Permalink
Browse files

Merge branch '2.1-stable' of github.com:/EllisLab/CodeIgniter into hm…

…vc-lite
  • Loading branch information...
2 parents 296eecc + 5cb1b5b commit b81d8c5aac9e6cd37d329cdaa1fef034aaeafd50 @dchill42 committed Dec 5, 2011
Showing with 27,326 additions and 280 deletions.
  1. +2 −3 application/config/migration.php
  2. +2 −2 application/config/mimes.php
  3. +11 −7 system/core/Input.php
  4. +5 −0 system/core/Loader.php
  5. +39 −30 system/core/Security.php
  6. +8 −2 system/database/DB_driver.php
  7. +23 −23 system/database/DB_result.php
  8. +3 −3 system/database/drivers/mysql/mysql_result.php
  9. +19 −0 system/database/drivers/mysqli/mysqli_driver.php
  10. +3 −3 system/database/drivers/mysqli/mysqli_result.php
  11. +68 −66 system/database/drivers/oci8/oci8_driver.php
  12. +28 −61 system/database/drivers/oci8/oci8_result.php
  13. +23 −12 system/database/drivers/pdo/pdo_driver.php
  14. +2 −2 system/database/drivers/pdo/pdo_forge.php
  15. +2 −2 system/database/drivers/pdo/pdo_result.php
  16. +2 −2 system/database/drivers/pdo/pdo_utility.php
  17. +1 −1 system/helpers/date_helper.php
  18. +1 −1 system/helpers/form_helper.php
  19. +2 −2 system/libraries/Cache/drivers/Cache_apc.php
  20. +17 −16 system/libraries/Email.php
  21. +41 −7 system/libraries/Pagination.php
  22. +33 −32 system/libraries/Upload.php
  23. +3 −3 system/libraries/Xmlrpc.php
  24. +824 −0 user_guide/database/active_record.html
  25. +220 −0 user_guide/database/caching.html
  26. +118 −0 user_guide/database/call_function.html
  27. +164 −0 user_guide/database/configuration.html
  28. +188 −0 user_guide/database/connecting.html
  29. +217 −0 user_guide/database/examples.html
  30. +163 −0 user_guide/database/fields.html
  31. +234 −0 user_guide/database/forge.html
  32. +151 −0 user_guide/database/helpers.html
  33. +99 −0 user_guide/database/index.html
  34. +158 −0 user_guide/database/queries.html
  35. +259 −0 user_guide/database/results.html
  36. +113 −0 user_guide/database/table_data.html
  37. +200 −0 user_guide/database/transactions.html
  38. +314 −0 user_guide/database/utilities.html
  39. +87 −0 user_guide/doc_style/index.html
  40. +147 −0 user_guide/general/alternative_php.html
  41. +117 −0 user_guide/general/ancillary_classes.html
  42. +100 −0 user_guide/general/autoloader.html
  43. +115 −0 user_guide/general/caching.html
  44. +150 −0 user_guide/general/cli.html
  45. +127 −0 user_guide/general/common_functions.html
  46. +388 −0 user_guide/general/controllers.html
  47. +186 −0 user_guide/general/core_classes.html
  48. +100 −0 user_guide/general/creating_drivers.html
  49. +293 −0 user_guide/general/creating_libraries.html
  50. +87 −0 user_guide/general/credits.html
  51. +104 −0 user_guide/general/drivers.html
  52. +126 −0 user_guide/general/environments.html
  53. +140 −0 user_guide/general/errors.html
  54. +185 −0 user_guide/general/helpers.html
  55. +165 −0 user_guide/general/hooks.html
  56. +98 −0 user_guide/general/libraries.html
  57. +133 −0 user_guide/general/managing_apps.html
  58. +251 −0 user_guide/general/models.html
  59. +181 −0 user_guide/general/profiling.html
  60. +77 −0 user_guide/general/quick_reference.html
  61. +82 −0 user_guide/general/requirements.html
  62. +128 −0 user_guide/general/reserved_names.html
  63. +171 −0 user_guide/general/routing.html
  64. +164 −0 user_guide/general/security.html
  65. +679 −0 user_guide/general/styleguide.html
  66. +151 −0 user_guide/general/urls.html
