Merge branch 'develop' of git://github.com/EllisLab/CodeIgniter into …

…develop * 'develop' of git://github.com/EllisLab/CodeIgniter: (152 commits) Enable travis for feature/* branches Improve the solution for issue #1631 Updated .htaccess files with Apache 2.4+ safe deny statements. Fixes #1631 Fix on _update_batch() : wrong variable used for field selection Inconsistency between log_message and show_error when encountering a non-existant class Changed TRUE and FALSE values to be uppercase Changed double quotes to single quotes to meet style guidelines Fix in index.php inline documentation Some adjustments in inline documentation Loader::model() - rename foreach ($model AS $single_model) to ($model AS $class). Consistent with ::library() and ::_ci_load_class() Add a changelog entry for issue #1605 (pull #1606) and remove some spaces fix issue #1605 covert page number type from float to int Rename $babe => $single_model, in foreach ($model AS $babe) {...} escape_identifiers() to not escape string literals inside double quotes as well Fix issue #1613 Added data-ci-pagination-page="x" to pagination output so JS frameworks can hook on. Update develop Update develop Fix some spaces here again... new lines ...
bcit-ci · Jul 20, 2012 · fe93b0d · fe93b0d
2 parents 0f6fbd5 + fa4af2c
commit fe93b0d
Show file tree

Hide file tree

Showing 123 changed files with 4,834 additions and 2,378 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -23,4 +23,5 @@ script: phpunit --coverage-text --configuration tests/travis/$DB.phpunit.xml
 
 branches:
   only:
-    - develop
+    - develop
+    - /^feature\/.+$/
diff --git a/DCO.txt b/DCO.txt
@@ -0,0 +1,25 @@
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(1)	The contribution was created in whole or in part by me and I
+	have the right to submit it under the open source license
+	indicated in the file; or
+
+(2)	The contribution is based upon previous work that, to the best
+	of my knowledge, is covered under an appropriate open source
+	license and I have the right under that license to submit that
+	work with modifications, whether created in whole or in part
+	by me, under the same open source license (unless I am
+	permitted to submit under a different license), as indicated
+	in the file; or
+
+(3)	The contribution was provided directly to me by some other
+	person who certified (1), (2) or (3) and I have not modified
+	it.
+
+(4)	I understand and agree that this project and the contribution
+	are public and that a record of the contribution (including all
+	personal information I submit with it, including my sign-off) is
+	maintained indefinitely and may be redistributed consistent with
+	this project or the open source license(s) involved.
diff --git a/application/.htaccess b/application/.htaccess
@@ -1 +1,6 @@
-Deny from all
+<IfModule authz_core_module>
+    Require all denied
+</IfModule>
+<IfModule !authz_core_module>
+    Deny from all
+</IfModule>
diff --git a/application/cache/.htaccess b/application/cache/.htaccess
@@ -1 +1,6 @@
-deny from all
+<IfModule authz_core_module>
+    Require all denied
+</IfModule>
+<IfModule !authz_core_module>
+    Deny from all
+</IfModule>
diff --git a/application/config/config.php b/application/config/config.php
@@ -300,9 +300,9 @@
 | 'cookie_httponly' = Cookie will only be accessible via HTTP(S) (no javascript)
 |
 */
-$config['cookie_prefix']	= "";
-$config['cookie_domain']	= "";
-$config['cookie_path']		= "/";
+$config['cookie_prefix']	= '';
+$config['cookie_domain']	= '';
+$config['cookie_path']		= '/';
 $config['cookie_secure']	= FALSE;
 $config['cookie_httponly'] 	= FALSE;
 

diff --git a/application/config/database.php b/application/config/database.php
@@ -42,8 +42,9 @@
 |	['username'] The username used to connect to the database
 |	['password'] The password used to connect to the database
 |	['database'] The name of the database you want to connect to
-|	['dbdriver'] The database type. e.g.: mysql.  Currently supported:
-|				 cubrid, interbase, mssql, mysql, mysqli, oci8,
+|	['dbdriver'] The database driver. e.g.: mysqli.
+			Currently supported:
+|				 cubrid, ibase, mssql, mysql, mysqli, oci8,
 |				 odbc, pdo, postgre, sqlite, sqlite3, sqlsrv
 |	['dbprefix'] You can add an optional prefix, which will be added
 |				 to the table name when using the  Query Builder class

