From 4c3e571e3bf34679f0b8d0d8efbc0efeac6d7b38 Mon Sep 17 00:00:00 2001 From: Claude Date: Sun, 2 Sep 2012 14:35:49 +0200 Subject: [PATCH] codeigniter v2.1.1 --- htdocs/application/config/mimes.php | 4 +- htdocs/system/core/CodeIgniter.php | 2 +- htdocs/system/core/Input.php | 137 +++++++++++++++- htdocs/system/core/Security.php | 153 ++++++++++-------- htdocs/system/database/DB_active_rec.php | 12 +- htdocs/system/database/DB_driver.php | 44 +++-- .../database/drivers/pdo/pdo_driver.php | 31 ++-- .../system/database/drivers/pdo/pdo_forge.php | 2 +- .../database/drivers/pdo/pdo_result.php | 15 +- .../database/drivers/pdo/pdo_utility.php | 2 +- htdocs/system/helpers/form_helper.php | 2 +- htdocs/system/helpers/url_helper.php | 36 ++--- .../language/english/migration_lang.php | 2 +- htdocs/system/libraries/Cache/Cache.php | 2 +- .../libraries/Cache/drivers/Cache_apc.php | 2 +- .../libraries/Cache/drivers/Cache_dummy.php | 2 +- .../libraries/Cache/drivers/Cache_file.php | 2 +- .../Cache/drivers/Cache_memcached.php | 2 +- htdocs/system/libraries/Cart.php | 2 +- htdocs/system/libraries/Driver.php | 4 +- htdocs/system/libraries/Form_validation.php | 5 +- htdocs/system/libraries/Image_lib.php | 4 +- htdocs/system/libraries/Migration.php | 2 +- htdocs/system/libraries/Upload.php | 109 ++++++++++--- 24 files changed, 409 insertions(+), 169 deletions(-) diff --git a/htdocs/application/config/mimes.php b/htdocs/application/config/mimes.php index f00e5b6..100f7d4 100644 --- a/htdocs/application/config/mimes.php +++ b/htdocs/application/config/mimes.php @@ -93,8 +93,8 @@ $mimes = array( 'hqx' => 'application/mac-binhex40', 'avi' => 'video/x-msvideo', 'movie' => 'video/x-sgi-movie', 'doc' => 'application/msword', - 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', - 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', + 'docx' => array('application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/zip'), + 'xlsx' => array('application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/zip'), 'word' => array('application/msword', 'application/octet-stream'), 'xl' => 'application/excel', 'eml' => 'message/rfc822', diff --git a/htdocs/system/core/CodeIgniter.php b/htdocs/system/core/CodeIgniter.php index db1aee5..cd33333 100755 --- a/htdocs/system/core/CodeIgniter.php +++ b/htdocs/system/core/CodeIgniter.php @@ -33,7 +33,7 @@ * @var string * */ - define('CI_VERSION', '2.1.0'); + define('CI_VERSION', '2.1.2'); /** * CodeIgniter Branch (Core = TRUE, Reactor = FALSE) diff --git a/htdocs/system/core/Input.php b/htdocs/system/core/Input.php index 9bfb5f1..3559d86 100755 --- a/htdocs/system/core/Input.php +++ b/htdocs/system/core/Input.php @@ -365,18 +365,70 @@ class CI_Input { /** * Validate IP Address * - * Updated version suggested by Geert De Deckere - * * @access public * @param string - * @return string + * @param string ipv4 or ipv6 + * @return bool */ - function valid_ip($ip) + public function valid_ip($ip, $which = '') + { + $which = strtolower($which); + + // First check if filter_var is available + if (is_callable('filter_var')) + { + switch ($which) { + case 'ipv4': + $flag = FILTER_FLAG_IPV4; + break; + case 'ipv6': + $flag = FILTER_FLAG_IPV6; + break; + default: + $flag = ''; + break; + } + + return (bool) filter_var($ip, FILTER_VALIDATE_IP, $flag); + } + + if ($which !== 'ipv6' && $which !== 'ipv4') + { + if (strpos($ip, ':') !== FALSE) + { + $which = 'ipv6'; + } + elseif (strpos($ip, '.') !== FALSE) + { + $which = 'ipv4'; + } + else + { + return FALSE; + } + } + + $func = '_valid_'.$which; + return $this->$func($ip); + } + + // -------------------------------------------------------------------- + + /** + * Validate IPv4 Address + * + * Updated version suggested by Geert De Deckere + * + * @access protected + * @param string + * @return bool + */ + protected function _valid_ipv4($ip) { $ip_segments = explode('.', $ip); // Always 4 segments needed - if (count($ip_segments) != 4) + if (count($ip_segments) !