From 6700b93c4d7a16e7288e4e2cd3223093926666ea Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:25:33 +0300 Subject: Added _file_mime_type() method to system/libraries/Upload.php in order to fix a possible MIME-type injection (issue #60) --- system/libraries/Upload.php | 68 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 2 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 3177424c4..93f763ed9 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -196,7 +196,8 @@ class CI_Upload { // Set the uploaded data as class variables $this->file_temp = $_FILES[$field]['tmp_name']; $this->file_size = $_FILES[$field]['size']; - $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); + $this->_file_mime_type($_FILES[$field]); + $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); $this->file_ext = $this->get_extension($this->file_name); @@ -1006,8 +1007,71 @@ class CI_Upload { // -------------------------------------------------------------------- + /** + * File MIME type + * + * Detects the (actual) MIME type of the uploaded file, if possible. + * The input array is expected to be $_FILES[$field] + * + * @param array + * @return void + */ + protected function _file_mime_type($file) + { + $file_type = ''; + + // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) + if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) + { + $finfo = new finfo(FILEINFO_MIME_TYPE); + if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system + { + $file_type = $finfo->file($file['tmp_name']); + + /* According to the comments section of the PHP manual page, + * it is possible that this function returns an empty string + * for some files (e.g. if they don't exist in the magic MIME database. + */ + if (strlen($file_type) > 1) + { + $this->file_type = $file_info; + return; + } + } + } + + // Fall back to the deprecated mime_content_type(), if available + if (function_exists('mime_content_type')) + { + $this->file_type = @mime_content_type($file['tmp_name']); + return; + } + + /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type, + * which is still more secure than depending on the value of $_FILES[$field]['type']. + * + * Notes: + * - a 'W' in the substr() expression bellow, would mean that we're using Windows + * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check + */ + if (substr(PHP_OS, 0, 1) !== 'W' && function_exists('exec')) + { + $output = array(); + @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); + if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution + { + $this->file_type = rtrim($output[0]); + return; + } + } + + $this->file_type = $file['type']; + } + + // -------------------------------------------------------------------- + } // END Upload Class /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ \ No newline at end of file +/* Location: ./system/libraries/Upload.php */ -- cgit v1.2.3-24-g4f1b From 6a12d8faba9dcb4f321700c86d047f7b6a4f1780 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:35:10 +0300 Subject: Remove an unnecessary variable initialization --- system/libraries/Upload.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 93f763ed9..04abc9ac6 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1018,8 +1018,6 @@ class CI_Upload { */ protected function _file_mime_type($file) { - $file_type = ''; - // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) { -- cgit v1.2.3-24-g4f1b From 7bfb95b9c329a7905a20f9ebfeacccac7ffd7e41 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:45:44 +0300 Subject: Fix alignment with tabs instead of spaces --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 04abc9ac6..fd9c8b3e8 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1058,7 +1058,7 @@ class CI_Upload { @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution { - $this->file_type = rtrim($output[0]); + $this->file_type = rtrim($output[0]); return; } } -- cgit v1.2.3-24-g4f1b From f1649bf567aa769b283bb0b74ed8aee5b44a704b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 22:59:37 +0300 Subject: Fix an erroneus variable name and a typo in comments --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index fd9c8b3e8..a0f3e76bb 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1028,11 +1028,11 @@ class CI_Upload { /* According to the comments section of the PHP manual page, * it is possible that this function returns an empty string - * for some files (e.g. if they don't exist in the magic MIME database. + * for some files (e.g. if they don't exist in the magic MIME database) */ if (strlen($file_type) > 1) { - $this->file_type = $file_info; + $this->file_type = $file_type; return; } } -- cgit v1.2.3-24-g4f1b From c5efd10679a7b7b4010cd6cc30bd976d3fe8c1ef Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 4 Oct 2011 18:27:32 +0300 Subject: Change Windows OS detection approach --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index a0f3e76bb..05511b5d3 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1052,7 +1052,7 @@ class CI_Upload { * - a 'W' in the substr() expression bellow, would mean that we're using Windows * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check */ - if (substr(PHP_OS, 0, 1) !