diff --git a/AUTHORS.md b/AUTHORS.md index 09392a9..916ca2b 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -50,7 +50,13 @@ * iem@kug https://github.com/iem-projects, umläute https://github.com/umlaeute (Footer fix) * Ridho Muhammad https://github.com/rydhoms (Update geshi.php with php7 fix, indonesian translation) * azdrax https://github.com/azdrax, Zacharias Sdregas https://github.com/zsdregas (Added greek translation) -* John Walker https://github.com/techjwalker (YOURLS support) +* John Walker https://github.com/techjwalker (YOURLS support and several improvements) * Christian (BBCode support) * Shen-Ta Hsiea https://github.com/ibmibmibm (updated traditional chinese translation) -* haliphax https://github.com/haliphax (Fixed cssmin library) \ No newline at end of file +* haliphax https://github.com/haliphax (Fixed cssmin library) +* YangJun https://github.com/yangjun1994 (Fix language.php small mistakes of chinese-simplified) +* Justin Massey https://github.com/Th3R3p0 (LDAP improvements, xss security fixes, Dockerfiles) +* Nilpferd (Shorturl is now shown for 'burn' pastes after creation) +* Pascal Briehl (add support for polr url shortener) +* Simon Sickle https://github.com/SimonSickle (Protect the langs api call with the apiKey) +* John Walker https://github.com/techjwalker (some minor additions) diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..781a08a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM php:7.0-apache +COPY htdocs /var/www/html +COPY htdocs/application/config/stikked.php.dist /var/www/html/application/config/stikked.php +COPY docker/replace-envvars.sh /bin/ +COPY docker/docker-php-entrypoint /usr/local/bin/ +RUN chmod +x /usr/local/bin/docker-php-entrypoint + +EXPOSE 80 +RUN a2enmod rewrite +RUN docker-php-ext-install mysqli diff --git a/README.md b/README.md index 778fd92..4027c34 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,6 @@ Here are some features: * Anti-Spam features * Themes support * Multilanguage support -* An [Android app](https://play.google.com/store/apps/details?id=org.teamblueridge.pasteitapp) * Stikked client with support for client side encryption/decryption: [gostikkit](https://github.com/tcolgate/gostikkit) * Another CLI tool requiring only curl program: [pbin](https://github.com/glensc/pbin) * And many more. View [this review](http://maketecheasier.com/run-your-own-pastebin-with-stikked/2013/01/11) @@ -56,6 +55,17 @@ Installation * Be sure to also copy the .htaccess file when you move files around. This is a hidden file and easily overlooked. +How to run it in Docker +----------------------- + + sudo docker build -t stikked . + sudo docker-compose up -d + +This automatically creates a database with passwords that are configurable in the docker-compose.yml file. + +NOTE: This sets the captcha to false and requires port 80 to be accessible on the host machine. Also, a host entry of 127.0.0.1 stikked.local will fix the base_url issues. + + Documentation ------------- @@ -71,6 +81,25 @@ In the folder doc/, you will find: Changelog --------- +### Version 0.12.0: + +* Updates ensuring the compatibility with PHP7: + * Updated CodeIgniter to 3.1.5 + * Updated GeSHi to 1.0.9.0 +* Ability to run Stikked in Docker +* Small security fixes regarding XSS and LDAP +* Various bugfixes and improvements + +#### Upgrade instructions + +Copy your htdocs/application/stikked.php config file away. Upload the new version. Copy it back. + +If you want to keep QR codes being displayed, add the following line in config/stikked.php: + +```php +$config['qr_enabled'] = true; +``` + ### Version 0.11.0: * Upgrade to CodeIgniter 3.1.0 diff --git a/doc/DEVELOPMENT.md b/doc/DEVELOPMENT.md index 91c5333..4100351 100644 --- a/doc/DEVELOPMENT.md +++ b/doc/DEVELOPMENT.md @@ -6,4 +6,5 @@ Some guidelines: ``` php_beautifier --indent_tabs -l "IndentStyles(style=bsd) ArrayNested() NewLines(before=function:T_CLASS:if,after=T_COMMENT) ListClassFunction()" ``` +* Optionally, use https://phpbeautifier.com/ with "Allman style" formatting for smaller segments of PHP-only code * Other people may modify your contribution. Don't take that personal; we all want to improve Stikked. Your input is always welcome! diff --git a/doc/TRANSLATING_STIKKED.md b/doc/TRANSLATING_STIKKED.md index b1c5181..c86784c 100644 --- a/doc/TRANSLATING_STIKKED.md +++ b/doc/TRANSLATING_STIKKED.md @@ -2,6 +2,6 @@ How to translate Stikked into your own language ----------------------------------------------- 1. Make a copy of the folder `htdocs/application/language/swissgerman`, and name it as you like. -2. Start placing in your texts! +2. Start placing