== 4) { return FALSE; } @@ -385,6 +437,7 @@ class CI_Input { { return FALSE; } + // Check each segment foreach ($ip_segments as $segment) { @@ -401,6 +454,80 @@ class CI_Input { // -------------------------------------------------------------------- + /** + * Validate IPv6 Address + * + * @access protected + * @param string + * @return bool + */ + protected function _valid_ipv6($str) + { + // 8 groups, separated by : + // 0-ffff per group + // one set of consecutive 0 groups can be collapsed to :: + + $groups = 8; + $collapsed = FALSE; + + $chunks = array_filter( + preg_split('/(:{1,2})/', $str, NULL, PREG_SPLIT_DELIM_CAPTURE) + ); + + // Rule out easy nonsense + if (current($chunks) == ':' OR end($chunks) == ':') + { + return FALSE; + } + + // PHP supports IPv4-mapped IPv6 addresses, so we'll expect those as well + if (strpos(end($chunks), '.') !== FALSE) + { + $ipv4 = array_pop($chunks); + + if ( ! $this->_valid_ipv4($ipv4)) + { + return FALSE; + } + + $groups--; + } + + while ($seg = array_pop($chunks)) + { + if ($seg[0] == ':') + { + if (--$groups == 0) + { + return FALSE; // too many groups + } + + if (strlen($seg) > 2) + { + return FALSE; // long separator + } + + if ($seg == '::') + { + if ($collapsed) + { + return FALSE; // multiple collapsed + } + + $collapsed = TRUE; + } + } + elseif (preg_match("/[^0-9a-f]/i", $seg) OR strlen($seg) > 4) + { + return FALSE; // invalid segment + } + } + + return $collapsed OR $groups == 1; + } + + // -------------------------------------------------------------------- + /** * User Agent * diff --git a/htdocs/system/core/Security.php b/htdocs/system/core/Security.php index a3e2274..7af240d 100755 --- a/htdocs/system/core/Security.php +++ b/htdocs/system/core/Security.php @@ -1,4 +1,4 @@ - '[removed]', - 'document.write' => '[removed]', - '.parentNode' => '[removed]', - '.innerHTML' => '[removed]', - 'window.location' => '[removed]', - '-moz-binding' => '[removed]', - '' => '-->', - ' '<![CDATA[', - '' => '<comment>' + 'document.cookie' => '[removed]', + 'document.write' => '[removed]', + '.parentNode' => '[removed]', + '.innerHTML' => '[removed]', + 'window.location' => '[removed]', + '-moz-binding' => '[removed]', + '' => '-->', + ' '<![CDATA[', + '' => '<comment>' ); /* never allowed, regex replacement */ @@ -89,10 +89,11 @@ class CI_Security { * @access protected */ protected $_never_allowed_regex = array( - "javascript\s*:" => '[removed]', - "expression\s*(\(|&\#40;)" => '[removed]', // CSS and IE - "vbscript\s*:" => '[removed]', // IE, surprise! - "Redirect\s+302" => '[removed]' + 'javascript\s*:', + 'expression\s*(\(|&\#40;)', // CSS and IE + 'vbscript\s*:', // IE, surprise! + 'Redirect\s+302', + "([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?" ); /** @@ -364,9 +365,9 @@ class CI_Security { * These words are compacted back to their correct state. */ $words = array( - 'javascript', 'expression', 'vbscript', 'script', - 'applet', 'alert', 'document', 'write', 'cookie', 'window' - ); + 'javascript', 'expression', 'vbscript', 'script', 'base64', + 'applet', 'alert', 'document', 'write', 'cookie', 'window' + ); foreach ($words as $word) { @@ -524,38 +525,38 @@ class CI_Security { public function sanitize_filename($str, $relative_path = FALSE) { $bad = array( - "../", - "", - "<", - ">", - "'", - '"', - '&', - '$', - '#', - '{', - '}', - '[', - ']', - '=', - ';', - '?', - "%20", - "%22", - "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; - "%3d" // = - ); + "../", + "", + "<", + ">", + "'", + '"', + '&', + '$', + '#', + '{', + '}', + '[', + ']', + '=', + ';', + '?', + "%20", + "%22", + "%3c", // < + "%253c", // < + "%3e", // > + "%0e", // > + "%28", // ( + "%29", // ) + "%2528", // ( + "%26", // & + "%24", // $ + "%3f", // ? + "%3b", // ; + "%3d" // = + ); if ( ! $relative_path) { @@ -613,19 +614,20 @@ class CI_Security { */ unset($evil_attributes[array_search('xmlns', $evil_attributes)]); } - + do { $count = 0; $attribs = array(); - + // find occurrences of illegal attribute strings without quotes - preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*([^\s]*)/is", $str, $matches, PREG_SET_ORDER); - + preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER); + foreach ($matches as $attr) { + $attribs[] = preg_quote($attr[0], '/'); } - + // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes) preg_match_all("/(".implode('|', $evil_attributes).")\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is", $str, $matches, PREG_SET_ORDER); @@ -637,11 +639,11 @@ class CI_Security { // replace illegal attribute strings that are inside an html tag if (count($attribs) > 0) { - $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z\-])(".implode('|', $attribs).")([\s><])([><]*)/i", '<$1$2$4$5', $str, -1, $count); + $str = preg_replace("/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)(".implode('|', $attribs).")(.*?)([\s><])([><]*)/i", '<$1 $3$5$6$7', $str, -1, $count); } - + } while ($count); - + return $str; } @@ -682,9 +684,15 @@ class CI_Security { */ protected function _js_link_removal($match) { - $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])); - - return str_replace($match[1], preg_replace("#href=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|_filter_attributes(str_replace(array('<', '>'), '', $match[1])) + ), + $match[0] + ); } // -------------------------------------------------------------------- @@ -702,9 +710,15 @@ class CI_Security { */ protected function _js_img_removal($match) { - $attributes = $this->_filter_attributes(str_replace(array('<', '>'), '', $match[1])); - - return str_replace($match[1], preg_replace("#src=.*?(alert\(|alert&\#40;|javascript\:|livescript\:|mocha\:|charset\=|window\.|document\.|\.cookie|_filter_attributes(str_replace(array('<', '>'), '', $match[1])) + ), + $match[0] + ); } // -------------------------------------------------------------------- @@ -819,14 +833,11 @@ class CI_Security { */ protected function _do_never_allowed($str) { - foreach ($this->_never_allowed_str as $key => $val) - { - $str = str_replace($key, $val, $str); - } + $str = str_replace(array_keys($this->_never_allowed_str), $this->_never_allowed_str, $str); - foreach ($this->_never_allowed_regex as $key => $val) + foreach ($this->_never_allowed_regex as $regex) { - $str = preg_replace("#".$key."#i", $val, $str); + $str = preg_replace('#'.$regex.'#is', '[removed]', $str); } return $str; @@ -848,7 +859,7 @@ class CI_Security { // each page load since a page could contain embedded // sub-pages causing this feature to fail if (isset($_COOKIE[$this->_csrf_cookie_name]) && - $_COOKIE[$this->_csrf_cookie_name] != '') + preg_match('#^[0-9a-f]{32}$#iS', $_COOKIE[$this->_csrf_cookie_name]) === 1) { return $this->_csrf_hash = $_COOKIE[$this->_csrf_cookie_name]; } diff --git a/htdocs/system/database/DB_active_rec.php b/htdocs/system/database/DB_active_rec.php index 7bab729..10febb1 100644 --- a/htdocs/system/database/DB_active_rec.php +++ b/htdocs/system/database/DB_active_rec.php @@ -255,7 +255,7 @@ class CI_DB_active_record extends CI_DB_driver { */ public function from($from) { - foreach ((array)$from as $val) + foreach ((array) $from as $val) { if (strpos($val, ',') !== FALSE) { @@ -660,8 +660,12 @@ class CI_DB_active_record extends CI_DB_driver { $prefix = (count($this->ar_like) == 0) ? '' : $type; $v = $this->escape_like_str($v); - - if ($side == 'before') + + if ($side == 'none') + { + $like_statement = $prefix." $k $not LIKE '{$v}'"; + } + elseif ($side == 'before') { $like_statement = $prefix." $k $not LIKE '%{$v}'"; } @@ -1643,7 +1647,7 @@ class CI_DB_active_record extends CI_DB_driver { if (strpos($table, " ") !