  67. +274 −0 user_guide/general/views.html
  68. +170 −0 user_guide/helpers/array_helper.html
  69. +195 −0 user_guide/helpers/captcha_helper.html
  70. +107 −0 user_guide/helpers/cookie_helper.html
  71. +408 −0 user_guide/helpers/date_helper.html
  72. +143 −0 user_guide/helpers/directory_helper.html
  73. +112 −0 user_guide/helpers/download_helper.html
  74. +102 −0 user_guide/helpers/email_helper.html
  75. +179 −0 user_guide/helpers/file_helper.html
  76. +484 −0 user_guide/helpers/form_helper.html
  77. +390 −0 user_guide/helpers/html_helper.html
  78. +151 −0 user_guide/helpers/inflector_helper.html
  79. +98 −0 user_guide/helpers/language_helper.html
  80. +113 −0 user_guide/helpers/number_helper.html
  81. +106 −0 user_guide/helpers/path_helper.html
  82. +132 −0 user_guide/helpers/security_helper.html
  83. +215 −0 user_guide/helpers/smiley_helper.html
  84. +189 −0 user_guide/helpers/string_helper.html
  85. +211 −0 user_guide/helpers/text_helper.html
  86. +112 −0 user_guide/helpers/typography_helper.html
  87. +302 −0 user_guide/helpers/url_helper.html
  88. +105 −0 user_guide/helpers/xml_helper.html
  89. +98 −0 user_guide/index.html
  90. +115 −0 user_guide/installation/downloads.html
  91. +108 −0 user_guide/installation/index.html
  92. +90 −0 user_guide/installation/troubleshooting.html
  93. +92 −0 user_guide/installation/upgrade_120.html
  94. +203 −0 user_guide/installation/upgrade_130.html
  95. +102 −0 user_guide/installation/upgrade_131.html
  96. +100 −0 user_guide/installation/upgrade_132.html
  97. +112 −0 user_guide/installation/upgrade_133.html
  98. +145 −0 user_guide/installation/upgrade_140.html
  99. +148 −0 user_guide/installation/upgrade_141.html
  100. +178 −0 user_guide/installation/upgrade_150.html
  101. +111 −0 user_guide/installation/upgrade_152.html
  102. +100 −0 user_guide/installation/upgrade_153.html
  103. +116 −0 user_guide/installation/upgrade_154.html
  104. +125 −0 user_guide/installation/upgrade_160.html
  105. +98 −0 user_guide/installation/upgrade_161.html
  106. +106 −0 user_guide/installation/upgrade_162.html
  107. +99 −0 user_guide/installation/upgrade_163.html
  108. +121 −0 user_guide/installation/upgrade_170.html
  109. +98 −0 user_guide/installation/upgrade_171.html
  110. +109 −0 user_guide/installation/upgrade_172.html
  111. +131 −0 user_guide/installation/upgrade_200.html
  112. +105 −0 user_guide/installation/upgrade_201.html
  113. +97 −0 user_guide/installation/upgrade_202.html
  114. +121 −0 user_guide/installation/upgrade_203.html
  115. +89 −0 user_guide/installation/upgrade_210.html
  116. +144 −0 user_guide/installation/upgrade_b11.html
  117. +106 −0 user_guide/installation/upgrading.html
  118. +198 −0 user_guide/libraries/benchmark.html
  119. +193 −0 user_guide/libraries/caching.html
  120. +249 −0 user_guide/libraries/calendar.html
  121. +346 −0 user_guide/libraries/cart.html
  122. +222 −0 user_guide/libraries/config.html
  123. +307 −0 user_guide/libraries/email.html
  124. +224 −0 user_guide/libraries/encryption.html
  125. +451 −0 user_guide/libraries/file_uploading.html
  126. +1,250 −0 user_guide/libraries/form_validation.html
  127. +315 −0 user_guide/libraries/ftp.html
  128. +667 −0 user_guide/libraries/image_lib.html
  129. +295 −0 user_guide/libraries/input.html
  130. +247 −0 user_guide/libraries/javascript.html
  131. +137 −0 user_guide/libraries/language.html
  132. +273 −0 user_guide/libraries/loader.html
  133. +176 −0 user_guide/libraries/migration.html
