Browse files

Remove preg_quote() call from CI_User_agent::_set_browser() and add a…

…nother pattern for Opera

Input comes from a configuration file that is barely touched by anyone
and the default values only contain letters, so it is safe to not
quote them.

This enables us to add a more advanced pattern in config/user_agents.php
for Opera 10+, which ... quote:

  Opera/9.80 is hard coded at the beginning of the user agent string because of broken browser sniffing scripts which detect 'Opera/10' and above as Opera 1.


Instead, latests versions of Opera append ' Version/<version number>'
to the end of the user agent string.

Fixes issue #555 (incorrect browser detection for Opera)
  • Loading branch information...
1 parent 4ea76cc commit 10925d27adac84634cc527d7298b1add0d54ba7c @narfbg narfbg committed Jan 8, 2014
Showing with 4 additions and 1 deletion.
  1. +2 −0 application/config/user_agents.php
  2. +1 −1 system/libraries/User_agent.php
  3. +1 −0 user_guide_src/source/changelog.rst
@@ -85,6 +85,8 @@
'OPR' => 'Opera',
'Flock' => 'Flock',
'Chrome' => 'Chrome',
+ // Opera 10+ always reports Opera/9.80 and appends Version/<real version> to the user agent string
+ 'Opera.*?Version' => 'Opera',
'Opera' => 'Opera',
'MSIE' => 'Internet Explorer',
'Internet Explorer' => 'Internet Explorer',
@@ -282,7 +282,7 @@ protected function _set_browser()
foreach ($this->browsers as $key => $val)
- if (preg_match('|'.preg_quote($key).'.*?([0-9\.]+)|i', $this->agent, $match))
+ if (preg_match('|'.$key.'.*?([0-9\.]+)|i', $this->agent, $match))
$this->is_browser = TRUE;
$this->version = $match[1];
@@ -651,6 +651,7 @@ Bug fixes for 3.0
- Fixed a bug (#2762) - :doc:`Hooks Class <general/hooks>` didn't properly check if the called class/function exists.
- Fixed a bug (#148) - while sanitizing input data, ``CI_Input::_clean_input_data()`` assumed that it is URL-encoded, stripping certain character sequences from it.
- Fixed a bug (#346) - with ``$config['global_xss_filtering']`` turned on, the ``$_GET``, ``$_POST``, ``$_COOKIE`` and ``$_SERVER`` superglobals were overwritten during initialization time, resulting in XSS filtering being either performed twice or there was no possible way to get the original data, even though options for this do exist.
+- Fixed an edge case (#555) - incorrect browser version was reported for Opera 10+ due to a non-standard user-agent string.
Version 2.1.4

0 comments on commit 10925d2

Please sign in to comment.