From dc46d99fe8ab2058df15c6a7608e5ae41ffffb2b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 16:25:23 +0300 Subject: Escape WHERE clause field names in the DB update_string() method --- system/database/DB_driver.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 300ca2977..12c0530c5 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -950,6 +950,7 @@ class CI_DB_driver { foreach ($where as $key => $val) { $prefix = (count($dest) == 0) ? '' : ' AND '; + $key = $this->_protect_identifiers($key); if ($val !== '') { @@ -1390,4 +1391,4 @@ class CI_DB_driver { /* End of file DB_driver.php */ -/* Location: ./system/database/DB_driver.php */ \ No newline at end of file +/* Location: ./system/database/DB_driver.php */ -- cgit v1.2.3-24-g4f1b From 89e1780f16ea91e913d4231ec07b90391622c8cb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 17:09:44 +0300 Subject: Fix a variable type mismatch (issue #89) in system/database/DB_driver.php --- system/database/DB_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 12c0530c5..31e4c2bca 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1166,7 +1166,7 @@ class CI_DB_driver { if ($native == TRUE) { - $message = $error; + $message = ( ! is_array($error)) ? array($error) : $error; } else { -- cgit v1.2.3-24-g4f1b From 85a99cc6a386e49af7dc36f5450dce2338404851 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 17:17:37 +0300 Subject: Skip is_array() check --- system/database/DB_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index 31e4c2bca..17649f7b1 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -1166,7 +1166,7 @@ class CI_DB_driver { if ($native == TRUE) { - $message = ( ! is_array($error)) ? array($error) : $error; + $message = (array) $error; } else { -- cgit v1.2.3-24-g4f1b From 8d263b02c56e25305621535e184333e8cdace9bd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 18:47:09 +0300 Subject: Suppress warnings generated by get_magic_quotes_gpc() (issue #467) --- system/core/Input.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/core/Input.php b/system/core/Input.php index f39371fb0..6f8442107 100755 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -555,7 +555,7 @@ class CI_Input { } // We strip slashes if magic quotes is on to keep things consistent - if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc()) + if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc()) { $str = stripslashes($str); } -- cgit v1.2.3-24-g4f1b From 6b5908947853281c4bd5577269b90ba3eead5ddd Mon Sep 17 00:00:00 2001 From: Gerry Date: Sun, 25 Sep 2011 00:16:39 +0800 Subject: Fixing the documentation url given in the Table library --- system/libraries/Table.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Table.php b/system/libraries/Table.php index def696776..c14da727e 100644 --- a/system/libraries/Table.php +++ b/system/libraries/Table.php @@ -24,7 +24,7 @@ * @subpackage Libraries * @category HTML Tables * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/libraries/uri.html + * @link http://codeigniter.com/user_guide/libraries/table.html */ class CI_Table { @@ -528,4 +528,4 @@ class CI_Table { /* End of file Table.php */ -/* Location: ./system/libraries/Table.php */ \ No newline at end of file +/* Location: ./system/libraries/Table.php */ -- cgit v1.2.3-24-g4f1b From f371fc907fa48a96d1fed201ab13500835e75b71 Mon Sep 17 00:00:00 2001 From: Gerry Date: Sun, 25 Sep 2011 00:28:09 +0800 Subject: Fixing the Encryption link in the Sha1 library so that it's valid --- system/libraries/Sha1.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Sha1.php b/system/libraries/Sha1.php index 1a657572b..8e991f54a 100644 --- a/system/libraries/Sha1.php +++ b/system/libraries/Sha1.php @@ -40,7 +40,7 @@ * @subpackage Libraries * @category Encryption * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/general/encryption.html + * @link http://codeigniter.com/user_guide/libraries/encryption.html */ class CI_SHA1 { @@ -248,4 +248,4 @@ class CI_SHA1 { // END CI_SHA /* End of file Sha1.php */ -/* Location: ./system/libraries/Sha1.php */ \ No newline at end of file +/* Location: ./system/libraries/Sha1.php */ -- cgit v1.2.3-24-g4f1b From 6f2b26416f65ab86d2ebcf093bad788091cc7273 Mon Sep 17 00:00:00 2001 From: Gerry Date: Sun, 25 Sep 2011 00:30:52 +0800 Subject: Fixing the documentation link in the Typography library so that it's valid --- system/libraries/Typography.