  134. +177 −0 user_guide/libraries/output.html
  135. +233 −0 user_guide/libraries/pagination.html
  136. +212 −0 user_guide/libraries/parser.html
  137. +135 −0 user_guide/libraries/security.html
  138. +341 −0 user_guide/libraries/sessions.html
  139. +315 −0 user_guide/libraries/table.html
  140. +246 −0 user_guide/libraries/trackback.html
  141. +160 −0 user_guide/libraries/typography.html
  142. +226 −0 user_guide/libraries/unit_testing.html
  143. +252 −0 user_guide/libraries/uri.html
  144. +226 −0 user_guide/libraries/user_agent.html
  145. +519 −0 user_guide/libraries/xmlrpc.html
  146. +288 −0 user_guide/libraries/zip.html
  147. +107 −0 user_guide/license.html
  148. +156 −0 user_guide/nav/nav.js
  149. +95 −0 user_guide/overview/appflow.html
  150. +162 −0 user_guide/overview/at_a_glance.html
  151. +83 −0 user_guide/overview/cheatsheets.html
  152. +118 −0 user_guide/overview/features.html
  153. +92 −0 user_guide/overview/getting_started.html
  154. +98 −0 user_guide/overview/goals.html
  155. +84 −0 user_guide/overview/index.html
  156. +100 −0 user_guide/overview/mvc.html
  157. +229 −0 user_guide/toc.html
  158. +91 −0 user_guide/tutorial/conclusion.html
  159. +179 −0 user_guide/tutorial/create_news_items.html
  160. +158 −0 user_guide/tutorial/hard_coded_pages.html
  161. +101 −0 user_guide/tutorial/index.html
  162. +230 −0 user_guide/tutorial/news_section.html
  163. +206 −0 user_guide/tutorial/static_pages.html
@@ -4,9 +4,8 @@
| Enable/Disable Migrations
|--------------------------------------------------------------------------
|
-| Migrations are disabled by default for security reasons.
-| You should enable migrations whenever you intend to do a schema migration
-| and disable it back when you're done.
+| Migrations are disabled by default but should be enabled
+| whenever you intend to do a schema migration.
|
*/
$config['migration_enabled'] = FALSE;
@@ -94,8 +94,8 @@
'avi' => array('video/x-msvideo', 'video/msvideo', 'video/avi', 'application/x-troff-msvideo'),
'movie' => 'video/x-sgi-movie',
'doc' => 'application/msword',
- 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
- 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+ 'docx' => array('application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/zip'),
+ 'xlsx' => array('application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/zip'),
'word' => array('application/msword', 'application/octet-stream'),
'xl' => 'application/excel',
'eml' => 'message/rfc822',
View
@@ -326,14 +326,14 @@ public function ip_address()
$this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
}
- elseif (! $this->server('HTTP_CLIENT_IP') AND $this->server('REMOTE_ADDR'))
- {
- $this->ip_address = $_SERVER['REMOTE_ADDR'];
- }
elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
{
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
}
+ elseif ($this->server('REMOTE_ADDR'))
+ {
+ $this->ip_address = $_SERVER['REMOTE_ADDR'];
+ }
elseif ($this->server('HTTP_CLIENT_IP'))
{
$this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
@@ -557,8 +557,12 @@ private function _clean_input_data($str)
return $new_array;
}
- // We strip slashes if magic quotes is on to keep things consistent
- if (function_exists('get_magic_quotes_gpc') AND @get_magic_quotes_gpc())
+ /* We strip slashes if magic quotes is on to keep things consistent
+
+ NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and
+ it will probably not exist in future versions at all.
