 +0000 Subject: Added HTTP status code 422 (Unprocessable Entity) to set_status_header() --- system/core/Common.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/core') diff --git a/system/core/Common.php b/system/core/Common.php index e43bb8db3..b0921fe0c 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -419,6 +419,7 @@ if ( ! function_exists('set_status_header')) 415 => 'Unsupported Media Type', 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', + 422 => 'Unprocessable Entity', 500 => 'Internal Server Error', 501 => 'Not Implemented', -- cgit v1.2.3-24-g4f1b