403 Forbidden

From 7da60d95e077df53ed56460903eb68c20c2eba9f Mon Sep 17 00:00:00 2001 From: PlamenVasilev Date: Mon, 5 Aug 2013 13:49:03 +0300 Subject: Suhosin compatible emails Fix problems with Suhosin and sending emails trough php mail() --- system/libraries/Email.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index d01d5c197..ebe7fe4d9 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1032,7 +1032,7 @@ class CI_Email { if ($this->_get_protocol() == 'mail') { - $this->_header_str .= $hdr; + $this->_header_str .= rtrim($hdr); $this->_finalbody = $this->_body; } else @@ -1070,7 +1070,7 @@ class CI_Email { if ($this->_get_protocol() == 'mail') { - $this->_header_str .= $hdr; + $this->_header_str .= rtrim($hdr); } else { @@ -1092,7 +1092,7 @@ class CI_Email { if ($this->_get_protocol() == 'mail') { - $this->_header_str .= $hdr; + $this->_header_str .= rtrim($hdr); } $body .= $this->_get_mime_message() . $this->newline . $this->newline; @@ -1110,7 +1110,7 @@ class CI_Email { if ($this->_get_protocol() == 'mail') { - $this->_header_str .= $hdr; + $this->_header_str .= rtrim($hdr); } $body .= $this->_get_mime_message() . $this->newline . $this->newline; -- cgit v1.2.3-24-g4f1b From 3708f071b3db08c969ec1eb2c17a56c56ddd6144 Mon Sep 17 00:00:00 2001 From: Ender Teszla Date: Thu, 27 Feb 2014 22:56:23 +0400 Subject: Deleted useless .htaccess file, added missed index.html files. --- system/libraries/Cache/drivers/index.html | 10 ++++++++++ system/libraries/Cache/index.html | 10 ++++++++++ system/libraries/javascript/index.html | 10 ++++++++++ 3 files changed, 30 insertions(+) create mode 100644 system/libraries/Cache/drivers/index.html create mode 100644 system/libraries/Cache/index.html create mode 100644 system/libraries/javascript/index.html (limited to 'system/libraries') diff --git a/system/libraries/Cache/drivers/index.html b/system/libraries/Cache/drivers/index.html new file mode 100644 index 000000000..c942a79ce --- /dev/null +++ b/system/libraries/Cache/drivers/index.html @@ -0,0 +1,10 @@ + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + \ No newline at end of file diff --git a/system/libraries/Cache/index.html b/system/libraries/Cache/index.html new file mode 100644 index 000000000..c942a79ce --- /dev/null +++ b/system/libraries/Cache/index.html @@ -0,0 +1,10 @@ + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + \ No newline at end of file diff --git a/system/libraries/javascript/index.html b/system/libraries/javascript/index.html new file mode 100644 index 000000000..c942a79ce --- /dev/null +++ b/system/libraries/javascript/index.html @@ -0,0 +1,10 @@ + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + \ No newline at end of file -- cgit v1.2.3-24-g4f1b From df09d3940c8ecc95d96099a34a5515fe1c985146 Mon Sep 17 00:00:00 2001 From: Quinn Chrzan Date: Thu, 29 May 2014 17:33:34 -0400 Subject: Removing xor_encode from Encrypt library --- system/libraries/Encrypt.php | 77 +++++++++----------------------------------- 1 file changed, 15 insertions(+), 62 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index b30a8cf0b..b6758d98f 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -18,7 +18,7 @@ /** * CodeIgniter Encryption Class * - * Provides two-way keyed encoding using XOR Hashing and Mcrypt + * Provides two-way keyed encoding using Mcrypt * * @package CodeIgniter * @subpackage Libraries @@ -45,6 +45,12 @@ class CI_Encrypt { { $this->CI =& get_instance(); $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE; + + if ($this->_mcrypt_exists === FALSE) + { + show_error('The Encrypt library requires the Mcrypt extension.'); + } + log_message('debug', "Encrypt Class Initialized"); } @@ -103,10 +109,10 @@ class CI_Encrypt { * Encodes the message string using bitwise XOR encoding. * The key is combined with a random hash, and then it * too gets converted using XOR. The whole thing is then run - * through mcrypt (if supported) using the randomized key. - * The end result is a double-encrypted message string - * that is randomized with each call