diff --git a/index.php b/index.php
@@ -43,6 +43,7 @@
  * NOTE: If you change these, also change the error_reporting() code below
  */
 	define('ENVIRONMENT', isset($_SERVER['CI_ENV']) ? $_SERVER['CI_ENV'] : 'development');
+
 /*
  *---------------------------------------------------------------
  * ERROR REPORTING
@@ -51,21 +52,22 @@
  * Different environments will require different levels of error reporting.
  * By default development will show errors but testing and live will hide them.
  */
-
-if (defined('ENVIRONMENT'))
+switch (ENVIRONMENT)
 {
-	switch (ENVIRONMENT)
-	{
-		case 'development':
-			error_reporting(-1);
-		break;
-		case 'testing':
-		case 'production':
-			error_reporting(0);
-		break;
-		default:
-			exit('The application environment is not set correctly.');
-	}
+	case 'development':
+		error_reporting(-1);
+		ini_set('display_errors', 1);
+	break;
+
+	case 'testing':
+	case 'production':
+		error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED ^ E_STRICT);
+		ini_set('display_errors', 0);
+	break;
+
+	default:
+		header('HTTP/1.1 503 Service Unavailable.', TRUE, 503);
+		exit('The application environment is not set correctly.');
 }
 
 /*
@@ -133,7 +135,7 @@
 	// if your controller is not in a sub-folder within the "controllers" folder
 	// $routing['directory'] = '';
 
-	// The controller class file name.  Example:  Mycontroller
+	// The controller class file name.  Example:  mycontroller
 	// $routing['controller'] = '';
 
 	// The controller function you wish to be called.
@@ -268,4 +270,4 @@
 require_once BASEPATH.'core/CodeIgniter.php';
 
 /* End of file index.php */
-/* Location: ./index.php */
+/* Location: ./index.php */
diff --git a/readme.rst b/readme.rst
@@ -115,6 +115,34 @@ at the same time, we might really want X but disagree with Y, meaning we
 cannot merge the request. Using the Git-Flow branching model you can create
 new branches for both of these features and send two requests.
 
+Signing
+=======
+You must sign your work, certifying that you either wrote the work or
+otherwise have the right to pass it on to an open source project. git makes
+this trivial as you merely have to use `--signoff` on your commits to your
+CodeIgniter fork.
+
+::
+
+	git commit --signoff
+
+or simply::
+
+	git commit -s
+
+This will sign your commits with the information setup in your git config, e.g.
+
+	Signed-off-by: John Q Public <john.public@example.com>
+
+If you are using Tower there is a "Sign-Off" checkbox in the commit window. You 
+could even alias git commit to use the -s flag so you don’t have to think about 
+it.
+
+By signing your work in this manner, you certify to a "Developer's Certificate 
+or Origin". The current version of this certificate is in the `DCO.txt` file
+in the root of this repository.
+
+
 ************
 How-to Guide
 ************

diff --git a/system/.htaccess b/system/.htaccess
@@ -1 +1,6 @@
-Deny from all
+<IfModule authz_core_module>
+    Require all denied
+</IfModule>
+<IfModule !authz_core_module>
+    Deny from all
+</IfModule>
diff --git a/system/core/Common.php b/system/core/Common.php
@@ -172,7 +172,7 @@ function &load_class($class, $directory = 'libraries', $prefix = 'CI_')
 		if ($name === FALSE)
 		{
 			// Note: We use exit() rather then show_error() in order to avoid a
-			// self-referencing loop with the Excptions class
+			// self-referencing loop with the Exceptions class
 			set_status_header(503);
 			exit('Unable to locate the specified class: '.$class.'.php');
 		}
@@ -526,7 +526,8 @@ function _exception_handler($severity, $message, $filepath, $line)
 
 		// Should we display the error? We'll get the current error_reporting
 		// level and add its bits with the severity bits to find out.
-		if (($severity & error_reporting()) === $severity)
+		// And respect display_errors
+		if (($severity & error_reporting()) === $severity && (bool) ini_get('display_errors') === TRUE)
 		{
 			$_error->show_php_error($severity, $message, $filepath, $line);
 		}

diff --git a/system/core/Config.php b/system/core/Config.php
@@ -43,7 +43,7 @@ class CI_Config {
 	 *
 	 * @var array
 	 */
-	public $config =	array();
+	public $config = array();
 