+ */
+ if ( ! is_php('5.4') && get_magic_quotes_gpc())
{
$str = stripslashes($str);
}
@@ -728,4 +732,4 @@ public function is_cli_request()
// END Input class
/* End of file Input.php */
-/* Location: ./system/core/Input.php */
+/* Location: ./system/core/Input.php */
View
5 system/core/Loader.php 100755 → 100644
@@ -804,6 +804,11 @@ public function driver($library = '', $params = NULL, $object_name = NULL)
require BASEPATH.'libraries/Driver.php';
}
+ if ($library == '')
+ {
+ return FALSE;
+ }
+
// We can save the loader some time since Drivers will *always* be in a subfolder,
// and typically identically named to the library
if ( ! strpos($library, '/'))
View
@@ -83,7 +83,8 @@ class CI_Security {
'-moz-binding' => '[removed]',
'<!--' => '&lt;!--',
'-->' => '--&gt;',
- '<![CDATA[' => '&lt;![CDATA['
+ '<![CDATA[' => '&lt;![CDATA[',
+ '<comment>' => '&lt;comment&gt;'
);
/**
@@ -486,15 +487,7 @@ public function xss_hash()
{
if ($this->_xss_hash == '')
{
- if (phpversion() >= 4.2)
- {
- mt_srand();
- }
- else
- {
- mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
- }
-
+ mt_srand();
$this->_xss_hash = md5(time() + mt_rand(0, 1999999999));
}
@@ -508,27 +501,23 @@ public function xss_hash()
*
* This function is a replacement for html_entity_decode()
*
+ * The reason we are not using html_entity_decode() by itself is because
+ * while it is not technically correct to leave out the semicolon
+ * at the end of an entity most browsers will still interpret the entity
+ * correctly. html_entity_decode() does not convert entities without
+ * semicolons, so we are left with our own little solution here. Bummer.
+ *
* @param string
* @param string
* @return string
*/
- public function entity_decode($str, $charset = NULL)
+ public function entity_decode($str, $charset='UTF-8')
{
- if (strpos($str, '&') === FALSE)
+ if (stristr($str, '&') === FALSE)
{
return $str;
}
- if (empty($charset))
- {
- $charset = config_item('charset');
- }
-
- // The reason we are not using html_entity_decode() by itself is because
- // while it is not technically correct to leave out the semicolon
- // at the end of an entity most browsers will still interpret the entity
- // correctly. html_entity_decode() does not convert entities without
- // semicolons, so we are left with our own little solution here. Bummer.
$str = html_entity_decode($str, ENT_COMPAT, $charset);
$str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str);
return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str);
@@ -625,7 +614,7 @@ protected function _compact_exploded_words($matches)
protected function _remove_evil_attributes($str, $is_image)
{
// All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
- $evil_attributes = array('on\w*', 'style', 'xmlns');
+ $evil_attributes = array('on\w*', 'style', 'xmlns', 'formaction');
if ($is_image === TRUE)
{
@@ -637,11 +626,31 @@ protected function _remove_evil_attributes($str, $is_image)
}
do {
- $str = preg_replace(
- "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
- "<$1$6",
- $str, -1, $count
- );
+ $count = 0;
+ $attribs = array();
+
+ // find occurrences of illegal attribute strings without quotes
+ preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*([^\s]*)/is", $str, $matches, PREG_SET_ORDER);
+
+ foreach ($matches as $attr)
+ {
+ $attribs[] = preg_quote($attr[0], '/');
+ }
+
+ // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
+ preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER);
+
+ foreach ($matches as $attr)
+ {
+ $attribs[] = preg_quote($attr[0], '/');
+ }
+
+ // replace illegal attribute strings that are inside an html tag
+ if (count($attribs) > 0)
+ {
+ $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count);
+ }
+
} while ($count);
return $str;
@@ -855,14 +864,14 @@ protected function _csrf_set_hash()
return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name];
}
- $this->_csrf_hash = md5(uniqid(rand(), TRUE));
- $this->csrf_set_cookie();
+ return $this->_csrf_hash = md5(uniqid(rand(), TRUE));
}
return $this->_csrf_hash;
}
}
+// END Security Class
/* End of file Security.php */
/* Location: ./system/core/Security.php */
@@ -1019,8 +1019,14 @@ function call_function($function)
else
{
$args = (func_num_args() > 1) ? array_splice(func_get_args(), 1) : null;
-
- return call_user_func_array($function, $args);
+ if (is_null($args))
+ {
+ return call_user_func($function);
+ }
+ else
+ {
+ return call_user_func_array($function, $args);
+ }
}
}
@@ -45,7 +45,7 @@ class CI_DB_result {
* @param string can be "object" or "array"
* @return mixed either a result object or array
*/
- function result($type = 'object')