in your translated text! The date_lang.php and form_validation_lang.php are optional; they lay in the system folder for english fallback. stikked_lang.php is required. If you miss a translation, it will be shown as [translation_index] in Stikked. diff --git a/doc/TROUBLESHOOTING_GUIDE.md b/doc/TROUBLESHOOTING_GUIDE.md index 6e3130b..61f46ab 100644 --- a/doc/TROUBLESHOOTING_GUIDE.md +++ b/doc/TROUBLESHOOTING_GUIDE.md @@ -1,6 +1,8 @@ Stikked troubleshooting guide ----------------------------- +First, be sure to double-check whether you meet the [prerequisites](//github.com/claudehohl/Stikked#prerequisites). + ### Apache #### 404 Not Found after creating a Paste @@ -50,4 +52,4 @@ You need to have the GD extension for PHP installed and enabled so that the QR c Still have a problem? --------------------- -Report an issue at GitHub, and we will add your problem to this guide. +Report an issue [at GitHub](//github.com/claudehohl/Stikked/issues), and we will add your problem to this guide. diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..a2eec94 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,24 @@ +version: '3' + +services: + db: + image: mysql:latest + volumes: + - db_data:/var/lib/mysql + environment: + MYSQL_RANDOM_ROOT_PASSWORD: 1 + MYSQL_DATABASE: stikked + MYSQL_USER: stikked + MYSQL_PASSWORD: stikked + + stikked: + depends_on: + - db + image: stikked + env_file: + docker/stikked-envvars.txt + ports: + - 80:80 + +volumes: + db_data: diff --git a/docker/docker-php-entrypoint b/docker/docker-php-entrypoint new file mode 100644 index 0000000..f291fe4 --- /dev/null +++ b/docker/docker-php-entrypoint @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +# custom script to overwrite stikked config variables +bash /bin/replace-envvars.sh + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- php "$@" +fi + +exec "$@" diff --git a/docker/replace-envvars.sh b/docker/replace-envvars.sh new file mode 100644 index 0000000..edf28b4 --- /dev/null +++ b/docker/replace-envvars.sh @@ -0,0 +1,7 @@ +sed -i "s/\['site_name'\].*/['site_name'] = '$SITENAME';/" /var/www/html/application/config/stikked.php +sed -i "s/\['base_url'\].*/['base_url'] = '$BASEURL';/" /var/www/html/application/config/stikked.php +sed -i "s/\['db_hostname'\].*/['db_hostname'] = '$DBHOST';/" /var/www/html/application/config/stikked.php +sed -i "s/\['db_database'\].*/['db_database'] = '$DBNAME';/" /var/www/html/application/config/stikked.php +sed -i "s/\['db_username'\].*/['db_username'] = '$DBUSER';/" /var/www/html/application/config/stikked.php +sed -i "s/\['db_password'\].*/['db_password'] = '$DBPASS';/" /var/www/html/application/config/stikked.php +sed -i "s/\['enable_captcha'\].*/['enable_captcha'] = '$CAPTHCA';/" /var/www/html/application/config/stikked.php diff --git a/docker/stikked-envvars.txt b/docker/stikked-envvars.txt new file mode 100644 index 0000000..574d65e --- /dev/null +++ b/docker/stikked-envvars.txt @@ -0,0 +1,7 @@ +SITENAME=Stikked +BASEURL=http:\/\/stikked.local\/ +DBHOST=db +DBNAME=stikked +DBUSER=stikked +DBPASS=stikked +CAPTCHA=false diff --git a/htdocs/application/config/config.php b/htdocs/application/config/config.php index eb1762c..fea7501 100644 --- a/htdocs/application/config/config.php +++ b/htdocs/application/config/config.php @@ -313,20 +313,6 @@ $config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; -/* -|-------------------------------------------------------------------------- -| Standardize newlines -|-------------------------------------------------------------------------- -| -| Determines whether to standardize newline characters in input data, -| meaning to replace \r\n, \r, \n occurrences with the PHP_EOL value. -| -| This is particularly useful for portability between UNIX-based OSes, -| (usually \n) and Windows (\r\n). -| -*/ -$config['standardize_newlines'] = TRUE; - /* |-------------------------------------------------------------------------- | Global XSS Filtering diff --git a/htdocs/application/config/language.php b/htdocs/application/config/language.php index 75cadee..cb4cd62 100644 --- a/htdocs/application/config/language.php +++ b/htdocs/application/config/language.php @@ -95,10 +95,10 @@ $config['supported_languages'] = array( 'ckeditor' => NULL ), 'cn' => array( - 'name' => '繁體中文', + 'name' => '简体中文', 'folder' => 'chinese-simplified', 'direction' => 'ltr', - 'codes' => array('cht', 'chinese-simplified', 'zh-CN'), + 'codes' => array('chs', 'chinese-simplified', 'zh-CN'), 'ckeditor' => NULL ), 'zh' => array( diff --git a/htdocs/application/config/stikked.php.dist b/htdocs/application/config/stikked.php.dist index