From 3d2073e877cb1fddbea8fcec5bc5d38b545cdcfa Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Thu, 22 Mar 2018 16:52:42 +0200
Subject: [ci skip] Mark the start of 3.1.9 development

---
 system/core/CodeIgniter.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index 4ad513dd6..c5aab6259 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  * @var	string
  *
  */
-	const CI_VERSION = '3.1.8';
+	const CI_VERSION = '3.1.9-dev';
 
 /*
  * ------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b


From 68b0e088a25dee720642f42d76ea395c209be855 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 13 Apr 2018 13:08:52 +0300
Subject: Fix #5448

---
 system/database/DB_query_builder.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 8f477e3a1..8bc6328b4 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -987,7 +987,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 				$v .= sprintf($this->_like_escape_str, $this->_like_escape_chr);
 			}
 
-			$qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE", 'value' => $v, 'escape' => $escape);
+			$qb_where = array('condition' => "{$prefix} {$k} {$not} LIKE {$v}", 'value' => NULL, 'escape' => $escape);
 			$this->qb_where[] = $qb_where;
 			if ($this->qb_caching === TRUE)
 			{
-- 
cgit v1.2.3-24-g4f1b


From 9341189a529e28007c7ff566aa5db91488ea7439 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Sat, 14 Apr 2018 16:45:56 +0300
Subject: Merge pull request #5464 from ytetsuro/fix/#5462/like-before-bug

Fixed issue #5462 Query Builder LIKE BEFORE doesnt work
---
 system/database/DB_query_builder.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 8bc6328b4..5c0528a3f 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -970,7 +970,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 					$v = "'{$v}'";
 					break;
 				case 'before':
-					$v = "%'{$v}'";
+					$v = "'%{$v}'";
 					break;
 				case 'after':
 					$v = "'{$v}%'";
-- 
cgit v1.2.3-24-g4f1b


From b070d923fee349b36c16010da3ff3c0222dddec3 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Mon, 23 Apr 2018 14:26:49 +0300
Subject: [ci skip] Merge pull request #5471 from toonitw/patch-1

The value of limit can be zero
---
 system/database/DB_driver.php        | 2 +-
 system/database/DB_query_builder.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'system')

diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index 059849771..f8956f069 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -1528,7 +1528,7 @@ abstract class CI_DB_driver {
 		return 'UPDATE '.$table.' SET '.implode(', ', $valstr)
 			.$this->_compile_wh('qb_where')
 			.$this->_compile_order_by()
-			.($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');
+			.($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');
 	}
 
 	// --------------------------------------------------------------------
diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php
index 5c0528a3f..3d0c329b0 100644
--- a/system/database/DB_query_builder.php
+++ b/system/database/DB_query_builder.php
@@ -2215,7 +2215,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 	protected function _delete($table)
 	{
 		return 'DELETE FROM '.$table.$this->_compile_wh('qb_where')
-			.($this->qb_limit ? ' LIMIT '.$this->qb_limit : '');
+			.($this->qb_limit !== FALSE ? ' LIMIT '.$this->qb_limit : '');
 	}
 
 	// --------------------------------------------------------------------
@@ -2365,7 +2365,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver {
 			.$this->_compile_order_by(); // ORDER BY
 
 		// LIMIT
-		if ($this->qb_limit OR $this->qb_offset)
+		if ($this->qb_limit !== FALSE OR $this->qb_offset)
 		{
 			return $this->_limit($sql."\n");
 		}
-- 
cgit v1.2.3-24-g4f1b


From 4dab9f8db84d5286ef1da9217af9e44771433b2f Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 31 Jan 2018 23:56:21 +0200
Subject: Merge pull request #5391 from mehdibo/fix/url-helper

Prevent tab hijacking when using the URL helper
---
 system/helpers/url_helper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index 0359ac92c..a22c4c215 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -396,7 +396,7 @@ if ( ! function_exists('auto_link'))
 		if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
 		{
 			// Set our target HTML if using popup links.
-			$target = ($popup) ? ' target="_blank"' : '';
+			$target = ($popup) ? ' target="_blank" rel="noopener"' : '';
 
