From c1a66512eacc76968cbf01e2ee37c3c65584b1f0 Mon Sep 17 00:00:00 2001 From: Repox Date: Mon, 23 Apr 2012 13:14:27 +0200 Subject: Corrected the migration_missing_down_method language string --- system/language/english/migration_lang.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/language/english/migration_lang.php b/system/language/english/migration_lang.php index 4763ca243..f17530f00 100644 --- a/system/language/english/migration_lang.php +++ b/system/language/english/migration_lang.php @@ -5,7 +5,7 @@ $lang['migration_not_found'] = "This migration could not be found."; $lang['migration_multiple_version'] = "This are multiple migrations with the same version number: %d."; $lang['migration_class_doesnt_exist'] = "The migration class \"%s\" could not be found."; $lang['migration_missing_up_method'] = "The migration class \"%s\" is missing an 'up' method."; -$lang['migration_missing_down_method'] = "The migration class \"%s\" is missing an 'up' method."; +$lang['migration_missing_down_method'] = "The migration class \"%s\" is missing an 'down' method."; $lang['migration_invalid_filename'] = "Migration \"%s\" has an invalid filename."; -- cgit v1.2.3-24-g4f1b From e463c4d71c2fdcc224e70f7576582220ae64e3d7 Mon Sep 17 00:00:00 2001 From: Wes Baker Date: Fri, 4 May 2012 18:44:24 -0400 Subject: Added a return false if an image doesn't pass XSS cleaning to prevent file_get_contents from returning a NULL and passing through unscathed. --- system/libraries/Upload.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'system') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index b0490de30..0e5d73b19 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -868,6 +868,10 @@ class CI_Upload { { return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good } + else + { + return FALSE; + } } if (($data = @file_get_contents($file)) === FALSE) -- cgit v1.2.3-24-g4f1b From e2c374fc474f91cc1c04aaae68e15cef6984f494 Mon Sep 17 00:00:00 2001 From: Alexander Hofstede Date: Thu, 17 May 2012 00:28:08 +0200 Subject: Check cookie against md5 regex. Otherwise, cookie can contain arbitrary injected code that gets sent back directly to the browser. --- system/core/Security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/core/Security.php b/system/core/Security.php index a3e227437..6f5ac1ed8 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -848,7 +848,7 @@ class CI_Security { // each page load since a page could contain embedded // sub-pages causing this feature to fail if (isset($_COOKIE[$this->_csrf_cookie_name]) && - $_COOKIE[$this->_csrf_cookie_name] != '') + preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1) { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } -- cgit v1.2.3-24-g4f1b From 324ef078dda5a3596444152ba49dd591a61adba6 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Thu, 17 May 2012 14:45:25 +0100 Subject: Added upgrade for 2.1.1 and updated version. --- system/core/CodeIgniter.php | 2 +- system/database/drivers/pdo/pdo_driver.php | 2 +- system/database/drivers/pdo/pdo_forge.php | 2 +- system/database/drivers/pdo/pdo_result.php | 2 +- system/database/drivers/pdo/pdo_utility.php | 2 +- system/libraries/Cache/Cache.php | 2 +- system/libraries/Cache/drivers/Cache_apc.php | 2 +- system/libraries/Cache/drivers/Cache_dummy.php | 2 +- system/libraries/Cache/drivers/Cache_file.php | 2 +- system/libraries/Cache/drivers/Cache_memcached.php | 2 +- system/libraries/Cart.php | 2 +- system/libraries/Driver.php | 2 +- system/libraries/Migration.php | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) (limited to 'system') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index db1aee574..ec7294102 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,7 +33,7 @@ * @var string * */ - define('CI_VERSION', '2.1.0'); + define('CI_VERSION', '2.1.1'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) diff --git a/system/database/drivers/pdo/pdo_driver.php b/system/database/drivers/pdo/pdo_driver.php index 5de2079bb..4fc65aeb4 100644 --- a/system/database/drivers/pdo/pdo_driver.php +++ b/system/database/drivers/pdo/pdo_driver.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.1 * @filesource */ diff --git a/system/database/drivers/pdo/pdo_forge.php b/system/database/drivers/pdo/pdo_forge.php index 1462e8c21..1a076d4a2 100644 --- a/system/database/drivers/pdo/pdo_forge.php +++ b/system/database/drivers/pdo/pdo_forge.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.1 * @filesource */ diff --git a/system/database/drivers/pdo/pdo_result.php b/system/database/drivers/pdo/pdo_result.php index 7f3058ff0..7c4a2f977 100644 --- a/system/database/drivers/pdo/pdo_result.php +++ b/system/database/drivers/pdo/pdo_result.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.1 * @filesource */ diff --git a/system/database/drivers/pdo/pdo_utility.php b/system/database/drivers/pdo/pdo_utility.php index 29aefca80..fec276458 100644 --- a/system/database/drivers/pdo/pdo_utility.php +++ b/system/database/drivers/pdo/pdo_utility.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.1 * @filesource */ diff --git a/system/libraries/Cache/Cache.php b/system/libraries/Cache/Cache.php index 61e7aa761..261fc367b 100644 --- a/system/libraries/Cache/Cache.php +++ b/system/libraries/Cache/Cache.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cache/drivers/Cache_apc.php b/system/libraries/Cache/drivers/Cache_apc.php index 79d91b320..f750e6cb7 100644 --- a/system/libraries/Cache/drivers/Cache_apc.php +++ b/system/libraries/Cache/drivers/Cache_apc.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cache/drivers/Cache_dummy.php b/system/libraries/Cache/drivers/Cache_dummy.php index f96a68e27..b11b5b8fc 100644 --- a/system/libraries/Cache/drivers/Cache_dummy.php +++ b/system/libraries/Cache/drivers/Cache_dummy.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cache/drivers/Cache_file.php b/system/libraries/Cache/drivers/Cache_file.php index 13e2d1af6..c50043660 100644 --- a/system/libraries/Cache/drivers/Cache_file.php +++ b/system/libraries/Cache/drivers/Cache_file.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php index fc586e025..747842091 100644 --- a/system/libraries/Cache/drivers/Cache_memcached.php +++ b/system/libraries/Cache/drivers/Cache_memcached.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/system/libraries/Cart.php b/system/libraries/Cart.php index ab5a70c98..da47b5a19 100644 --- a/system/libraries/Cart.php +++ b/system/libraries/Cart.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Driver.php b/system/libraries/Driver.php index 9881c1eec..f9959ff81 100644 --- a/system/libraries/Driver.php +++ b/system/libraries/Driver.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/system/libraries/Migration.php b/system/libraries/Migration.php index 3943ec130..5a41377ea 100644 --- a/system/libraries/Migration.php +++ b/system/libraries/Migration.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b