From c9f1aa4e453197fd32e49ce537635b11c670adb7 Mon Sep 17 00:00:00 2001
From: Quinn Chrzan <quinnchrzan@gmail.com>
Date: Thu, 5 Jun 2014 16:20:05 -0400
Subject: Minor style fixes to improve readability in HMAC authentication

---
 system/libraries/Session.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 89c699765..b6c53c71d 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -145,7 +145,9 @@ class CI_Session {
 		}
 
 		// HMAC authentication
-		if (($len = strlen($session) - 40) <= 0)
+		$len = strlen($session) - 40;
+
+		if ($len <= 0)
 		{
 			log_message('error', 'Session: The session cookie was not signed.');
 			return FALSE;
@@ -158,9 +160,11 @@ class CI_Session {
 		// Time-attack-safe comparison
 		$hmac_check = hash_hmac('sha1', $session, $this->encryption_key);
 		$diff = 0;
+
 		for ($i = 0; $i < 40; $i++)
 		{
-			$diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]);
+			$xor = ord($hmac[$i]) ^ ord($hmac_check[$i]);
+			$diff |= $xor;
 		}
 
 		if ($diff !== 0)
@@ -789,4 +793,4 @@ class CI_Session {
 // END Session Class
 
 /* End of file Session.php */
-/* Location: ./system/libraries/Session.php */
\ No newline at end of file
+/* Location: ./system/libraries/Session.php */
-- 
cgit v1.2.3-24-g4f1b


From 0d0376807ffe27f08bfe36149ec732d84f05762c Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 6 Jun 2014 13:57:47 +0300
Subject: Issue #3084

---
 system/libraries/Session.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index b6c53c71d..5f4f60547 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -672,11 +672,8 @@ class CI_Session {
 		{
 			$cookie_data = $this->CI->encrypt->encode($cookie_data);
 		}
-		else
-		{
-			// if encryption is not used, we provide an md5 hash to prevent userside tampering
-			$cookie_data .= hash_hmac('sha1', $cookie_data, $this->encryption_key);
-		}
+
+		$cookie_data .= hash_hmac('sha1', $cookie_data, $this->encryption_key);
 
 		$expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
 
-- 
cgit v1.2.3-24-g4f1b


From 37df6fa88ec63bffa5545bdc3b3c7c3801c9b635 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 6 Jun 2014 13:59:30 +0300
Subject: Update CI_VERSION

---
 system/core/CodeIgniter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index ad2cadd96..34078174a 100755
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -33,7 +33,7 @@
  * @var string
  *
  */
-	define('CI_VERSION', '2.1.4');
+	define('CI_VERSION', '2.2.0');
 
 /**
  * CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
-- 
cgit v1.2.3-24-g4f1b