== FALSE) { // if the alias is written with the AS keyword, remove it - $table = preg_replace('/ AS /i', ' ', $table); + $table = preg_replace('/\s+AS\s+/i', ' ', $table); // Grab the alias $table = trim(strrchr($table, " ")); diff --git a/htdocs/system/database/DB_driver.php b/htdocs/system/database/DB_driver.php index 3680b85..775fd33 100644 --- a/htdocs/system/database/DB_driver.php +++ b/htdocs/system/database/DB_driver.php @@ -265,6 +265,12 @@ class CI_DB_driver { $sql = preg_replace("/(\W)".$this->swap_pre."(\S+?)/", "\\1".$this->dbprefix."\\2", $sql); } + // Compile binds if needed + if ($binds !== FALSE) + { + $sql = $this->compile_binds($sql, $binds); + } + // Is query caching enabled? If the query is a "read type" // we will load the caching class and return the previously // cached query if it exists @@ -280,12 +286,6 @@ class CI_DB_driver { } } - // Compile binds if needed - if ($binds !== FALSE) - { - $sql = $this->compile_binds($sql, $binds); - } - // Save the query for debugging if ($this->save_queries == TRUE) { @@ -1015,8 +1015,14 @@ class CI_DB_driver { else { $args = (func_num_args() > 1) ? array_splice(func_get_args(), 1) : null; - - return call_user_func_array($function, $args); + if (is_null($args)) + { + return call_user_func($function); + } + else + { + return call_user_func_array($function, $args); + } } } @@ -1261,12 +1267,15 @@ class CI_DB_driver { // If the item has an alias declaration we remove it and set it aside. // Basically we remove everything to the right of the first space - $alias = ''; if (strpos($item, ' ') !== FALSE) { - $alias = strstr($item, " "); + $alias = strstr($item, ' '); $item = substr($item, 0, - strlen($alias)); } + else + { + $alias = ''; + } // This is basically a bug fix for queries that use MAX, MIN, etc. // If a parenthesis is found we know that we do not need to @@ -1382,9 +1391,20 @@ class CI_DB_driver { return $item.$alias; } + // -------------------------------------------------------------------- + + /** + * Dummy method that allows Active Record class to be disabled + * + * This function is used extensively by every db driver. + * + * @return void + */ + protected function _reset_select() + { + } } - /* End of file DB_driver.php */ -/* Location: ./system/database/DB_driver.php */ +/* Location: ./system/database/DB_driver.php */ \ No newline at end of file diff --git a/htdocs/system/database/drivers/pdo/pdo_driver.php b/htdocs/system/database/drivers/pdo/pdo_driver.php index 5de2079..1ecc90a 100644 --- a/htdocs/system/database/drivers/pdo/pdo_driver.php +++ b/htdocs/system/database/drivers/pdo/pdo_driver.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.2 * @filesource */ @@ -51,23 +51,23 @@ class CI_DB_pdo_driver extends CI_DB { function __construct($params) { parent::__construct($params); - + // clause and character used for LIKE escape sequences if (strpos($this->hostname, 'mysql') !== FALSE) { $this->_like_escape_str = ''; $this->_like_escape_chr = ''; - + //Prior to this version, the charset can't be set in the dsn if(is_php('5.3.6')) { $this->hostname .= ";charset={$this->char_set}"; } - + //Set the charset with the connection options $this->options['PDO::MYSQL_ATTR_INIT_COMMAND'] = "SET NAMES {$this->char_set}"; } - else if (strpos($this->hostname, 'odbc') !== FALSE) + elseif (strpos($this->hostname, 'odbc') !== FALSE) { $this->_like_escape_str = " {escape '%s'} "; $this->_like_escape_chr = '!'; @@ -77,9 +77,9 @@ class CI_DB_pdo_driver extends CI_DB { $this->_like_escape_str = " ESCAPE '%s' "; $this->_like_escape_chr = '!'; } - - $this->hostname .= ";dbname=".$this->database; - + + empty($this->database) OR $this->hostname .= ';dbname='.