to this function, - * even if the supplied message and key are the same. + * through mcrypt using the randomized key. The end result + * is a double-encrypted message string that is randomized + * with each call to this function, even if the supplied + * message and key are the same. * * @access public * @param string the string to encode @@ -116,15 +122,7 @@ class CI_Encrypt { function encode($string, $key = '') { $key = $this->get_key($key); - - if ($this->_mcrypt_exists === TRUE) - { - $enc = $this->mcrypt_encode($string, $key); - } - else - { - $enc = $this->_xor_encode($string, $key); - } + $enc = $this->mcrypt_encode($string, $key); return base64_encode($enc); } @@ -152,16 +150,9 @@ class CI_Encrypt { $dec = base64_decode($string); - if ($this->_mcrypt_exists === TRUE) - { - if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) - { - return FALSE; - } - } - else + if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) { - $dec = $this->_xor_decode($dec, $key); + return FALSE; } return $dec; @@ -187,12 +178,6 @@ class CI_Encrypt { */ function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') { - if ($this->_mcrypt_exists === FALSE) - { - log_message('error', 'Encoding from legacy is available only when Mcrypt is in use.'); - return FALSE; - } - // decode it first // set mode temporarily to what it was when string was encoded with the legacy // algorithm - typically MCRYPT_MODE_ECB @@ -224,38 +209,6 @@ class CI_Encrypt { // -------------------------------------------------------------------- - /** - * XOR Encode - * - * Takes a plain-text string and key as input and generates an - * encoded bit-string using XOR - * - * @access private - * @param string - * @param string - * @return string - */ - function _xor_encode($string, $key) - { - $rand = ''; - while (strlen($rand) < 32) - { - $rand .= mt_rand(0, mt_getrandmax()); - } - - $rand = $this->hash($rand); - - $enc = ''; - for ($i = 0; $i < strlen($string); $i++) - { - $enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1)); - } - - return $this->_xor_merge($enc, $key); - } - - // -------------------------------------------------------------------- - /** * XOR Decode * @@ -544,4 +497,4 @@ class CI_Encrypt { // END CI_Encrypt class /* End of file Encrypt.php */ -/* Location: ./system/libraries/Encrypt.php */ \ No newline at end of file +/* Location: ./system/libraries/Encrypt.php */ -- cgit v1.2.3-24-g4f1b From 0b18634e32efbafb83746c123b7d058b1570a01d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 31 May 2014 20:29:09 +0300 Subject: Changelog messages, bump year in copyright notices --- system/libraries/Cache/Cache.php | 36 +++++++++---------- system/libraries/Cache/drivers/Cache_apc.php | 38 +++++++++----------- system/libraries/Cache/drivers/Cache_dummy.php | 7 ++-- system/libraries/Cache/drivers/Cache_file.php | 38 ++++++++++---------- system/libraries/Cache/drivers/Cache_memcached.php | 40 ++++++++++------------ system/libraries/Calendar.php | 2 +- system/libraries/Cart.php | 3 +- system/libraries/Driver.php | 8 ++--- system/libraries/Email.php | 2 +- system/libraries/Encrypt.php | 2 +- system/libraries/Form_validation.php | 2 +- system/libraries/Ftp.php | 2 +- system/libraries/Image_lib.php | 2 +- system/libraries/Javascript.php | 2 +- system/libraries/Log.php | 2 +- system/libraries/Migration.php | 3 +- system/libraries/Pagination.php | 2 +- system/libraries/Parser.php | 2 +- system/libraries/Profiler.php | 2 +- system/libraries/Session.php | 2 +- system/libraries/Sha1.php | 2 +- system/libraries/Table.php | 2 +- system/libraries/Trackback.php | 2 +- system/libraries/Typography.php | 2 +- system/libraries/Unit_test.php | 2 +- system/libraries/Upload.php | 2 +- system/libraries/User_agent.php | 2 +- system/libraries/Xmlrpc.php | 2 +- system/libraries/Xmlrpcs.php | 2 +- system/libraries/Zip.php | 2 +- system/libraries/javascript/Jquery.php | 14 ++++---- 31 files changed, 107 insertions(+), 124 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Cache/Cache.php b/system/libraries/Cache/Cache.php