 	/**
 	 * List of all loaded config files
@@ -102,13 +102,13 @@ public function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE
 	{
 		$file = ($file === '') ? 'config' : str_replace('.php', '', $file);
 		$found = $loaded = FALSE;
+
+		$check_locations = defined('ENVIRONMENT')
+			? array(ENVIRONMENT.'/'.$file, $file)
+			: array($file);
 
 		foreach ($this->_config_paths as $path)
 		{
-			$check_locations = defined('ENVIRONMENT')
-				? array(ENVIRONMENT.'/'.$file, $file)
-				: array($file);
-
 			foreach ($check_locations as $location)
 			{
 				$file_path = $path.'config/'.$location.'.php';
@@ -172,7 +172,7 @@ public function load($file = '', $use_sections = FALSE, $fail_gracefully = FALSE
 			{
 				return FALSE;
 			}
-			show_error('The configuration file '.$file.'.php'.' does not exist.');
+			show_error('The configuration file '.$file.'.php does not exist.');
 		}
 
 		return TRUE;
@@ -271,7 +271,7 @@ public function site_url($uri = '')
 	 */
 	public function base_url($uri = '')
 	{
-		return $this->slash_item('base_url').ltrim($this->_uri_string($uri),'/');
+		return $this->slash_item('base_url').ltrim($this->_uri_string($uri), '/');
 	}
 
 	// -------------------------------------------------------------

diff --git a/system/core/Loader.php b/system/core/Loader.php
@@ -237,9 +237,9 @@ public function model($model, $name = '', $db_conn = FALSE)
 	{
 		if (is_array($model))
 		{
-			foreach ($model as $babe)
+			foreach ($model as $class)
 			{
-				$this->model($babe);
+				$this->model($class);
 			}
 			return;
 		}
@@ -820,7 +820,7 @@ protected function _ci_load($_ci_data)
 		/*
 		 * Extract and cache variables
 		 *
-		 * You can either set variables using the dedicated $this->load_vars()
+		 * You can either set variables using the dedicated $this->load->vars()
 		 * function or via the second parameter of this function. We'll merge
 		 * the two types and cache them so that views that are embedded within
 		 * other views can have access to these variables.
@@ -1091,7 +1091,7 @@ protected function _ci_init_class($class, $prefix = '', $config = FALSE, $object
 		if ( ! class_exists($name))
 		{
 			log_message('error', 'Non-existent class: '.$name);
-			show_error('Non-existent class: '.$class);
+			show_error('Non-existent class: '.$name);
 		}
 
 		// Set the variable name we will assign the class to

diff --git a/system/core/Security.php b/system/core/Security.php
@@ -395,20 +395,20 @@ public function xss_clean($str, $is_image = FALSE)
 
 			if (preg_match('/<a/i', $str))
 			{
-				$str = preg_replace_callback('#<a\s+([^>]*?)(>|$)#si', array($this, '_js_link_removal'), $str);
+				$str = preg_replace_callback('#<a\s+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
 			}
 
 			if (preg_match('/<img/i', $str))
 			{
-				$str = preg_replace_callback('#<img\s+([^>]*?)(\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
+				$str = preg_replace_callback('#<img\s+([^>]*?)(?:\s?/?>|$)#si', array($this, '_js_img_removal'), $str);
 			}
 
-			if (preg_match('/(script|xss)/i', $str))
+			if (preg_match('/script|xss/i', $str))
 			{
-				$str = preg_replace('#<(/*)(script|xss)(.*?)\>#si', '[removed]', $str);
+				$str = preg_replace('#</*(?:script|xss).*?>#si', '[removed]', $str);
 			}
 		}
-		while($original !== $str);
+		while ($original !== $str);
 
 		unset($original);
 
@@ -560,6 +560,19 @@ public function sanitize_filename($str, $relative_path = FALSE)
 
 	// ----------------------------------------------------------------
 
+	/**
+	 * Strip Image Tags
+	 *
+	 * @param	string
+	 * @return	string
+	 */
+	public function strip_image_tags($str)
+	{
+		return preg_replace(array('#<img\s+.*?src\s*=\s*["\'](.+?)["\'].*?\>#', '#<img\s+.*?src\s*=\s*(.+?).*?\>#'), '\\1', $str);
+	}
+
+	// ----------------------------------------------------------------
+
 	/**
 	 * Compact Exploded Words
 	 *
@@ -670,7 +683,7 @@ protected function _sanitize_naughty_html($matches)
 	protected function _js_link_removal($match)
 	{
 		return str_replace($match[1],
-					preg_replace('#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
+					preg_replace('#href=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
 							'',
 							$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
 					),
@@ -693,7 +706,7 @@ protected function _js_link_removal($match)
 	protected function _js_img_removal($match)
 	{
 		return str_replace($match[1],
-					preg_replace('#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
+					preg_replace('#src=.*?(?:alert\(|alert&\#40;|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|base64\s*,)#si',
 							'',
 							$this->_filter_attributes(str_replace(array('<', '>'), '', $match[1]))
 					),