$this->database; + $this->trans_enabled = FALSE; $this->_random_keyword = ' RND('.time().')'; // database specific random keyword @@ -94,7 +94,7 @@ class CI_DB_pdo_driver extends CI_DB { function db_connect() { $this->options['PDO::ATTR_ERRMODE'] = PDO::ERRMODE_SILENT; - + return new PDO($this->hostname, $this->username, $this->password, $this->options); } @@ -189,11 +189,20 @@ class CI_DB_pdo_driver extends CI_DB { function _execute($sql) { $sql = $this->_prep_query($sql); - $result_id = $this->conn_id->query($sql); + $result_id = $this->conn_id->prepare($sql); + $result_id->execute(); if (is_object($result_id)) { - $this->affect_rows = $result_id->rowCount(); + if (is_numeric(stripos($sql, 'SELECT'))) + { + $this->affect_rows = count($result_id->fetchAll()); + $result_id->execute(); + } + else + { + $this->affect_rows = $result_id->rowCount(); + } } else { diff --git a/htdocs/system/database/drivers/pdo/pdo_forge.php b/htdocs/system/database/drivers/pdo/pdo_forge.php index 1462e8c..9a78220 100644 --- a/htdocs/system/database/drivers/pdo/pdo_forge.php +++ b/htdocs/system/database/drivers/pdo/pdo_forge.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.2 * @filesource */ diff --git a/htdocs/system/database/drivers/pdo/pdo_result.php b/htdocs/system/database/drivers/pdo/pdo_result.php index 7f3058f..a366a5f 100644 --- a/htdocs/system/database/drivers/pdo/pdo_result.php +++ b/htdocs/system/database/drivers/pdo/pdo_result.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.2 * @filesource */ @@ -34,7 +34,18 @@ class CI_DB_pdo_result extends CI_DB_result { */ function num_rows() { - return $this->result_id->rowCount(); + if (is_numeric(stripos($this->result_id->queryString, 'SELECT'))) + { + $dbh = $this->conn_id; + $query = $dbh->query($this->result_id->queryString); + $result = $query->fetchAll(); + unset($dbh, $query); + return count($result); + } + else + { + return $this->result_id->rowCount(); + } } // -------------------------------------------------------------------- diff --git a/htdocs/system/database/drivers/pdo/pdo_utility.php b/htdocs/system/database/drivers/pdo/pdo_utility.php index 29aefca..88ce033 100644 --- a/htdocs/system/database/drivers/pdo/pdo_utility.php +++ b/htdocs/system/database/drivers/pdo/pdo_utility.php @@ -9,7 +9,7 @@ * @license http://codeigniter.com/user_guide/license.html * @author EllisLab Dev Team * @link http://codeigniter.com - * @since Version 2.1.0 + * @since Version 2.1.2 * @filesource */ diff --git a/htdocs/system/helpers/form_helper.php b/htdocs/system/helpers/form_helper.php index d9305c0..8733ae0 100644 --- a/htdocs/system/helpers/form_helper.php +++ b/htdocs/system/helpers/form_helper.php @@ -65,7 +65,7 @@ if ( ! function_exists('form_open')) $form .= '>'; // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites - if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->site_url()) === FALSE OR strpos($form, 'method="get"'))) + if ($CI->config->item('csrf_protection') === TRUE AND ! (strpos($action, $CI->config->base_url()) === FALSE OR strpos($form, 'method="get"'))) { $hidden[$CI->security->get_csrf_token_name()] = $CI->security->get_csrf_hash(); } diff --git a/htdocs/system/helpers/url_helper.php b/htdocs/system/helpers/url_helper.php index 9f4b852..f1e8c6a 100644 --- a/htdocs/system/helpers/url_helper.php +++ b/htdocs/system/helpers/url_helper.php @@ -466,39 +466,35 @@ if ( ! function_exists('prep_url')) * Create URL Title * * Takes a "title" string as input and creates a - * human-friendly URL string with either a dash - * or an underscore as the word separator. + * human-friendly URL string with a "separator" string + * as the word separator. * * @access public * @param string the string - * @param string the separator: dash, or underscore + * @param string the separator * @return string */ if ( ! function_exists('url_title')) { - function url_title($str, $separator = 'dash', $lowercase = FALSE) + function url_title($str, $separator = '-', $lowercase = FALSE) { - if ($separator == 'dash') + if ($separator == 'dash') { - $search = '_'; - $replace = '-'; + $separator = '-'; } - else + else if ($separator == 'underscore') { - $search = '-'; - $replace = '_'; + $separator = '_'; } + + $q_separator = preg_quote($separator); $trans = array( - '&\#\d+?;' => '', - '&\S+?;' => '', - '\s+' => $replace, - '[^a-z0-9\-\._]' => '', - $replace.'