index 261fc367b..673e63de3 100644 --- a/system/libraries/Cache/Cache.php +++ b/system/libraries/Cache/Cache.php @@ -2,30 +2,30 @@ /** * CodeIgniter * - * An open source application development framework for PHP 4.3.2 or newer + * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2014 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 - * @filesource + * @filesource */ // ------------------------------------------------------------------------ /** - * CodeIgniter Caching Class + * CodeIgniter Caching Class * * @package CodeIgniter * @subpackage Libraries * @category Core * @author ExpressionEngine Dev Team - * @link + * @link */ class CI_Cache extends CI_Driver_Library { - + protected $valid_drivers = array( 'cache_apc', 'cache_file', 'cache_memcached', 'cache_dummy' ); @@ -33,7 +33,7 @@ class CI_Cache extends CI_Driver_Library { protected $_cache_path = NULL; // Path of cache files (if file-based cache) protected $_adapter = 'dummy'; protected $_backup_driver; - + // ------------------------------------------------------------------------ /** @@ -52,16 +52,16 @@ class CI_Cache extends CI_Driver_Library { // ------------------------------------------------------------------------ /** - * Get + * Get * - * Look for a value in the cache. If it exists, return the data + * Look for a value in the cache. If it exists, return the data * if not, return FALSE * - * @param string + * @param string * @return mixed value that is stored/FALSE on failure */ public function get($id) - { + { return $this->{$this->_adapter}->get($id); } @@ -112,7 +112,7 @@ class CI_Cache extends CI_Driver_Library { * Cache Info * * @param string user/filehits - * @return mixed array on success, false on failure + * @return mixed array on success, false on failure */ public function cache_info($type = 'user') { @@ -120,7 +120,7 @@ class CI_Cache extends CI_Driver_Library { } // ------------------------------------------------------------------------ - + /** * Get Cache Metadata * @@ -131,7 +131,7 @@ class CI_Cache extends CI_Driver_Library { { return $this->{$this->_adapter}->get_metadata($id); } - + // ------------------------------------------------------------------------ /** @@ -139,11 +139,11 @@ class CI_Cache extends CI_Driver_Library { * * Initialize class properties based on the configuration array. * - * @param array + * @param array * @return void */ private function _initialize($config) - { + { $default_config = array( 'adapter', 'memcached' @@ -207,10 +207,8 @@ class CI_Cache extends CI_Driver_Library { return $obj; } - - // ------------------------------------------------------------------------ + } -// End Class /* End of file Cache.php */ /* Location: ./system/libraries/Cache/Cache.php */ \ No newline at end of file diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php index f750e6cb7..fdc740138 100644 --- a/system/libraries/Cache/drivers/Cache_apc.php +++ b/system/libraries/Cache/drivers/Cache_apc.php @@ -6,34 +6,34 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2014 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 - * @filesource + * @filesource */ // ------------------------------------------------------------------------ /** - * CodeIgniter APC Caching Class + * CodeIgniter APC Caching Class * * @package CodeIgniter * @subpackage Libraries * @category Core * @author ExpressionEngine Dev Team - * @link + * @link */ class CI_Cache_apc extends CI_Driver { /** - * Get + * Get * - * Look for a value in the cache. If it exists, return the data + * Look for a value in the cache. If it exists, return the data * if not, return FALSE * - * @param string + * @param string * @return mixed value that is stored/FALSE on failure */ public function get($id) @@ -43,8 +43,8 @@ class CI_Cache_apc extends CI_Driver { return (is_array($data)) ? $data[0] : FALSE; } - // ------------------------------------------------------------------------ - + // ------------------------------------------------------------------------ + /** * Cache Save * @@ -58,7 +58,7 @@ class