+ public function result($type = 'object')
{
if ($type == 'array') return $this->result_array();
else if ($type == 'object') return $this->result_object();
@@ -60,7 +60,7 @@ function result($type = 'object')
* @param class_name A string that represents the type of object you want back
* @return array of objects
*/
- function custom_result_object($class_name)
+ public function custom_result_object($class_name)
{
if (array_key_exists($class_name, $this->custom_result_object))
{
@@ -79,12 +79,12 @@ function custom_result_object($class_name)
while ($row = $this->_fetch_object())
{
$object = new $class_name();
-
+
foreach ($row as $key => $value)
{
$object->$key = $value;
}
-
+
$result_object[] = $object;
}
@@ -100,7 +100,7 @@ function custom_result_object($class_name)
* @access public
* @return object
*/
- function result_object()
+ public function result_object()
{
if (count($this->result_object) > 0)
{
@@ -132,7 +132,7 @@ function result_object()
* @access public
* @return array
*/
- function result_array()
+ public function result_array()
{
if (count($this->result_array) > 0)
{
@@ -166,7 +166,7 @@ function result_array()
* @param string can be "object" or "array"
* @return mixed either a result object or array
*/
- function row($n = 0, $type = 'object')
+ public function row($n = 0, $type = 'object')
{
if ( ! is_numeric($n))
{
@@ -198,7 +198,7 @@ function row($n = 0, $type = 'object')
* @access public
* @return object
*/
- function set_row($key, $value = NULL)
+ public function set_row($key, $value = NULL)
{
// We cache the row data for subsequent uses
if ( ! is_array($this->row_data))
@@ -230,7 +230,7 @@ function set_row($key, $value = NULL)
* @access public
* @return object
*/
- function custom_row_object($n, $type)
+ public function custom_row_object($n, $type)
{
$result = $this->custom_result_object($type);
@@ -253,7 +253,7 @@ function custom_row_object($n, $type)
* @access public
* @return object
*/
- function row_object($n = 0)
+ public function row_object($n = 0)
{
$result = $this->result_object();
@@ -278,7 +278,7 @@ function row_object($n = 0)
* @access public
* @return array
*/
- function row_array($n = 0)
+ public function row_array($n = 0)
{
$result = $this->result_array();
@@ -304,7 +304,7 @@ function row_array($n = 0)
* @access public
* @return object
*/
- function first_row($type = 'object')
+ public function first_row($type = 'object')
{
$result = $this->result($type);
@@ -323,7 +323,7 @@ function first_row($type = 'object')
* @access public
* @return object
*/
- function last_row($type = 'object')
+ public function last_row($type = 'object')
{
$result = $this->result($type);
@@ -342,7 +342,7 @@ function last_row($type = 'object')
* @access public
* @return object
*/
- function next_row($type = 'object')
+ public function next_row($type = 'object')
{
$result = $this->result($type);
@@ -367,7 +367,7 @@ function next_row($type = 'object')
* @access public
* @return object
*/
- function previous_row($type = 'object')
+ public function previous_row($type = 'object')
{
$result = $this->result($type);
@@ -394,14 +394,14 @@ function previous_row($type = 'object')
* operational due to the unavailability of the database resource IDs with
* cached results.
*/
- function num_rows() { return $this->num_rows; }
- function num_fields() { return 0; }
- function list_fields() { return array(); }
- function field_data() { return array(); }
- function free_result() { return TRUE; }
- function _data_seek() { return TRUE; }
- function _fetch_assoc() { return array(); }
- function _fetch_object() { return array(); }
+ public function num_rows() { return $this->num_rows; }
+ public function num_fields() { return 0; }
+ public function list_fields() { return array(); }
+ public function field_data() { return array(); }
+ public function free_result() { return TRUE; }
+ protected function _data_seek() { return TRUE; }
+ protected function _fetch_assoc() { return array(); }
+ protected function _fetch_object() { return array(); }
}
// END DB_result class
@@ -86,10 +86,10 @@ function field_data()
$retval = array();
while ($field = mysql_fetch_object($this->result_id))
{
- preg_match('/([a-zA-Z]+)(\((\d+)\))?/i', $field->Type, $matches);
+ preg_match('/([a-zA-Z]+)(\(\d+\))?/', $field->Type, $matches);
- $type = $matches[1];
- $length = isset($matches[3]) ? (int) $matches[3] : NULL;
+ $type = (array_key_exists(1, $matches)) ? $matches[1] : NULL;
+ $length = (array_key_exists(2, $matches)) ? preg_replace('/[^\d]/', '', $matches[2]) : NULL;
$F = new stdClass();
$F->name = $field->Field;
Oops, something went wrong.

0 comments on commit b81d8c5

Please sign in to comment.