+' => $replace, - $replace.'$' => $replace, - '^'.$replace => $replace, - '\.+$' => '' - ); + '&.+?;' => '', + '[^a-z0-9 _-]' => '', + '\s+' => $separator, + '('.$q_separator.')+' => $separator + ); $str = strip_tags($str); @@ -512,7 +508,7 @@ if ( ! function_exists('url_title')) $str = strtolower($str); } - return trim(stripslashes($str)); + return trim($str, $separator); } } diff --git a/htdocs/system/language/english/migration_lang.php b/htdocs/system/language/english/migration_lang.php index 4763ca2..f17530f 100644 --- a/htdocs/system/language/english/migration_lang.php +++ b/htdocs/system/language/english/migration_lang.php @@ -5,7 +5,7 @@ $lang['migration_not_found'] = "This migration could not be found."; $lang['migration_multiple_version'] = "This are multiple migrations with the same version number: %d."; $lang['migration_class_doesnt_exist'] = "The migration class \"%s\" could not be found."; $lang['migration_missing_up_method'] = "The migration class \"%s\" is missing an 'up' method."; -$lang['migration_missing_down_method'] = "The migration class \"%s\" is missing an 'up' method."; +$lang['migration_missing_down_method'] = "The migration class \"%s\" is missing an 'down' method."; $lang['migration_invalid_filename'] = "Migration \"%s\" has an invalid filename."; diff --git a/htdocs/system/libraries/Cache/Cache.php b/htdocs/system/libraries/Cache/Cache.php index 61e7aa7..261fc36 100644 --- a/htdocs/system/libraries/Cache/Cache.php +++ b/htdocs/system/libraries/Cache/Cache.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/htdocs/system/libraries/Cache/drivers/Cache_apc.php b/htdocs/system/libraries/Cache/drivers/Cache_apc.php index 79d91b3..f750e6c 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_apc.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_apc.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/htdocs/system/libraries/Cache/drivers/Cache_dummy.php b/htdocs/system/libraries/Cache/drivers/Cache_dummy.php index f96a68e..b11b5b8 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_dummy.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_dummy.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/htdocs/system/libraries/Cache/drivers/Cache_file.php b/htdocs/system/libraries/Cache/drivers/Cache_file.php index 13e2d1a..c500436 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_file.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_file.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/htdocs/system/libraries/Cache/drivers/Cache_memcached.php b/htdocs/system/libraries/Cache/drivers/Cache_memcached.php index fc586e0..7478420 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_memcached.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_memcached.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011 EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012 EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 2.0 diff --git a/htdocs/system/libraries/Cart.php b/htdocs/system/libraries/Cart.php index ab5a70c..da47b5a 100644 --- a/htdocs/system/libraries/Cart.php +++ b/htdocs/system/libraries/Cart.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/htdocs/system/libraries/Driver.php b/htdocs/system/libraries/Driver.php index 9881c1e..4912c4a 100644 --- a/htdocs/system/libraries/Driver.php +++ b/htdocs/system/libraries/Driver.