CI_Cache_apc extends CI_Driver { { return apc_store($id, array($data, time(), $ttl), $ttl); } - + // ------------------------------------------------------------------------ /** @@ -90,12 +90,12 @@ class CI_Cache_apc extends CI_Driver { * Cache Info * * @param string user/filehits - * @return mixed array on success, false on failure + * @return mixed array on success, false on failure */ - public function cache_info($type = NULL) - { - return apc_cache_info($type); - } + public function cache_info($type = NULL) + { + return apc_cache_info($type); + } // ------------------------------------------------------------------------ @@ -137,15 +137,11 @@ class CI_Cache_apc extends CI_Driver { log_message('error', 'The APC PHP extension must be loaded to use APC Cache.'); return FALSE; } - + return TRUE; } - // ------------------------------------------------------------------------ - - } -// End Class /* End of file Cache_apc.php */ -/* Location: ./system/libraries/Cache/drivers/Cache_apc.php */ +/* Location: ./system/libraries/Cache/drivers/Cache_apc.php */ \ No newline at end of file diff --git a/system/libraries/Cache/drivers/Cache_dummy.php b/system/libraries/Cache/drivers/Cache_dummy.php index b11b5b8fc..6c38e91ad 100644 --- a/system/libraries/Cache/drivers/Cache_dummy.php +++ b/system/libraries/Cache/drivers/Cache_dummy.php @@ -2,11 +2,11 @@ /** * CodeIgniter * - * An open source application development framework for PHP 4.3.2 or newer + * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2014 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 @@ -120,10 +120,7 @@ class CI_Cache_dummy extends CI_Driver { return TRUE; } - // ------------------------------------------------------------------------ - } -// End Class /* End of file Cache_dummy.php */ /* Location: ./system/libraries/Cache/drivers/Cache_dummy.php */ \ No newline at end of file diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php index e515eebf1..50602b4b8 100644 --- a/system/libraries/Cache/drivers/Cache_file.php +++ b/system/libraries/Cache/drivers/Cache_file.php @@ -2,27 +2,27 @@ /** * CodeIgniter * - * An open source application development framework for PHP 4.3.2 or newer + * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2014 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 - * @filesource + * @filesource */ // ------------------------------------------------------------------------ /** - * CodeIgniter Memcached Caching Class + * CodeIgniter Memcached Caching Class * * @package CodeIgniter * @subpackage Libraries * @category Core * @author ExpressionEngine Dev Team - * @link + * @link */ class CI_Cache_file extends CI_Driver { @@ -36,9 +36,9 @@ class CI_Cache_file extends CI_Driver { { $CI =& get_instance(); $CI->load->helper('file'); - + $path = $CI->config->item('cache_path'); - + $this->_cache_path = ($path == '') ? APPPATH.'cache/' : $path; } @@ -56,16 +56,16 @@ class CI_Cache_file extends CI_Driver { { return FALSE; } - + $data = read_file($this->_cache_path.$id); $data = unserialize($data); - + if (time() > $data['time'] + $data['ttl']) { unlink($this->_cache_path.$id); return FALSE; } - + return $data['data']; } @@ -76,22 +76,22 @@ class CI_Cache_file extends CI_Driver { * * @param string unique key * @param mixed data to store - * @param int length of time (in seconds) the cache is valid - * - Default is 60 seconds + * @param int length of time (in seconds) the cache is valid + * - Default is 60 seconds * @return boolean true on success/false on failure */ public function save($id, $data, $ttl = 60) - { + { $contents = array( 'time' => time(), - 'ttl' => $ttl, + 'ttl' => $ttl, 'data' => $data ); - + if (write_file($this->_cache_path.$id, serialize($contents))) { @chmod($this->_cache_path.