 			// We process the links in reverse order (last -> first) so that
 			// the returned string offsets from preg_match_all() are not
-- 
cgit v1.2.3-24-g4f1b


From 8cf7d86ede61a5b16c12acf6269996623ae903e5 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 1 May 2018 04:21:29 +0300
Subject: [ci skip] Close #5487

---
 system/libraries/Session/Session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 9e762745f..aa1fafb5b 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -604,7 +604,7 @@ class CI_Session {
 	// ------------------------------------------------------------------------
 
 	/**
-	 * Unmark flash
+	 * Unmark temp
 	 *
 	 * @param	mixed	$key	Session data key(s)
 	 * @return	void
-- 
cgit v1.2.3-24-g4f1b


From aa27dc0fd00d14456607da341df7493f0170abaa Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 1 Jun 2018 17:48:25 +0300
Subject: Merge pull request #5516 from wpyh/patch-1

Use Config::base_url() properly
---
 system/helpers/html_helper.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'system')

diff --git a/system/helpers/html_helper.php b/system/helpers/html_helper.php
index 5cec4597b..260afe9a2 100644
--- a/system/helpers/html_helper.php
+++ b/system/helpers/html_helper.php
@@ -200,7 +200,7 @@ if ( ! function_exists('img'))
 				}
 				else
 				{
-					$img .= ' src="'.get_instance()->config->slash_item('base_url').$v.'"';
+					$img .= ' src="'.get_instance()->config->base_url($v).'"';
 				}
 			}
 			else
@@ -292,7 +292,7 @@ if ( ! function_exists('link_tag'))
 					}
 					else
 					{
-						$link .= 'href="'.$CI->config->slash_item('base_url').$v.'" ';
+						$link .= 'href="'.$CI->config->base_url($v).'" ';
 					}
 				}
 				else
@@ -313,7 +313,7 @@ if ( ! function_exists('link_tag'))
 			}
 			else
 			{
-				$link .= 'href="'.$CI->config->slash_item('base_url').$href.'" ';
+				$link .= 'href="'.$CI->config->base_url($href).'" ';
 			}
 
 			$link .= 'rel="'.$rel.'" type="'.$type.'" ';
-- 
cgit v1.2.3-24-g4f1b


From 32f8c936898a3619f225f614d03b1cdf7a7e2750 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 12 Jun 2018 16:25:44 +0300
Subject: Merge pull request #5510 from johndekroon/develop

Only use the output of idn_to_ascii() if it worked properly
---
 system/libraries/Email.php           | 12 ++++++++++--
 system/libraries/Form_validation.php |  6 +++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index a53e7e72a..cd74d6da1 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -1038,7 +1038,11 @@ class CI_Email {
 			$domain = defined('INTL_IDNA_VARIANT_UTS46')
 				? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46)
 				: idn_to_ascii($domain);
-			$email = $account.'@'.$domain;
+
+			if ($domain !== FALSE)
+			{
+				$email = $account.'@'.$domain;
+			}
 		}
 
 		return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
@@ -1859,7 +1863,11 @@ class CI_Email {
 			$domain = defined('INTL_IDNA_VARIANT_UTS46')
 				? idn_to_ascii($domain, 0, INTL_IDNA_VARIANT_UTS46)
 				: idn_to_ascii($domain);
-			$email = $account.'@'.$domain;
+
+			if ($domain !== FALSE)
+			{
+				$email = $account.'@'.$domain;
+			}
 		}
 
 		return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email));
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 6a97ee599..27187df2c 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1234,7 +1234,11 @@ class CI_Form_validation {
 			$domain = defined('INTL_IDNA_VARIANT_UTS46')
 				? idn_to_ascii($matches[2], 0, INTL_IDNA_VARIANT_UTS46)
 				: idn_to_ascii($matches[2]);
-			$str = $matches[1].'@'.$domain;
+
+			if ($domain !== FALSE)
+			{
+				$str = $matches[1].'@'.$domain;
+			}
 		}
 
 		return (bool) filter_var($str, FILTER_VALIDATE_EMAIL);
-- 
cgit v1.2.3-24-g4f1b


From a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 12 Jun 2018 16:40:12 +0300
Subject: [ci skip] Prepare 3.1.9 release

