From 07e50b9b235f3c53bce580d8cc9a59e4e14df274 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Tue, 15 Mar 2011 14:03:53 +0000 Subject: Fixed upload issue reported by Valhallen and fixed by bubbafoley. --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index e15ea1b5d..2012fb302 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -951,7 +951,7 @@ class CI_Upload { if (count($this->mimes) == 0) { - if (@require_once(APPPATH.'config/mimes'.EXT)) + if (@require(APPPATH.'config/mimes'.EXT)) { $this->mimes = $mimes; unset($mimes); -- cgit v1.2.3-24-g4f1b From 0ea04149bbae0fdcde92b7362e7cbd76f0df3865 Mon Sep 17 00:00:00 2001 From: bubbafoley Date: Thu, 17 Mar 2011 14:55:41 -0500 Subject: load config files from environment specific locations in core classes, helpers and libraries --- system/libraries/Upload.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 2012fb302..24189f4b4 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -951,7 +951,16 @@ class CI_Upload { if (count($this->mimes) == 0) { - if (@require(APPPATH.'config/mimes'.EXT)) + if (file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT)) + { + $_mimes_path = APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT; + } + else + { + $_mimes_path = APPPATH.'config/mimes'.EXT; + } + + if (@require($_mimes_path)) { $this->mimes = $mimes; unset($mimes); -- cgit v1.2.3-24-g4f1b From 928083406322821a35a7d8a4205620c3854772a6 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Fri, 18 Mar 2011 09:02:37 -0400 Subject: Fixed coding to match standards from previous releases --- system/libraries/Upload.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 24189f4b4..e8e47a194 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -142,7 +142,7 @@ class CI_Upload { */ public function do_upload($field = 'userfile') { - + // Is $_FILES[$field] set? If not, no reason to continue. if ( ! isset($_FILES[$field])) { @@ -953,13 +953,13 @@ class CI_Upload { { if (file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT)) { - $_mimes_path = APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT; + $_mimes_path = APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT; } else { $_mimes_path = APPPATH.'config/mimes'.EXT; } - + if (@require($_mimes_path)) { $this->mimes = $mimes; -- cgit v1.2.3-24-g4f1b From fdd5b11b62f127901ddff2e5dc7923b063371070 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Mon, 21 Mar 2011 21:28:58 -0400 Subject: Fixed logic and removed the error supressing --- system/libraries/Upload.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index e8e47a194..5816a5558 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -951,20 +951,21 @@ class CI_Upload { if (count($this->mimes) == 0) { - if (file_exists(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT)) + if (is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT)) { - $_mimes_path = APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT; + include(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT); } - else + elseif (is_file(APPPATH.'config/mimes'.EXT)) { - $_mimes_path = APPPATH.'config/mimes'.EXT; + include(APPPATH.'config//mimes'.EXT); } - - if (@require($_mimes_path)) + else { - $this->mimes = $mimes; - unset($mimes); + return FALSE; } + + $this->mimes = $mimes; + unset($mimes); } return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime]; -- cgit v1.2.3-24-g4f1b From 6984aaf27f53b91ab1eafcdccd5fb871dfcd5f18 Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Tue, 5 Apr 2011 14:58:04 -0400 Subject: Removing security loading calls. --- system/libraries/Upload.php | 6 ------ 1 file changed, 6 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 5816a5558..b62e0d73c 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -875,12 +875,6 @@ class CI_Upload { } $CI =& get_instance(); - - if ( ! isset($CI->security)) - { - $CI->load->library('security'); - } - return $CI->security->xss_clean($data, TRUE); } -- cgit v1.2.3-24-g4f1b From 05fa61144667c85b0463f7e8baa6af00aa195dc6 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 6 Apr 2011 22:57:43 +0100 Subject: Made Environment Support optional. Comment out or delete the constant to stop environment checks. --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 5816a5558..3cd2e4fc1 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -951,7 +951,7 @@ class CI_Upload { if (count($this->mimes) == 0) { - if (is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT)) + if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT)) { include(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT); } -- cgit v1.2.3-24-g4f1b From 3a746655e92ec59ee7e731c3535673a9aedc5d3e Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Tue, 19 Apr 2011 10:59:47 -0500 Subject: Removing internal references to the EXT constant. Additionally, marked the constant as deprecated. Use ".php" instead. Also adding upgrade notes from 2.0.2 to 2.0.3. --- system/libraries/Upload.