== 'W' && function_exists('exec')) + if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec')) { $output = array(); @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); -- cgit v1.2.3-24-g4f1b From b7263d152a3c29751e39fd74972707f62f51ca72 Mon Sep 17 00:00:00 2001 From: Mark Huot Date: Fri, 23 Sep 2011 08:20:29 -0400 Subject: resolve a difference between the two memcache set method parameters --- system/libraries/Cache/drivers/Cache_memcached.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php index ec2fd216a..fc586e025 100644 --- a/system/libraries/Cache/drivers/Cache_memcached.php +++ b/system/libraries/Cache/drivers/Cache_memcached.php @@ -64,7 +64,16 @@ class CI_Cache_memcached extends CI_Driver { */ public function save($id, $data, $ttl = 60) { - return $this->_memcached->add($id, array($data, time(), $ttl), $ttl); + if (get_class($this->_memcached) == 'Memcached') + { + return $this->_memcached->set($id, array($data, time(), $ttl), $ttl); + } + else if (get_class($this->_memcached) == 'Memcache') + { + return $this->_memcached->set($id, array($data, time(), $ttl), 0, $ttl); + } + + return FALSE; } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From d61ca42b08ccd1b0fb8654e1458500532896461b Mon Sep 17 00:00:00 2001 From: Bo-Yi Wu Date: Sat, 15 Oct 2011 12:02:32 +0800 Subject: Fix #576: using ini_get() to detect if apc is enabled or not --- system/libraries/Cache/drivers/Cache_apc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php index de75719c4..79d91b320 100644 --- a/system/libraries/Cache/drivers/Cache_apc.php +++ b/system/libraries/Cache/drivers/Cache_apc.php @@ -132,7 +132,7 @@ class CI_Cache_apc extends CI_Driver { */ public function is_supported() { - if ( ! extension_loaded('apc') OR ! function_exists('apc_store')) + if ( ! extension_loaded('apc') OR ini_get('apc.enabled') != "1") { log_message('error', 'The APC PHP extension must be loaded to use APC Cache.'); return FALSE; @@ -148,4 +148,4 @@ class CI_Cache_apc extends CI_Driver { // End Class /* End of file Cache_apc.php */ -/* Location: ./system/libraries/Cache/drivers/Cache_apc.php */ \ No newline at end of file +/* Location: ./system/libraries/Cache/drivers/Cache_apc.php */ -- cgit v1.2.3-24-g4f1b From 13095cbc1b1b0509ac8c984e7a5fd704d9826569 Mon Sep 17 00:00:00 2001 From: diegorivera Date: Wed, 19 Oct 2011 02:56:15 -0200 Subject: Update system/libraries/Email.php --- system/libraries/Email.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index e28c23a04..2916b9a13 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -379,7 +379,15 @@ class CI_Email { */ public function message($body) { - $this->_body = stripslashes(rtrim(str_replace("\r", "", $body))); + $this->_body = rtrim(str_replace("\r", "", $body)); + + //strip slashes only if magic quotes is ON + //if we do it with magic quotes OFF, it strips real, user-inputted chars. + if (get_magic_quotes_gpc()) + { + $this->_body = stripslashes($this->_body); + } + return $this; } -- cgit v1.2.3-24-g4f1b From 6eab49a844b3542a5efee6620233a86f645a30f5 Mon Sep 17 00:00:00 2001 From: diegorivera Date: Wed, 19 Oct 2011 11:18:45 -0200 Subject: I wasn't following the CI code style guide. --- system/libraries/Email.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 2916b9a13..5f8d48682 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -383,10 +383,10 @@ class CI_Email { //strip slashes only if magic quotes is ON //if we do it with magic quotes OFF, it strips real, user-inputted chars. - if (get_magic_quotes_gpc()) - { + if (get_magic_quotes_gpc()) + { $this->_body = stripslashes($this->_body); - } + } return $this; } -- cgit v1.2.3-24-g4f1b From 75b1f3991013c17cacac18e47879c483fe1cf542 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Oct 2011 10:11:59 +0300 Subject: get_magic_quotes_gpc() to be executed only if PHP version is 5.3 or lower --- system/libraries/Email.