Remove preg_quote() call from CI_User_agent::_set_browser() and add a…

…nother pattern for Opera Input comes from a configuration file that is barely touched by anyone and the default values only contain letters, so it is safe to not quote them. This enables us to add a more advanced pattern in config/user_agents.php for Opera 10+, which ... quote: Opera/9.80 is hard coded at the beginning of the user agent string because of broken browser sniffing scripts which detect 'Opera/10' and above as Opera 1. (reference: http://my.opera.com/community/openweb/idopera/) Instead, latests versions of Opera append ' Version/<version number>' to the end of the user agent string. Fixes issue #555 (incorrect browser detection for Opera)
bcit-ci · Jan 8, 2014 · 10925d2 · 10925d2
1 parent 4ea76cc
commit 10925d2
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/application/config/user_agents.php b/application/config/user_agents.php
@@ -85,6 +85,8 @@
 	'OPR'			=> 'Opera',
 	'Flock'			=> 'Flock',
 	'Chrome'		=> 'Chrome',
+	// Opera 10+ always reports Opera/9.80 and appends Version/<real version> to the user agent string
+	'Opera.*?Version'	=> 'Opera',
 	'Opera'			=> 'Opera',
 	'MSIE'			=> 'Internet Explorer',
 	'Internet Explorer'	=> 'Internet Explorer',

diff --git a/system/libraries/User_agent.php b/system/libraries/User_agent.php
@@ -282,7 +282,7 @@ protected function _set_browser()
 		{
 			foreach ($this->browsers as $key => $val)
 			{
-				if (preg_match('|'.preg_quote($key).'.*?([0-9\.]+)|i', $this->agent, $match))
+				if (preg_match('|'.$key.'.*?([0-9\.]+)|i', $this->agent, $match))
 				{
 					$this->is_browser = TRUE;
 					$this->version = $match[1];

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
@@ -651,6 +651,7 @@ Bug fixes for 3.0
 -  Fixed a bug (#2762) - :doc:`Hooks Class <general/hooks>` didn't properly check if the called class/function exists.
 -  Fixed a bug (#148) - while sanitizing input data, ``CI_Input::_clean_input_data()`` assumed that it is URL-encoded, stripping certain character sequences from it.
 -  Fixed a bug (#346) - with ``$config['global_xss_filtering']`` turned on, the ``$_GET``, ``$_POST``, ``$_COOKIE`` and ``$_SERVER`` superglobals were overwritten during initialization time, resulting in XSS filtering being either performed twice or there was no possible way to get the original data, even though options for this do exist.
+-  Fixed an edge case (#555) - incorrect browser version was reported for Opera 10+ due to a non-standard user-agent string.
 
 Version 2.1.4
 =============