From f4a4bd8fac188ebc9cda822ffc811c218fd92b45 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 20 Oct 2011 12:18:42 -0500 Subject: adding new license file (OSL 3.0) and updating readme to ReST added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change --- system/helpers/security_helper.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 678dac821..ad4e29a87 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -21,7 +33,7 @@ * @package CodeIgniter * @subpackage Helpers * @category Helpers - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/helpers/security_helper.html */ -- cgit v1.2.3-24-g4f1b From 0defe5d33ee2633f377a109519ca818becc60f64 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 1 Jan 2012 18:46:41 -0600 Subject: Updating copyright date to 2012 --- system/helpers/security_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index ad4e29a87..d64bd12e1 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From a381d175691a5fa58b4ef4d0aab1a0b7bc9a87fb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 6 Jan 2012 19:19:37 +0200 Subject: Improve number, path & security helpers --- system/helpers/security_helper.php | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index d64bd12e1..99fda561a 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -1,13 +1,13 @@ -#", "\\1", $str); - $str = preg_replace("##", "\\1", $str); - - return $str; + return preg_replace(array("##", "##"), "\\1", $str); } } @@ -135,6 +125,5 @@ if ( ! function_exists('encode_php_tags')) } } - /* End of file security_helper.php */ -/* Location: ./system/helpers/security_helper.php */ \ No newline at end of file +/* Location: ./system/helpers/security_helper.php */ -- cgit v1.2.3-24-g4f1b From 07c1ac830b4e98aa40f48baef3dd05fb68c0a836 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Fri, 9 Mar 2012 17:03:37 +0000 Subject: Bumped CodeIgniter's PHP requirement to 5.2.4. Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway... --- system/helpers/security_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 99fda561a..e05e947a5 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * -- cgit v1.2.3-24-g4f1b From 8840c96cc0608859ad4b5341c31db9bb1f833792 Mon Sep 17 00:00:00 2001 From: freewil Date: Sun, 18 Mar 2012 15:23:09 -0400 Subject: use php's hash() function for do_hash() helper --- system/helpers/security_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index e05e947a5..16dfb0de3 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -87,7 +87,7 @@ if ( ! function_exists('do_hash')) { function do_hash($str, $type = 'sha1') { - return ($type === 'sha1') ? sha1($str) : md5($str); + return hash($type, $str); } } -- cgit v1.2.3-24-g4f1b From 50bff7c06c177f580db956ef5df9a490141de5f6 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 19 Mar 2012 12:16:38 +0200 Subject: Fix possible error messages with do_hash() and alter a changelog entry --- system/helpers/security_helper.php | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 16dfb0de3..2f3df7834 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Security Helpers * @@ -42,7 +40,6 @@ /** * XSS Filtering * - * @access public * @param string * @param bool whether or not the content is an image file * @return string @@ -61,7 +58,6 @@ if ( ! function_exists('xss_clean')) /** * Sanitize Filename * - * @access public * @param string * @return string */ @@ -79,7 +75,6 @@ if ( ! function_exists('sanitize_filename')) /** * Hash encode a string * - * @access public * @param string * @return string */ @@ -87,6 +82,11 @@ if ( ! function_exists('do_hash')) { function do_hash($str, $type = 'sha1') { + if ( ! in_array($type, hash_algos())) + { + $type = 'md5'; + } + return hash($type, $str); } } @@ -96,7 +96,6 @@ if ( ! function_exists('do_hash')) /** * Strip Image Tags * - * @access public * @param string * @return string */ @@ -104,7 +103,7 @@ if ( ! function_exists('strip_image_tags')) { function strip_image_tags($str) { - return preg_replace(array("##", "##"), "\\1", $str); + return preg_replace(array('##', '##'), '\\1', $str); } } @@ -113,7 +112,6 @@ if ( ! function_exists('strip_image_tags')) /** * Convert PHP tags to entities * - * @access public * @param string * @return string */ -- cgit v1.2.3-24-g4f1b From 7eea3064af3be5dd0b526056211a510f90a40766 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 19 Mar 2012 12:58:45 +0200 Subject: Apply strtolower() to hash support check in do_hash() --- system/helpers/security_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 2f3df7834..8c7adea46 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -82,7 +82,7 @@ if ( ! function_exists('do_hash')) { function do_hash($str, $type = 'sha1') { - if ( ! in_array($type, hash_algos())) + if ( ! in_array(strtolower($type), hash_algos())) { $type = 'md5'; } -- cgit v1.2.3-24-g4f1b From e92df33e7dda139ee46bddca31aebb4cd5d452fd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 26 Mar 2012 22:44:20 +0300 Subject: Remove remaining access description lines from helpers + some style fixes --- system/helpers/security_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 8c7adea46..d6f134c9f 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -124,4 +124,4 @@ if ( ! function_exists('encode_php_tags')) } /* End of file security_helper.php */ -/* Location: ./system/helpers/security_helper.php */ +/* Location: ./system/helpers/security_helper.