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 5f8d48682..c8b727c34 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -381,9 +381,13 @@ class CI_Email { { $this->_body = rtrim(str_replace("\r", "", $body)); - //strip slashes only if magic quotes is ON - //if we do it with magic quotes OFF, it strips real, user-inputted chars. - if (get_magic_quotes_gpc()) + /* strip slashes only if magic quotes is ON + if we do it with magic quotes OFF, it strips real, user-inputted chars. + + NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and + it will probably not exist in future versions at all. + */ + if ( ! is_php('5.4') && get_magic_quotes_gpc()) { $this->_body = stripslashes($this->_body); } -- cgit v1.2.3-24-g4f1b From 426ff851c2164651228a9a9bc10869301b19dbcc Mon Sep 17 00:00:00 2001 From: Kyle Farris Date: Mon, 29 Aug 2011 23:26:07 -0300 Subject: Added the 'user_data' key to the userdata property so that sessions using a database can be deleted properly when using the table schema found in the "Saving Session Data to a Database" section of the Session Class in the user guide. --- system/libraries/Session.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 2c8a80163..8ee08c5b2 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -317,7 +317,8 @@ class CI_Session { 'session_id' => md5(uniqid($sessid, TRUE)), 'ip_address' => $this->CI->input->ip_address(), 'user_agent' => substr($this->CI->input->user_agent(), 0, 120), - 'last_activity' => $this->now + 'last_activity' => $this->now, + 'user_data' => '' ); -- cgit v1.2.3-24-g4f1b From da8a560802501cb660952dccab3f3761352c323c Mon Sep 17 00:00:00 2001 From: Aaron Kuzemchak Date: Sat, 3 Sep 2011 20:59:07 -0400 Subject: Enables real page numbers for URI segment in Pagination library --- system/libraries/Pagination.php | 85 +++++++++++++++++++++++++++++++++++------ 1 file changed, 73 insertions(+), 12 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Pagination.php b/system/libraries/Pagination.php index cc62e660b..cdaacf2d4 100644 --- a/system/libraries/Pagination.php +++ b/system/libraries/Pagination.php @@ -34,6 +34,7 @@ class CI_Pagination { var $per_page = 10; // Max number of items you want shown per page var $num_links = 2; // Number of "digit" links to show before/after the currently viewed page var $cur_page = 0; // The current page being viewed + var $use_page_numbers = FALSE; // Use page number for segment instead of offset var $first_link = '‹ First'; var $next_link = '>'; var $prev_link = '<'; @@ -128,12 +129,22 @@ class CI_Pagination { return ''; } + // Set the base page index for starting page number + if ($this->use_page_numbers) + { + $base_page = 1; + } + else + { + $base_page = 0; + } + // Determine the current page number. $CI =& get_instance(); if ($CI->config->item('enable_query_strings') === TRUE OR $this->page_query_string === TRUE) { - if ($CI->input->get($this->query_string_segment) != 0) + if ($CI->input->get($this->query_string_segment) != $base_page) { $this->cur_page = $CI->input->get($this->query_string_segment); @@ -143,7 +154,7 @@ class CI_Pagination { } else { - if ($CI->uri->segment($this->uri_segment) != 0) + if ($CI->uri->segment($this->uri_segment) != $base_page) { $this->cur_page = $CI->uri->segment($this->uri_segment); @@ -151,6 +162,12 @@ class CI_Pagination { $this->cur_page = (int) $this->cur_page; } } + + // Set current page to 1 if using page numbers instead of offset + if ($this->use_page_numbers AND $this->cur_page == 0) + { + $this->cur_page = $base_page; + } $this->num_links = (int)$this->num_links; @@ -161,18 +178,32 @@ class CI_Pagination { if ( ! is_numeric($this->cur_page)) { - $this->cur_page = 0; + $this->cur_page = $base_page; } // Is the page number beyond the result range? // If so we show the last page - if ($this->cur_page > $this->total_rows) + if ($this->use_page_numbers) { - $this->cur_page = ($num_pages - 1) * $this->per_page; + if ($this->cur_page > $num_pages) + { + $this->cur_page = $num_pages; + } + } + else + { + if ($this->cur_page > $this->total_rows) + { + $this->cur_page = ($num_pages - 1) * $this->per_page; + } } $uri_page_number = $this->cur_page; - $this->cur_page = floor(($this->cur_page/$this->per_page) + 1); + + if ( ! $this->use_page_numbers) + { + $this->cur_page = floor(($this->cur_page/$this->per_page) + 1); + } // Calculate the start and end numbers. These determine // which number to start and end the digit links with @@ -203,7 +234,14 @@ class CI_Pagination { // Render the "previous" link if ($this->prev_link !