$id, 0777); - return TRUE; + return TRUE; } return FALSE; @@ -116,7 +116,7 @@ class CI_Cache_file extends CI_Driver { * Clean the Cache * * @return boolean false on failure/true on success - */ + */ public function clean() { return delete_files($this->_cache_path); @@ -179,7 +179,7 @@ class CI_Cache_file extends CI_Driver { * Is supported * * In the file driver, check to see that the cache directory is indeed writable - * + * * @return boolean */ public function is_supported() @@ -187,9 +187,7 @@ class CI_Cache_file extends CI_Driver { return is_really_writable($this->_cache_path); } - // ------------------------------------------------------------------------ } -// End Class /* End of file Cache_file.php */ /* Location: ./system/libraries/Cache/drivers/Cache_file.php */ \ No newline at end of file diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php index 747842091..f9d578b93 100644 --- a/system/libraries/Cache/drivers/Cache_memcached.php +++ b/system/libraries/Cache/drivers/Cache_memcached.php @@ -2,27 +2,27 @@ /** * CodeIgniter * - * An open source application development framework for PHP 4.3.2 or newer + * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2014 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 - * @filesource + * @filesource */ // ------------------------------------------------------------------------ /** - * CodeIgniter Memcached Caching Class + * CodeIgniter Memcached Caching Class * * @package CodeIgniter * @subpackage Libraries * @category Core * @author ExpressionEngine Dev Team - * @link + * @link */ class CI_Cache_memcached extends CI_Driver { @@ -37,18 +37,18 @@ class CI_Cache_memcached extends CI_Driver { ) ); - // ------------------------------------------------------------------------ + // ------------------------------------------------------------------------ /** * Fetch from cache * * @param mixed unique key id * @return mixed data on success/false on failure - */ + */ public function get($id) - { + { $data = $this->_memcached->get($id); - + return (is_array($data)) ? $data[0] : FALSE; } @@ -72,12 +72,12 @@ class CI_Cache_memcached extends CI_Driver { { return $this->_memcached->set($id, array($data, time(), $ttl), 0, $ttl); } - + return FALSE; } // ------------------------------------------------------------------------ - + /** * Delete from Cache * @@ -90,7 +90,7 @@ class CI_Cache_memcached extends CI_Driver { } // ------------------------------------------------------------------------ - + /** * Clean the Cache * @@ -115,7 +115,7 @@ class CI_Cache_memcached extends CI_Driver { } // ------------------------------------------------------------------------ - + /** * Get Cache Metadata * @@ -158,10 +158,10 @@ class CI_Cache_memcached extends CI_Driver { foreach ($CI->config->config['memcached'] as $name => $conf) { $this->_memcache_conf[$name] = $conf; - } - } + } + } } - + $this->_memcached = new Memcached(); foreach ($this->_memcache_conf as $name => $cache_server) @@ -170,7 +170,7 @@ class CI_Cache_memcached extends CI_Driver { { $cache_server['hostname'] = $this->_default_options['default_host']; } - + if ( ! array_key_exists('port', $cache_server)) { $cache_server['port'] = $this->_default_options['default_port']; @@ -201,18 +201,14 @@ class CI_Cache_memcached extends CI_Driver { if ( ! extension_loaded('memcached')) { log_message('error', 'The Memcached Extension must be loaded to use Memcached Cache.'); - return FALSE; } - + $this->_setup_memcached(); return TRUE; } - // ------------------------------------------------------------------------ - } -// End Class /* End of file Cache_memcached.php */ /* Location: ./system/libraries/Cache/drivers/Cache_memcached.php */ \ No newline at end of file diff --git a/system/libraries/Calendar.php b/system/libraries/Calendar.php index df0fd6eeb..626097a9b 100644 --- a/system/libraries/Calendar.php +++ b/system/libraries/Calendar.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index da47b5a19..86a01f796 100644 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -546,7 +546,6 @@ class CI_Cart { } -// END Cart Class /* End of file Cart.php */ /* Location: ./system/libraries/Cart.php */ \ No newline at end of file diff --git a/system/libraries/Driver.php b/system/libraries/Driver.php index 4912c4aa7..9ae7b0c7c 100644 --- a/system/libraries/Driver.php +++ b/system/libraries/Driver.