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index e80049fa4..3177424c4 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -945,13 +945,13 @@ class CI_Upload { if (count($this->mimes) == 0) { - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT)) + if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { - include(APPPATH.'config/'.ENVIRONMENT.'/mimes'.EXT); + include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'); } - elseif (is_file(APPPATH.'config/mimes'.EXT)) + elseif (is_file(APPPATH.'config/mimes.php')) { - include(APPPATH.'config//mimes'.EXT); + include(APPPATH.'config//mimes.php'); } else { -- cgit v1.2.3-24-g4f1b From 114ab0988e20ac6be39ad363ff897a1a3b85e565 Mon Sep 17 00:00:00 2001 From: Razican Date: Mon, 25 Apr 2011 17:26:45 +0200 Subject: Fixed double-space typo. --- system/libraries/Upload.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 3177424c4..51fbf772c 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1,4 +1,4 @@ -set_error('upload_stopped_by_extension'); break; - default : $this->set_error('upload_no_file_selected'); + default : $this->set_error('upload_no_file_selected'); break; } @@ -290,7 +290,7 @@ class CI_Upload { /* * Run the file through the XSS hacking filter * This helps prevent malicious code from being - * embedded within a file. Scripts can easily + * embedded within a file. Scripts can easily * be disguised as images or other file types. */ if ($this->xss_clean) @@ -305,8 +305,8 @@ class CI_Upload { /* * Move the file to the final destination * To deal with different server configurations - * we'll attempt to use copy() first. If that fails - * we'll use move_uploaded_file(). One of the two should + * we'll attempt to use copy() first. If that fails + * we'll use move_uploaded_file(). One of the two should * reliably work in most environments */ if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name)) @@ -321,7 +321,7 @@ class CI_Upload { /* * Set the finalized image dimensions * This sets the image width/height (assuming the - * file was an image). We use this information + * file was an image). We use this information * in the "data" function. */ $this->set_image_properties($this->upload_path.$this->file_name); @@ -518,7 +518,7 @@ class CI_Upload { $this->image_width = $D['0']; $this->image_height = $D['1']; $this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']]; - $this->image_size_str = $D['3']; // string containing height and width + $this->image_size_str = $D['3']; // string containing height and width } } } @@ -551,7 +551,7 @@ class CI_Upload { // IE will sometimes return odd mime-types during upload, so here we just standardize all // jpegs or pngs to the same file type. - $png_mimes = array('image/x-png'); + $png_mimes = array('image/x-png'); $jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg'); if (in_array($this->file_type, $png_mimes)) @@ -642,7 +642,7 @@ class CI_Upload { */ public function is_allowed_filesize() { - if ($this->max_size != 0 AND $this->file_size > $this->max_size) + if ($this->max_size != 0 AND $this->file_size > $this->max_size) { return FALSE; } @@ -721,7 +721,7 @@ class CI_Upload { return FALSE; } - $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path); + $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path); return TRUE; } @@ -834,7 +834,7 @@ class CI_Upload { $current = ini_get('memory_limit') * 1024 * 1024; // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output - // into scientific notation. number_format() ensures this number is an integer + // into scientific notation. number_format() ensures this number is an integer // http://bugs.php.net/bug.php?id=43053 $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', ''); @@ -844,8 +844,8 @@ class CI_Upload { // If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but // IE can be fooled into mime-type detecting a malformed image as an html file, thus executing an XSS attack on anyone - // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this - // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of + // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this + // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of // processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an // attempted XSS attack. @@ -933,7 +933,7 @@ class CI_Upload { /** * List of Mime Types * - * This is a list of mime types. We use it to validate + * This is a list of mime types. We use it to validate * the "allowed types" set by the developer * * @param string -- cgit v1.2.3-24-g4f1b