== FALSE AND $this->cur_page != 1) { - $i = $uri_page_number - $this->per_page; + if ($this->use_page_numbers) + { + $i = $uri_page_number - 1; + } + else + { + $i = $uri_page_number - $this->per_page; + } if ($i == 0 && $this->first_url != '') { @@ -223,9 +261,16 @@ class CI_Pagination { // Write the digit links for ($loop = $start -1; $loop <= $end; $loop++) { - $i = ($loop * $this->per_page) - $this->per_page; + if ($this->use_page_numbers) + { + $i = $loop; + } + else + { + $i = ($loop * $this->per_page) - $this->per_page; + } - if ($i >= 0) + if ($i >= $base_page) { if ($this->cur_page == $loop) { @@ -233,7 +278,7 @@ class CI_Pagination { } else { - $n = ($i == 0) ? '' : $i; + $n = ($i == $base_page) ? '' : $i; if ($n == '' && $this->first_url != '') { @@ -253,13 +298,29 @@ class CI_Pagination { // Render the "next" link if ($this->next_link !== FALSE AND $this->cur_page < $num_pages) { - $output .= $this->next_tag_open.'anchor_class.'href="'.$this->base_url.$this->prefix.($this->cur_page * $this->per_page).$this->suffix.'">'.$this->next_link.''.$this->next_tag_close; + if ($this->use_page_numbers) + { + $i = $this->cur_page + 1; + } + else + { + $i = ($this->cur_page * $this->per_page); + } + + $output .= $this->next_tag_open.'anchor_class.'href="'.$this->base_url.$this->prefix.$i.$this->suffix.'">'.$this->next_link.''.$this->next_tag_close; } // Render the "Last" link if ($this->last_link !== FALSE AND ($this->cur_page + $this->num_links) < $num_pages) { - $i = (($num_pages * $this->per_page) - $this->per_page); + if ($this->use_page_numbers) + { + $i = $num_pages; + } + else + { + $i = (($num_pages * $this->per_page) - $this->per_page); + } $output .= $this->last_tag_open.'anchor_class.'href="'.$this->base_url.$this->prefix.$i.$this->suffix.'">'.$this->last_link.''.$this->last_tag_close; } -- cgit v1.2.3-24-g4f1b From f6bd296482ed5697b77f23901a16444bf96cb4f4 Mon Sep 17 00:00:00 2001 From: Syahril Zulkefli Date: Sun, 13 Nov 2011 23:46:58 +0800 Subject: Fix invalid datetime format --- system/libraries/Xmlrpc.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/libraries') diff --git a/system/libraries/Xmlrpc.php b/system/libraries/Xmlrpc.php index 5da6ea6ae..d702e902f 100644 --- a/system/libraries/Xmlrpc.php +++ b/system/libraries/Xmlrpc.php @@ -1404,14 +1404,14 @@ class XML_RPC_Values extends CI_Xmlrpc { if ($utc == 1) { - $t = strftime("%Y%m%dT%H:%M:%S", $time); + $t = strftime("%Y%m%dT%H:%i:%s", $time); } else { if (function_exists('gmstrftime')) - $t = gmstrftime("%Y%m%dT%H:%M:%S", $time); + $t = gmstrftime("%Y%m%dT%H:%i:%s", $time); else - $t = strftime("%Y%m%dT%H:%M:%S", $time - date('Z')); + $t = strftime("%Y%m%dT%H:%i:%s", $time - date('Z')); } return $t; } -- cgit v1.2.3-24-g4f1b From c78301cee7b648911601f663731ddb4871d1bba4 Mon Sep 17 00:00:00 2001 From: Radu Potop Date: Wed, 28 Sep 2011 13:57:51 +0300 Subject: Added TLS and SSL support to Email library. Fixes issue #171 --- system/libraries/Email.php | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'system/libraries') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index c8b727c34..9ec40af9d 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -36,6 +36,7 @@ class CI_Email { var $smtp_pass = ""; // SMTP Password var $smtp_port = "25"; // SMTP Port var $smtp_timeout = 5; // SMTP Timeout in seconds + var $smtp_crypto = ""; // SMTP Encryption. Can be null, tls or ssl. var $wordwrap = TRUE; // TRUE/FALSE Turns word-wrap on/off var $wrapchars = "76"; // Number of characters to wrap at. var $mailtype = "text"; // text/html Defines email formatting @@ -1678,7 +1679,10 @@ class CI_Email { */ protected function _smtp_connect() { - $this->_smtp_connect = fsockopen($this->smtp_host, + $ssl = NULL; + if ($this->smtp_crypto == 'ssl') + $ssl = 'ssl://'; + $this->_smtp_connect = fsockopen($ssl.$this->smtp_host, $this->smtp_port, $errno, $errstr, @@ -1691,6 +1695,14 @@ class CI_Email { } $this->_set_error_message($this->_get_smtp_data()); + + if ($this->smtp_crypto == 'tls') + { + $this->_send_command('hello'); + $this->_send_command('starttls'); + stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT); + } + return $this->_send_command('hello'); } @@ -1717,6 +1729,12 @@ class CI_Email { $resp = 250; break; + case 'starttls' : + + $this->_send_data('STARTTLS'); + + $resp = 220; + break; case 'from' : $this->_send_data('MAIL FROM:<'.$data.'>'); -- cgit v1.2.3-24-g4f1b