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Typography.php b/system/libraries/Typography.php index 734cec104..f061311b0 100644 --- a/system/libraries/Typography.php +++ b/system/libraries/Typography.php @@ -22,7 +22,7 @@ * @access private * @category Helpers * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/helpers/ + * @link http://codeigniter.com/user_guide/libraries/typography.html */ class CI_Typography { @@ -407,4 +407,4 @@ class CI_Typography { // END Typography Class /* End of file Typography.php */ -/* Location: ./system/libraries/Typography.php */ \ No newline at end of file +/* Location: ./system/libraries/Typography.php */ -- cgit v1.2.3-24-g4f1b From 33c9c3f80149825e2ffb9e67675747262b563afc Mon Sep 17 00:00:00 2001 From: Gerry Date: Sun, 25 Sep 2011 00:32:38 +0800 Subject: Fixing the documentation link in the Unit_test library so that it points to the correct page --- system/libraries/Unit_test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system') diff --git a/system/libraries/Unit_test.php b/system/libraries/Unit_test.php index 5bd7e801a..d9bc8ef6b 100644 --- a/system/libraries/Unit_test.php +++ b/system/libraries/Unit_test.php @@ -24,7 +24,7 @@ * @subpackage Libraries * @category UnitTesting * @author ExpressionEngine Dev Team - * @link http://codeigniter.com/user_guide/libraries/uri.html + * @link http://codeigniter.com/user_guide/libraries/unit_testing.html */ class CI_Unit_test { @@ -380,4 +380,4 @@ function is_false($test) /* End of file Unit_test.php */ -/* Location: ./system/libraries/Unit_test.php */ \ No newline at end of file +/* Location: ./system/libraries/Unit_test.php */ -- cgit v1.2.3-24-g4f1b From d93e6f3890fd50b9aaf1e116fa8ceb7e3f0caa05 Mon Sep 17 00:00:00 2001 From: Chris Berthe Date: Sun, 25 Sep 2011 10:33:25 -0400 Subject: Fix #484 - Hash is never set to the cookie --- system/core/Security.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/core/Security.php b/system/core/Security.php index 6c4c59057..84ecb06db 100755 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -886,7 +886,8 @@ class CI_Security { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } - return $this->_csrf_hash = md5(uniqid(rand(), TRUE)); + $this->_csrf_hash = md5(uniqid(rand(), TRUE)); + $this->csrf_set_cookie(); } return $this->_csrf_hash; -- cgit v1.2.3-24-g4f1b From 8b4d83b23b3b93e8042b01d9117f496206b309c0 Mon Sep 17 00:00:00 2001 From: Juan José González Date: Tue, 27 Sep 2011 17:21:14 -0500 Subject: Fixing issue 465: select_max is adding prefix to table aliases when is not necessary --- system/database/DB_active_rec.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 7162e2ac5..83518232e 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -196,7 +196,7 @@ class CI_DB_active_record extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$this->_protect_identifiers(trim($alias)); + $sql = $this->_protect_identifiers($type.'('.trim($select).')').' AS '.$this->_protect_identifiers(trim($alias)); $this->ar_select[] = $sql; -- cgit v1.2.3-24-g4f1b From bbf04b011bd30c9c67970aa5a5049a32a01474b4 Mon Sep 17 00:00:00 2001 From: Radu Potop Date: Wed, 28 Sep 2011 13:57:51 +0300 Subject: Added TLS and SSL support to Email library. Fixes issue #171 --- system/libraries/Email.php | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index c8cb8549e..648bb6b4d 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -36,6 +36,7 @@ class CI_Email { var $smtp_pass = ""; // SMTP Password var $smtp_port = "25"; // SMTP Port var $smtp_timeout = 5; // SMTP Timeout in seconds + var $smtp_crypto = ""; // SMTP Encryption. Can be null, tls or ssl. var $wordwrap = TRUE; // TRUE/FALSE Turns word-wrap on/off var $wrapchars = "76"; // Number of characters to wrap at. var $mailtype = "text"; // text/html Defines email formatting @@ -1667,7 +1668,10 @@ class CI_Email { */ protected function _smtp_connect() { - $this->_smtp_connect = fsockopen($this->smtp_host, + $ssl = NULL; + if ($this->smtp_crypto == 'ssl') + $ssl = 'ssl://'; + $this->_smtp_connect = fsockopen($ssl.$this->smtp_host, $this->smtp_port, $errno, $errstr, @@ -1680,6 +1684,14 @@ class CI_Email { } $this->_set_error_message($this->_get_smtp_data()); + + if ($this->smtp_crypto == 'tls') + { + $this->_send_command('hello'); + $this->_send_command('starttls'); + stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT); + } + return $this->_send_command('hello'); } @@ -1706,6 +1718,12 @@ class CI_Email { $resp = 250; break; + case 'starttls' : + + $this->_send_data('STARTTLS'); + + $resp = 220; + break; case 'from' : $this->_send_data('MAIL FROM:<'.$data.'>'); -- cgit v1.2.3-24-g4f1b From 4c589aed7b0215e3d4105b11776bc45f299d291d Mon Sep 17 00:00:00 2001 From: Radu Potop Date: Thu, 29 Sep 2011 10:19:55 +0300 Subject: style edit, print error if crypto fails --- system/libraries/Email.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'system') diff --git a/system/libraries/Email.php b/system/libraries/Email.php index 648bb6b4d..ef20e1978 100644 --- a/system/libraries/Email.php +++ b/system/libraries/Email.php @@ -1669,8 +1669,12 @@ class CI_Email { protected function _smtp_connect() { $ssl = NULL; + if ($this->smtp_crypto == 'ssl') + { $ssl = 'ssl://'; + } + $this->_smtp_connect = fsockopen($ssl.