Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed bad merge of Security.php and platform-specific change to Uploa…

…d test

Signed-off-by: dchill42 <dchill42@gmail.com>
  • Loading branch information...
commit 267a02806237aa70a39c815f2efe83bc4ed9f35d 1 parent 18fc52c
@dchill42 authored
View
39 system/core/Security.php 100755 → 100644
@@ -111,22 +111,22 @@ class CI_Security {
public function __construct()
{
// Is CSRF protection enabled?
- $config = get_instance()->config;
- if ($config->item('csrf_protection') === TRUE)
+ $CI = get_instance();
+ if ($CI->config->item('csrf_protection') === TRUE)
{
// CSRF config
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
{
- if (FALSE !== ($val = $config->item($key)))
+ if (FALSE !== ($val = $CI->config->item($key)))
{
$this->{'_'.$key} = $val;
}
}
// Append application specific cookie prefix
- if ($config->item('cookie_prefix'))
+ if (($pre = $CI->config->item('cookie_prefix')))
{
- $this->_csrf_cookie_name = $config->item('cookie_prefix').$this->_csrf_cookie_name;
+ $this->_csrf_cookie_name = $pre.$this->_csrf_cookie_name;
}
// Set the CSRF hash
@@ -196,9 +196,9 @@ public function csrf_verify()
*/
public function csrf_set_cookie()
{
- $config = get_instance()->config;
+ $CI = get_instance();
$expire = time() + $this->_csrf_expire;
- $secure_cookie = (bool) $config->item('cookie_secure');
+ $secure_cookie = (bool) $CI->config->item('cookie_secure');
if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off'))
{
@@ -209,10 +209,10 @@ public function csrf_set_cookie()
$this->_csrf_cookie_name,
$this->_csrf_hash,
$expire,
- $config->item('cookie_path'),
- $config->item('cookie_domain'),
+ $CI->config->item('cookie_path'),
+ $CI->config->item('cookie_domain'),
$secure_cookie,
- $config->item('cookie_httponly')
+ $CI->config->item('cookie_httponly')
);
log_message('debug', 'CRSF cookie Set');
@@ -503,8 +503,18 @@ public function xss_hash()
* @param string
* @return string
*/
- public function entity_decode($str, $charset='UTF-8')
+ public function entity_decode($str, $charset = NULL)
{
+ if (strpos($str, '&') === FALSE)
+ {
+ return $str;
+ }
+
+ if (empty($charset))
+ {
+ $charset = config_item('charset');
+ }
+
$str = html_entity_decode($str, ENT_COMPAT, $charset);
$str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str);
return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str);
@@ -756,8 +766,7 @@ protected function _filter_attributes($str)
*/
protected function _decode_entity($match)
{
- $charset = get_instance()->config->item('charset');
- return $this->entity_decode($match[0], strtoupper($charset));
+ return $this->entity_decode($match[0], strtoupper(config_item('charset')));
}
// --------------------------------------------------------------------
@@ -843,14 +852,14 @@ protected function _csrf_set_hash()
return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
}
- return $this->_csrf_hash = md5(uniqid(rand(), TRUE));
+ $this->_csrf_hash = md5(uniqid(rand(), TRUE));
+ $this->csrf_set_cookie();
}
return $this->_csrf_hash;
}
}
-// END Security Class
/* End of file Security.php */
/* Location: ./system/core/Security.php */
View
8 tests/codeigniter/libraries/Upload_test.php
@@ -107,7 +107,7 @@ function test_set_allowed_types()
function test_set_image_properties()
{
- $dir = preg_replace('/^(.*\/tests\/).*$/', '$1', __FILE__);
+ $dir = preg_replace('/^(.*[\/\\\\]tests[\/\\\\]).*$/', '$1', __FILE__);
$this->upload->file_type = 'image/gif';
$this->upload->file_temp = $dir.'mocks/uploads/ci_logo.gif';
@@ -158,7 +158,7 @@ function test_is_allowed_filetype()
$this->assertTrue($this->upload->is_allowed_filetype(FALSE));
$this->assertTrue($this->upload->is_allowed_filetype(TRUE));
- $dir = preg_replace('/^(.*\/tests\/).*$/', '$1', __FILE__);
+ $dir = preg_replace('/^(.*[\/\\\\]tests[\/\\\\]).*$/', '$1', __FILE__);
$this->upload->file_temp = $dir.'mocks/uploads/ci_logo.gif';
$this->upload->file_ext = '.gif';
$this->upload->file_type = 'image/gif';
@@ -181,7 +181,7 @@ function test_is_allowed_dimensions()
$this->upload->file_type = 'text/plain';
$this->assertTrue($this->upload->is_allowed_dimensions());
- $dir = preg_replace('/^(.*\/tests\/).*$/', '$1', __FILE__);
+ $dir = preg_replace('/^(.*[\/\\\\]tests[\/\\\\]).*$/', '$1', __FILE__);
$this->upload->file_type = 'image/gif';
$this->upload->file_temp = $dir.'mocks/uploads/ci_logo.gif';
@@ -239,7 +239,7 @@ function test_do_xss_clean()
$this->upload->file_temp = vfsStream::url('file3.txt');
$this->assertFalse($this->upload->do_xss_clean());
- $dir = preg_replace('/^(.*\/tests\/).*$/', '$1', __FILE__);
+ $dir = preg_replace('/^(.*[\/\\\\]tests[\/\\\\]).*$/', '$1', __FILE__);
$this->upload->file_temp = $dir.'mocks/uploads/ci_logo.gif';
$this->assertTrue($this->upload->do_xss_clean());
}
Please sign in to comment.
Something went wrong with that request. Please try again.