From fdf4b59e7734e3417c745a651382dec8bf556ed0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 6 Jul 2017 11:49:13 +0300 Subject: [ci skip] Merge pull request #5170 from tianhe1986/develop_session_race_condition Decreasing the probability of race condition in session lock --- system/libraries/Session/drivers/Session_memcached_driver.php | 5 +++-- system/libraries/Session/drivers/Session_redis_driver.php | 6 +++++- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index 2556bf0f7..5e90539d7 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -310,7 +310,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa if ( ! $this->_memcached->replace($this->_lock_key, time(), 300)) { return ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND) - ? $this->_memcached->set($this->_lock_key, time(), 300) + ? $this->_memcached->add($this->_lock_key, time(), 300) : FALSE; } } @@ -326,7 +326,8 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa continue; } - if ( ! $this->_memcached->set($lock_key, time(), 300)) + $method = ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND) ? 'add' : 'set'; + if ( ! $this->_memcached->$method($lock_key, time(), 300)) { log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); return FALSE; diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index e220a2951..a9e655a8c 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -341,7 +341,11 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle continue; } - if ( ! $this->_redis->setex($lock_key, 300, time())) + $result = ($ttl === -2) + ? $this->_redis->set($lock_key, time(), array('nx', 'ex' => 300)) + : $this->_redis->setex($lock_key, 300, time()); + + if ( ! $result) { log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); return FALSE; -- cgit v1.2.3-24-g4f1b From 9c068a1cfca6fbafb1013f0966207ac65bd120ea Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 10 Jul 2017 14:40:06 +0300 Subject: [ci skip] Merge pull request #5128 from lloricode/profiler-pre-tag Profiler add pre tag --- system/libraries/Profiler.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index 9ea09a529..cb3eaed75 100644 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -484,13 +484,19 @@ class CI_Profiler { foreach ($this->CI->config->config as $config => $val) { + $pre = ''; + $pre_close = ''; + if (is_array($val) OR is_object($val)) { $val = print_r($val, TRUE); + + $pre = '
' ;
+ 				$pre_close = '
'; } $output .= '' - .$config.'  '.htmlspecialchars($val, ENT_QUOTES, config_item('charset'))."\n"; + .$config.'  '.$pre.htmlspecialchars($val, ENT_QUOTES, config_item('charset')).$pre_close."\n"; } return $output."\n"; @@ -516,13 +522,19 @@ class CI_Profiler { foreach ($this->CI->session->userdata() as $key => $val) { + $pre = ''; + $pre_close = ''; + if (is_array($val) OR is_object($val)) { $val = print_r($val, TRUE); + + $pre = '
' ;
+ 				$pre_close = '
'; } $output .= '' - .$key.'  '.htmlspecialchars($val, ENT_QUOTES, config_item('charset'))."\n"; + .$key.'  '.$pre.htmlspecialchars($val, ENT_QUOTES, config_item('charset')).$pre_close."\n"; } return $output."\n"; -- cgit v1.2.3-24-g4f1b From 6cab78970f212a30ea923835510ffd1fb77a6ad0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 17 Jul 2017 13:14:00 +0300 Subject: [ci skip] escapeshellarg on the image src path passed to NetPBM by Image_lib --- system/libraries/Image_lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index 88c9e7ede..8786d9d02 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -972,7 +972,7 @@ class CI_Image_lib { $cmd_inner = 'pnmscale -xysize '.$this->width.' '.$this->height; } - $cmd = $this->library_path.$cmd_in.' '.$this->full_src_path.' | '.$cmd_inner.' | '.$cmd_out.' > '.$this->dest_folder.'netpbm.tmp'; + $cmd = $this->library_path.$cmd_in.' '.escapeshellarg($this->full_src_path).' | '.$cmd_inner.' | '.$cmd_out.' > '.$this->dest_folder.'netpbm.tmp'; $retval = 1; // exec() might be disabled -- cgit v1.2.3-24-g4f1b From de3ac40bf40d21a994d170788792557e4e431f37 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 26 Jul 2017 17:46:51 +0300 Subject: [ci skip] Close #5206 --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index b37cc2f59..0ad8dd375 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1312,7 +1312,7 @@ class CI_Upload { } } - // Fall back to the deprecated mime_content_type(), if available (still better than $_FILES[$field]['type']) + // Fall back to mime_content_type(), if available (still better than $_FILES[$field]['type']) if (function_exists('mime_content_type')) { $this->file_type = @mime_content_type($file['tmp_name']); -- cgit v1.2.3-24-g4f1b From 88c1a597360f5b63371c119b64e913c9238c75b8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 25 Sep 2017 14:39:34 +0300 Subject: [ci skip] Fix potential object injection in apc cache driver; deprecate the apc driver --- system/libraries/Cache/drivers/Cache_apc.php | 48 +++++++++++++--------------- 1 file changed, 22 insertions(+), 26 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php index f2b61adb1..c873eb640 100644 --- a/system/libraries/Cache/drivers/Cache_apc.php +++ b/system/libraries/Cache/drivers/Cache_apc.php @@ -80,14 +80,7 @@ class CI_Cache_apc extends CI_Driver { $success = FALSE; $data = apc_fetch($id, $success); - if ($success === TRUE) - { - return is_array($data) - ? unserialize($data[0]) - : $data; - } - - return FALSE; + return ($success === TRUE) ? $data : FALSE; } // ------------------------------------------------------------------------ @@ -98,18 +91,12 @@ class CI_Cache_apc extends CI_Driver { * @param string $id Cache ID * @param mixed $data Data to store * @param int $ttl Length of time (in seconds) to cache the data - * @param bool $raw Whether to store the raw value + * @param bool $raw Whether to store the raw value (unused) * @return bool TRUE on success, FALSE on failure */ public function save($id, $data, $ttl = 60, $raw = FALSE) { - $ttl = (int) $ttl; - - return apc_store( - $id, - ($raw === TRUE ? $data : array(serialize($data), time(), $ttl)), - $ttl - ); + return apc_store($id, $data, (int) $ttl); } // ------------------------------------------------------------------------ @@ -188,21 +175,30 @@ class CI_Cache_apc extends CI_Driver { */ public function get_metadata($id) { - $success = FALSE; - $stored = apc_fetch($id, $success); - - if ($success === FALSE OR count($stored) !== 3) + $cache_info = apc_cache_info('user', FALSE); + if (empty($cache_info) OR empty($cache_info['cache_list'])) { return FALSE; } - list($data, $time, $ttl) = $stored; + foreach ($cache_info['cache_list'] as &$entry) + { + if ($entry['info'] !== $id) + { + continue; + } + + $success = FALSE; + $metadata = array( + 'expire' => ($entry['ttl'] ? $entry['mtime'] + $entry['ttl'] : 0), + 'mtime' => $entry['ttl'], + 'data' => apc_fetch($id, $success) + ); + + return ($success === TRUE) ? $metadata : FALSE; + } - return array( - 'expire' => $time + $ttl, - 'mtime' => $time, - 'data' => unserialize($data) - ); + return FALSE; } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b