---
 system/core/CodeIgniter.php                        |  2 +-
 system/libraries/Session/Session_driver.php        | 17 ++++++++++++++
 .../Session/drivers/Session_database_driver.php    | 26 ++++++++++++++++++++++
 .../Session/drivers/Session_files_driver.php       | 18 +++++++++++++++
 .../Session/drivers/Session_memcached_driver.php   | 19 ++++++++++++++++
 .../Session/drivers/Session_redis_driver.php       | 18 +++++++++++++++
 6 files changed, 99 insertions(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/core/CodeIgniter.php b/system/core/CodeIgniter.php
index c5aab6259..7b1dcc2f1 100644
--- a/system/core/CodeIgniter.php
+++ b/system/core/CodeIgniter.php
@@ -55,7 +55,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  * @var	string
  *
  */
-	const CI_VERSION = '3.1.9-dev';
+	const CI_VERSION = '3.1.9';
 
 /*
  * ------------------------------------------------------
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index bef5ee41f..2fe30b8a2 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -112,6 +112,23 @@ abstract class CI_Session_driver implements SessionHandlerInterface {
 
 	// ------------------------------------------------------------------------
 
+	/**
+	 * PHP 5.x validate ID
+	 *
+	 * Enforces session.use_strict_mode on PHP 5.x (7+ does it by itself)
+	 *
+	 * @return	void
+	 */
+	public function php5_validate_id()
+	{
+		if (PHP_VERSION_ID < 70000 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']]))
+		{
+			unset($_COOKIE[$this->_config['cookie_name']]);
+		}
+	}
+
+	// ------------------------------------------------------------------------
+
 	/**
 	 * Cookie destroy
 	 *
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index ae7a1b4a1..074accfe7 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -133,6 +133,8 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 			return $this->_fail();
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -340,6 +342,30 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 			: $this->_fail();
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		// Prevent previous QB calls from messing with our queries
+		$this->_db->reset_query();
+
+		$this->_db->select('1')->from($this->_config['save_path'])->where('id', $id);
+		empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+		$result = $this->_db->get();
+		empty($result) OR $result = $result->row();
+
+		return ! empty($result);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
index c6d789aae..654f30010 100644
--- a/system/libraries/Session/drivers/Session_files_driver.php
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -148,6 +148,8 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 			.$name // we'll use the session cookie name as a prefix to avoid collisions
 			.($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : '');
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -391,6 +393,22 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 
 	// --------------------------------------------------------------------
 
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		return is_file($this->_file_path.$id);
+	}
+
+	// --------------------------------------------------------------------
+
 	/**
 	 * Byte-safe strlen()
 	 *
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index b109738c2..7d8e39022 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -145,6 +145,8 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 			return $this->_fail();
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_success;
 	}
 
@@ -290,6 +292,23 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 		return $this->_success;
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		$this->_memcached-get($this->_key_prefix.$id);
+		return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index 413c30d67..d7a57550a 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -153,6 +153,8 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 			return $this->_success;
 		}
 
+		$this->php5_validate_id();
+
 		return $this->_fail();
 	}
 
@@ -310,6 +312,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 		return $this->_success;
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Validate ID
+	 *
+	 * Checks whether a session ID record exists server-side,
+	 * to enforce session.use_strict_mode.
+	 *
+	 * @param	string	$id
+	 * @return	bool
+	 */
+	public function validateId($id)
+	{
+		return (bool) $this->_redis->exists($this->_key_prefix.$id);
+	}
+
 	// ------------------------------------------------------------------------
 
 	/**
-- 
cgit v1.2.3-24-g4f1b