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -43,11 +43,11 @@ class CI_Driver_Library { // The class will be prefixed with the parent lib $child_class = $this->lib_name.'_'.$child; - + // Remove the CI_ prefix and lowercase $lib_name = ucfirst(strtolower(str_replace('CI_', '', $this->lib_name))); $driver_name = strtolower(str_replace('CI_', '', $child_class)); - + if (in_array($driver_name, array_map('strtolower', $this->valid_drivers))) { // check and see if the driver is in a separate file @@ -220,8 +220,6 @@ class CI_Driver { } } - // -------------------------------------------------------------------- - } // END CI_Driver CLASS diff --git a/system/libraries/Email.php b/system/libraries/Email.php index ebe7fe4d9..10cbc346d 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index b6758d98f..8e5c1fe53 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 9aab5da4b..3839fe42b 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Ftp.php b/system/libraries/Ftp.php index d7a8b3b02..1656dfb47 100644 --- a/system/libraries/Ftp.php +++ b/system/libraries/Ftp.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Image_lib.php b/system/libraries/Image_lib.php index 21ec2cb4b..eccfe41c7 100644 --- a/system/libraries/Image_lib.php +++ b/system/libraries/Image_lib.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Javascript.php b/system/libraries/Javascript.php index 34e0d7001..a26bb8400 100644 --- a/system/libraries/Javascript.php +++ b/system/libraries/Javascript.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Log.php b/system/libraries/Log.php index 9f1db76ba..6d3f9094d 100644 --- a/system/libraries/Log.php +++ b/system/libraries/Log.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php index ffa640ba6..241ce1e59 100644 --- a/system/libraries/Migration.php +++ b/system/libraries/Migration.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -322,6 +322,7 @@ class CI_Migration { { return get_instance()->$var; } + } /* End of file Migration.php */ diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php index cdaacf2d4..8b3aa8748 100644 --- a/system/libraries/Pagination.php +++ b/system/libraries/Pagination.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Parser.php b/system/libraries/Parser.php index d223da020..4d31f81c7 100644 --- a/system/libraries/Parser.php +++ b/system/libraries/Parser.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php index 882a82c1f..2fe21db11 100644 --- a/system/libraries/Profiler.php +++ b/system/libraries/Profiler.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 891fdd36a..53b914fbd 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Sha1.php b/system/libraries/Sha1.php index 1a657572b..33778f965 100644 --- a/system/libraries/Sha1.php +++ b/system/libraries/Sha1.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Table.php b/system/libraries/Table.php index def696776..a2353d1e1 100644 --- a/system/libraries/Table.php +++ b/system/libraries/Table.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.3.1 diff --git a/system/libraries/Trackback.php b/system/libraries/Trackback.php index b0a767822..898553cd1 100644 --- a/system/libraries/Trackback.php +++ b/system/libraries/Trackback.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Typography.php b/system/libraries/Typography.php index 734cec104..b30582d8a 100644 --- a/system/libraries/Typography.php +++ b/system/libraries/Typography.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Unit_test.php b/system/libraries/Unit_test.php index 5bd7e801a..b8919e1e5 100644 --- a/system/libraries/Unit_test.php +++ b/system/libraries/Unit_test.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.3.1 diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 0e5d73b19..c188c39bc 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php index 0b77a7d42..9b0d87134 100644 --- a/system/libraries/User_agent.php +++ b/system/libraries/User_agent.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php index d702e902f..f0f53cefe 100644 --- a/system/libraries/Xmlrpc.php +++ b/system/libraries/Xmlrpc.