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -30,7 +30,7 @@ class CI_Driver_Library { protected $valid_drivers = array(); - protected static $lib_name; + protected $lib_name; // The first time a child is used it won't exist, so we instantiate it // subsequents calls will go straight to the proper child. diff --git a/htdocs/system/libraries/Form_validation.php b/htdocs/system/libraries/Form_validation.php index a34809e..9aab5da 100644 --- a/htdocs/system/libraries/Form_validation.php +++ b/htdocs/system/libraries/Form_validation.php @@ -1079,11 +1079,12 @@ class CI_Form_validation { * * @access public * @param string + * @param string "ipv4" or "ipv6" to validate a specific ip format * @return string */ - public function valid_ip($ip) + public function valid_ip($ip, $which = '') { - return $this->CI->input->valid_ip($ip); + return $this->CI->input->valid_ip($ip, $which); } // -------------------------------------------------------------------- diff --git a/htdocs/system/libraries/Image_lib.php b/htdocs/system/libraries/Image_lib.php index 8902f52..21ec2cb 100644 --- a/htdocs/system/libraries/Image_lib.php +++ b/htdocs/system/libraries/Image_lib.php @@ -104,7 +104,7 @@ class CI_Image_lib { */ function clear() { - $props = array('source_folder', 'dest_folder', 'source_image', 'full_src_path', 'full_dst_path', 'new_image', 'image_type', 'size_str', 'quality', 'orig_width', 'orig_height', 'rotation_angle', 'x_axis', 'y_axis', 'create_fnc', 'copy_fnc', 'wm_overlay_path', 'wm_use_truetype', 'dynamic_output', 'wm_font_size', 'wm_text', 'wm_vrt_alignment', 'wm_hor_alignment', 'wm_padding', 'wm_hor_offset', 'wm_vrt_offset', 'wm_font_color', 'wm_use_drop_shadow', 'wm_shadow_color', 'wm_shadow_distance', 'wm_opacity'); + $props = array('source_folder', 'dest_folder', 'source_image', 'full_src_path', 'full_dst_path', 'new_image', 'image_type', 'size_str', 'quality', 'orig_width', 'orig_height', 'width', 'height', 'rotation_angle', 'x_axis', 'y_axis', 'create_fnc', 'copy_fnc', 'wm_overlay_path', 'wm_use_truetype', 'dynamic_output', 'wm_font_size', 'wm_text', 'wm_vrt_alignment', 'wm_hor_alignment', 'wm_padding', 'wm_hor_offset', 'wm_vrt_offset', 'wm_font_color', 'wm_use_drop_shadow', 'wm_shadow_color', 'wm_shadow_distance', 'wm_opacity'); foreach ($props as $val) { @@ -208,7 +208,7 @@ class CI_Image_lib { } else { - if (strpos($this->new_image, '/') === FALSE) + if (strpos($this->new_image, '/') === FALSE AND strpos($this->new_image, '\\') === FALSE) { $this->dest_folder = $this->source_folder; $this->dest_image = $this->new_image; diff --git a/htdocs/system/libraries/Migration.php b/htdocs/system/libraries/Migration.php index 3943ec1..5a41377 100644 --- a/htdocs/system/libraries/Migration.php +++ b/htdocs/system/libraries/Migration.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2006 - 2011, EllisLab, Inc. + * @copyright Copyright (c) 2006 - 2012, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 diff --git a/htdocs/system/libraries/Upload.php b/htdocs/system/libraries/Upload.php index 05511b5..0e5d73b 100644 --- a/htdocs/system/libraries/Upload.php +++ b/htdocs/system/libraries/Upload.php @@ -868,6 +868,10 @@ class CI_Upload { { return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good } + else + { + return FALSE; + } } if (($data = @file_get_contents($file)) === FALSE) @@ -1018,47 +1022,104 @@ class CI_Upload { */ protected function _file_mime_type($file) { - // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) - if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) + // We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii) + $regexp = '/^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/'; + + /* Fileinfo extension - most reliable method + * + * Unfortunately, prior to PHP 5.3 - it's only available as a PECL extension and the + * more convenient FILEINFO_MIME_TYPE flag