$this->smtp_host, $this->smtp_port, $errno, @@ -1689,7 +1693,13 @@ class CI_Email { { $this->_send_command('hello'); $this->_send_command('starttls'); - stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT); + $crypto = stream_socket_enable_crypto($this->_smtp_connect, TRUE, STREAM_CRYPTO_METHOD_TLS_CLIENT); + } + + if ($crypto !== TRUE) + { + $this->_set_error_message('lang:email_smtp_error', $this->_get_smtp_data()); + return FALSE; } return $this->_send_command('hello'); -- cgit v1.2.3-24-g4f1b From f6faa536b11f2ded3973a3e976938e99537ba16a Mon Sep 17 00:00:00 2001 From: freewil Date: Thu, 29 Sep 2011 21:57:27 -0400 Subject: cleanup docblocks, remove dated CI_CORE constant --- system/core/CodeIgniter.php | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'system') diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php index aca4fb23c..9f88384b1 100755 --- a/system/core/CodeIgniter.php +++ b/system/core/CodeIgniter.php @@ -33,28 +33,8 @@ * @var string * */ - /** - * CodeIgniter Version - * - * @var string - * - */ define('CI_VERSION', '2.1.0-dev'); -/** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var boolean - * - */ - /** - * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) - * - * @var string - * - */ - define('CI_CORE', FALSE); - /* * ------------------------------------------------------ * Load the global functions -- cgit v1.2.3-24-g4f1b From cfdb232b98dc7f6ba0e78ba95b5f89de8f423d21 Mon Sep 17 00:00:00 2001 From: RH Becker Date: Mon, 3 Oct 2011 17:28:32 -0700 Subject: Issue 352: Since the MySQL client API version matters, PHP and MySQL version checks are not sufficient to determine that set_charset functions exist. --- system/database/drivers/mysql/mysql_driver.php | 19 ++++--------------- system/database/drivers/mysqli/mysqli_driver.php | 21 +++++---------------- 2 files changed, 9 insertions(+), 31 deletions(-) (limited to 'system') diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php index f87cfea4b..dc020c624 100644 --- a/system/database/drivers/mysql/mysql_driver.php +++ b/system/database/drivers/mysql/mysql_driver.php @@ -56,7 +56,7 @@ class CI_DB_mysql_driver extends CI_DB { // whether SET NAMES must be used to set the character set var $use_set_names; - + /** * Non-persistent database connection * @@ -135,20 +135,9 @@ class CI_DB_mysql_driver extends CI_DB { */ function db_set_charset($charset, $collation) { - if ( ! isset($this->use_set_names)) - { - // mysql_set_charset() requires PHP >= 5.2.3 and MySQL >= 5.0.7, use SET NAMES as fallback - $this->use_set_names = (version_compare(PHP_VERSION, '5.2.3', '>=') && version_compare(mysql_get_server_info(), '5.0.7', '>=')) ? FALSE : TRUE; - } - - if ($this->use_set_names === TRUE) - { - return @mysql_query("SET NAMES '".$this->escape_str($charset)."' COLLATE '".$this->escape_str($collation)."'", $this->conn_id); - } - else - { - return @mysql_set_charset($charset, $this->conn_id); - } + return function_exists('mysql_set_charset') + ? @mysql_set_charset($charset, $this->conn_id) + : @mysql_query("SET NAMES '".$this->escape_str($charset)."' COLLATE '".$this->escape_str($collation)."'", $this->conn_id); } // -------------------------------------------------------------------- diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index ccd110f79..abef80fbd 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -56,7 +56,7 @@ class CI_DB_mysqli_driver extends CI_DB { // whether SET NAMES must be used to set the character set var $use_set_names; - + // -------------------------------------------------------------------- /** @@ -135,20 +135,9 @@ class CI_DB_mysqli_driver extends CI_DB { */ function _db_set_charset($charset, $collation) { - if ( ! isset($this->use_set_names)) - { - // mysqli_set_charset() requires MySQL >= 5.0.7, use SET NAMES as fallback - $this->use_set_names = (version_compare(mysqli_get_server_info($this->conn_id), '5.0.7', '>=')) ? FALSE : TRUE; - } - - if ($this->use_set_names === TRUE) - { - return @mysqli_query($this->conn_id, "SET NAMES '".$this->escape_str($charset)."' COLLATE '".$this->escape_str($collation)."'"); - } - else - { - return @mysqli_set_charset($this->conn_id, $charset); - } + return function_exists('mysqli_set_charset') + ? @mysqli_set_charset($this->conn_id, $charset) + : @mysqli_query($this->conn_id, "SET NAMES '".$this->escape_str($charset)."' COLLATE '".$this->escape_str($collation)."'"); } // -------------------------------------------------------------------- @@ -570,7 +559,7 @@ class CI_DB_mysqli_driver extends CI_DB { { return "INSERT INTO ".$table." (".implode(', ', $keys).") VALUES ".implode(', ', $values); } - + // -------------------------------------------------------------------- /** -- cgit v1.2.3-24-g4f1b