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Xmlrpcs.php b/system/libraries/Xmlrpcs.php index 9cd332147..d9d53c8a1 100644 --- a/system/libraries/Xmlrpcs.php +++ b/system/libraries/Xmlrpcs.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Zip.php b/system/libraries/Zip.php index 666327d5c..ffff3f340 100644 --- a/system/libraries/Zip.php +++ b/system/libraries/Zip.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/javascript/Jquery.php b/system/libraries/javascript/Jquery.php index baab83d25..48d8b3e57 100644 --- a/system/libraries/javascript/Jquery.php +++ b/system/libraries/javascript/Jquery.php @@ -3,7 +3,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 4.3.2 or newer + * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team @@ -23,7 +23,7 @@ * @category Loader * @link http://www.codeigniter.com/user_guide/libraries/javascript.html */ - + class CI_Jquery extends CI_Javascript { var $_javascript_folder = 'js'; @@ -36,18 +36,18 @@ class CI_Jquery extends CI_Javascript { public function __construct($params) { - $this->CI =& get_instance(); + $this->CI =& get_instance(); extract($params); if ($autoload === TRUE) { - $this->script(); + $this->script(); } - + log_message('debug', "Jquery Class Initialized"); } - - // -------------------------------------------------------------------- + + // -------------------------------------------------------------------- // Event Code // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 916b176594bcf175417423f33711ac0cbb4082e7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 31 May 2014 21:00:05 +0300 Subject: Backport HMAC authentication for CI_Session --- system/libraries/Session.php | 56 +++++++++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 22 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 53b914fbd..89c699765 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -144,24 +144,36 @@ class CI_Session { return FALSE; } - // Decrypt the cookie data - if ($this->sess_encrypt_cookie == TRUE) + // HMAC authentication + if (($len = strlen($session) - 40) <= 0) { - $session = $this->CI->encrypt->decode($session); + log_message('error', 'Session: The session cookie was not signed.'); + return FALSE; } - else + + // Check cookie authentication + $hmac = substr($session, $len); + $session = substr($session, 0, $len); + + // Time-attack-safe comparison + $hmac_check = hash_hmac('sha1', $session, $this->encryption_key); + $diff = 0; + for ($i = 0; $i < 40; $i++) { - // encryption was not used, so we need to check the md5 hash - $hash = substr($session, strlen($session)-32); // get last 32 chars - $session = substr($session, 0, strlen($session)-32); + $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]); + } - // Does the md5 hash match? This is to prevent manipulation of session data in userspace - if ($hash !== md5($session.$this->encryption_key)) - { - log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.'); - $this->sess_destroy(); - return FALSE; - } + if ($diff !== 0) + { + log_message('error', 'Session: HMAC mismatch. The session cookie data did not match what was expected.'); + $this->sess_destroy(); + return FALSE; + } + + // Decrypt the cookie data + if ($this->sess_encrypt_cookie == TRUE) + { + $session = $this->CI->encrypt->decode($session); } // Unserialize the session array @@ -659,20 +671,20 @@ class CI_Session { else { // if encryption is not used, we provide an md5 hash to prevent userside tampering - $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key); + $cookie_data .= hash_hmac('sha1', $cookie_data, $this->encryption_key); } $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time(); // Set the cookie setcookie( - $this->sess_cookie_name, - $cookie_data, - $expire, - $this->cookie_path, - $this->cookie_domain, - $this->cookie_secure - ); + $this->sess_cookie_name, + $cookie_data, + $expire, + $this->cookie_path, + $this->cookie_domain, + $this->cookie_secure + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b