doesn't exist. + */ + if (function_exists('finfo_file')) { - $finfo = new finfo(FILEINFO_MIME_TYPE); - if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system + $finfo = finfo_open(FILEINFO_MIME); + if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system { - $file_type = $finfo->file($file['tmp_name']); + $mime = @finfo_file($finfo, $file['tmp_name']); + finfo_close($finfo); /* According to the comments section of the PHP manual page, * it is possible that this function returns an empty string * for some files (e.g. if they don't exist in the magic MIME database) */ - if (strlen($file_type) > 1) + if (is_string($mime) && preg_match($regexp, $mime, $matches)) { - $this->file_type = $file_type; + $this->file_type = $matches[1]; return; } } } - // Fall back to the deprecated mime_content_type(), if available + /* This is an ugly hack, but UNIX-type systems provide a "native" way to detect the file type, + * which is still more secure than depending on the value of $_FILES[$field]['type'], and as it + * was reported in issue #750 (https://github.com/EllisLab/CodeIgniter/issues/750) - it's better + * than mime_content_type() as well, hence the attempts to try calling the command line with + * three different functions. + * + * Notes: + * - the DIRECTORY_SEPARATOR comparison ensures that we're not on a Windows system + * - many system admins would disable the exec(), shell_exec(), popen() and similar functions + * due to security concerns, hence the function_exists() checks + */ + if (DIRECTORY_SEPARATOR !== '\\') + { + $cmd = 'file --brief --mime ' . escapeshellarg($file['tmp_name']) . ' 2>&1'; + + if (function_exists('exec')) + { + /* This might look confusing, as $mime is being populated with all of the output when set in the second parameter. + * However, we only neeed the last line, which is the actual return value of exec(), and as such - it overwrites + * anything that could already be set for $mime previously. This effectively makes the second parameter a dummy + * value, which is only put to allow us to get the return status code. + */ + $mime = @exec($cmd, $mime, $return_status); + if ($return_status === 0 && is_string($mime) && preg_match($regexp, $mime, $matches)) + { + $this->file_type = $matches[1]; + return; + } + } + + if ( (bool) @ini_get('safe_mode') === FALSE && function_exists('shell_exec')) + { + $mime = @shell_exec($cmd); + if (strlen($mime) > 0) + { + $mime = explode("\n", trim($mime)); + if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) + { + $this->file_type = $matches[1]; + return; + } + } + } + + if (function_exists('popen')) + { + $proc = @popen($cmd, 'r'); + if (is_resource($proc)) + { + $mime = @fread($proc, 512); + @pclose($proc); + if ($mime !== FALSE) + { + $mime = explode("\n", trim($mime)); + if (preg_match($regexp, $mime[(count($mime) - 1)], $matches)) + { + $this->file_type = $matches[1]; + return; + } + } + } + } + } + + // Fall back to the deprecated mime_content_type(), if available (still better than $_FILES[$field]['type']) if (function_exists('mime_content_type')) { $this->file_type = @mime_content_type($file['tmp_name']); - return; - } - - /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type, - * which is still more secure than depending on the value of $_FILES[$field]['type']. - * - * Notes: - * - a 'W' in the substr() expression bellow, would mean that we're using Windows - * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check - */ - if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec')) - { - $output = array(); - @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); - if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution + if (strlen($this->file_type) > 0) // It's possible that mime_content_type() returns FALSE or an empty string { - $this->file_type = rtrim($output[0]); return; } }