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From b75faa1a03a32330e412f0bd0332fb9fa389e914 Mon Sep 17 00:00:00 2001 From: Timothy Warren Date: Fri, 27 Apr 2012 12:03:32 -0400 Subject: Fix rest of the helpers --- system/helpers/security_helper.php | 63 +++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 31 deletions(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index d6f134c9f..6187a4a7a 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -37,15 +37,15 @@ // ------------------------------------------------------------------------ -/** - * XSS Filtering - * - * @param string - * @param bool whether or not the content is an image file - * @return string - */ if ( ! function_exists('xss_clean')) { + /** + * XSS Filtering + * + * @param string + * @param bool whether or not the content is an image file + * @return string + */ function xss_clean($str, $is_image = FALSE) { $CI =& get_instance(); @@ -55,14 +55,14 @@ if ( ! function_exists('xss_clean')) // ------------------------------------------------------------------------ -/** - * Sanitize Filename - * - * @param string - * @return string - */ if ( ! function_exists('sanitize_filename')) { + /** + * Sanitize Filename + * + * @param string + * @return string + */ function sanitize_filename($filename) { $CI =& get_instance(); @@ -72,14 +72,15 @@ if ( ! function_exists('sanitize_filename')) // -------------------------------------------------------------------- -/** - * Hash encode a string - * - * @param string - * @return string - */ if ( ! function_exists('do_hash')) { + /** + * Hash encode a string + * + * @param string + * @param string + * @return string + */ function do_hash($str, $type = 'sha1') { if ( ! in_array(strtolower($type), hash_algos())) @@ -93,14 +94,14 @@ if ( ! function_exists('do_hash')) // ------------------------------------------------------------------------ -/** - * Strip Image Tags - * - * @param string - * @return string - */ if ( ! function_exists('strip_image_tags')) { + /** + * Strip Image Tags + * + * @param string + * @return string + */ function strip_image_tags($str) { return preg_replace(array('##', '##'), '\\1', $str); @@ -109,14 +110,14 @@ if ( ! function_exists('strip_image_tags')) // ------------------------------------------------------------------------ -/** - * Convert PHP tags to entities - * - * @param string - * @return string - */ if ( ! function_exists('encode_php_tags')) { + /** + * Convert PHP tags to entities + * + * @param string + * @return string + */ function encode_php_tags($str) { return str_replace(array(''), array('<?php', '<?PHP', '<?', '?>'), $str); -- cgit v1.2.3-24-g4f1b From 0f0b76980cb07f39b20c8591882aeae3854f016c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 7 Jun 2012 14:57:04 +0300 Subject: Deprecated do_hash() and read_file() in favor of hash() and file_get_contents() respectively --- system/helpers/security_helper.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 6187a4a7a..3e6e91435 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -77,6 +77,9 @@ if ( ! function_exists('do_hash')) /** * Hash encode a string * + * This function is DEPRECATED and should be removed in + * CodeIgniter 3.1+. Use hash() instead. + * * @param string * @param string * @return string -- cgit v1.2.3-24-g4f1b From e446ad337945b7839b73f13531b21ed16ece241e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 15 Jun 2012 15:23:41 +0300 Subject: Optimize encode_php_tags() --- system/helpers/security_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 3e6e91435..7fcb18437 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -123,7 +123,7 @@ if ( ! function_exists('encode_php_tags')) */ function encode_php_tags($str) { - return str_replace(array(''), array('<?php', '<?PHP', '<?', '?>'), $str); + return str_replace(array(''), array('<?', '?>'), $str); } } -- cgit v1.2.3-24-g4f1b From d1cace76965f71107aca63df1057b98df8d3b85a Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 17 Jun 2012 03:01:00 +0300 Subject: Add deprecated docblock tags for do_hash() and read_file() --- system/helpers/security_helper.php | 1 + 1 file changed, 1 insertion(+) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 7fcb18437..7968f9e9f 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -80,6 +80,7 @@ if ( ! function_exists('do_hash')) * This function is DEPRECATED and should be removed in * CodeIgniter 3.1+. Use hash() instead. * + * @deprecated * @param string * @param string * @return string -- cgit v1.2.3-24-g4f1b From 1a24a9da3cfbacf8802ffd0b79f5494d30278007 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Jun 2012 00:52:47 +0300 Subject: Fix issue #427 --- system/helpers/security_helper.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 7968f9e9f..0e8e9f93d 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -108,7 +108,8 @@ if ( ! function_exists('strip_image_tags')) */ function strip_image_tags($str) { - return preg_replace(array('##', '##'), '\\1', $str); + $CI =& get_instance(); + return $CI->security->strip_image_tags($str); } } -- cgit v1.2.3-24-g4f1b From 3c298dcf7028ad5e6f9b2da15fa9a07e7da505b9 Mon Sep 17 00:00:00 2001 From: vkeranov Date: Thu, 12 Jul 2012 11:04:02 +0300 Subject: Important space fix :) --- system/helpers/security_helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/helpers/security_helper.php') diff --git a/system/helpers/security_helper.php b/system/helpers/security_helper.php index 0e8e9f93d..5ecc960bc 100644 --- a/system/helpers/security_helper.php +++ b/system/helpers/security_helper.php @@ -125,7 +125,7 @@ if ( ! function_exists('encode_php_tags')) */ function encode_php_tags($str) { - return str_replace(array(''), array('<?', '?>'), $str); + return str_replace(array(''), array('<?', '?>'), $str); } } -- cgit v1.2.3-24-g4f1b