d0dac24..c8779e9 100644 --- a/htdocs/application/config/stikked.php.dist +++ b/htdocs/application/config/stikked.php.dist @@ -54,6 +54,14 @@ $config['db_prefix'] = ''; */ $config['theme'] = 'default'; +/** + * Display QR code + * + * Whether or not to display the QR code + * +*/ +$config['qr_enabled'] = true; + /** * JavaScript-Editor * @@ -101,6 +109,7 @@ $config['cron_key'] = ''; * @string gwgd * @string googl * @string bitly + * @string polr * @string random - Randomly chose any of upper API-s !WARNING! May be slow! For maximum performanse, it's recommended to either set all API keys or use random_url_engines to list working engines. * @string none - same as off * @@ -132,6 +141,9 @@ $config['cron_key'] = ''; * bitly_url_api: Famous URL shortening service (API: http://dev.bitly.com/get_started.html) * Usage: Your API key * + * polr_url: Your own instance of polr URL-shortener (Download: https://github.com/cydrobolt/polr) + * polr_api: Your polr api key + * **/ $config['url_shortening_use'] = 'off'; $config['random_url_engines'] = 'googl,bitly'; // Used only in random mode, read comment above for more info @@ -147,9 +159,13 @@ $config['shorturl_selected'] = false; // goo.gl API key $config['googl_url_api'] = ''; + // Bit.ly API key $config['bitly_url_api'] = ''; +// polr +$config['polr_url'] = ''; +$config['polr_api'] = ''; /** diff --git a/htdocs/application/controllers/Api.php b/htdocs/application/controllers/Api.php index 43bd306..e2f7c98 100644 --- a/htdocs/application/controllers/Api.php +++ b/htdocs/application/controllers/Api.php @@ -26,6 +26,13 @@ class Api extends Main { die("The API has been disabled\n"); } + + // if ldap is configured and no api token is configured, fail the request + if ((config_item('require_auth') == true) && (config_item('apikey') == '')) + { + die("API key not configured"); + } + } function index() @@ -202,6 +209,11 @@ class Api extends Main function langs() { + if (config_item('apikey') != $this->input->get('apikey')) + { + die("Invalid API key\n"); + } + $languages = $this->languages->get_languages(); echo json_encode($languages); } diff --git a/htdocs/application/controllers/Auth.php b/htdocs/application/controllers/Auth.php index f744310..017465c 100644 --- a/htdocs/application/controllers/Auth.php +++ b/htdocs/application/controllers/Auth.php @@ -120,7 +120,7 @@ class Auth extends CI_Controller public function alpha_dash_dot($str) { - return (!preg_match("/^([-a-z0-9_-\.])+$/i", $str)) ? FALSE : TRUE; + return (!preg_match("/^([-a-z0-9_\-\.])+$/i", $str)) ? FALSE : TRUE; } } ?> diff --git a/htdocs/application/controllers/Main.php b/htdocs/application/controllers/Main.php index b4196d4..0c2511f 100644 --- a/htdocs/application/controllers/Main.php +++ b/htdocs/application/controllers/Main.php @@ -70,7 +70,7 @@ class Main extends CI_Controller $fields = array( 'id' => array( 'type' => 'VARCHAR', - 'constraint' => 40, + 'constraint' => 128, 'default' => 0, ) , 'ip_address' => array( @@ -266,7 +266,7 @@ class Main extends CI_Controller //ipv6 migration $fields = $this->db->field_data('trending'); - if (config_item('db_driver') != 'sqlite' && $fields[1]->max_length < 45) + if (stristr(config_item('db_driver') , 'sqlite') === false && $fields[1]->max_length < 45) { $db_prefix = config_item('db_prefix'); @@ -294,7 +294,7 @@ class Main extends CI_Controller if ($field->name == 'title') { - if (config_item('db_driver') != 'sqlite' && $field->max_length < 50) + if (stristr(config_item('db_driver') , 'sqlite') === false && $field->max_length < 50) { $db_prefix = config_item('db_prefix'); @@ -309,6 +309,34 @@ class Main extends CI_Controller } } } + + //upgrade to CI 3.1.2 + $fields = $this->db->field_data('sessions'); + foreach ($fields as $field) + { + + if ($field->name == 'id') + { + + if (stristr(config_item('db_driver') , 'sqlite') === false) + { + + if ($field->max_length < 128) + { + $db_prefix = config_item('db_prefix'); + + if ($this->db->dbdriver == "postgre") + { + $this->db->query("ALTER TABLE " . $db_prefix . "sessions ALTER COLUMN id SET DATA TYPE varchar(128)"); + } + else + { + $this->db->query("ALTER TABLE " . $db_prefix . "sessions CHANGE id id VARCHAR(128) NOT NULL"); + } + } + } + } + } } function _form_prep($lang = false, $title = '', $paste = '', $reply = false) @@ -496,11 +524,20 @@ class Main extends CI_Controller function post_encrypted() { - $this->load->model('pastes'); - $_POST['private'] = 1; - $_POST['snipurl'] = 0; - $ret_url = $this->pastes->createPaste(); - echo $ret_url; + $this->_valid_authentication(); + + if ($this->_valid_captcha($this->input->post('captcha'))) + { + $this->load->model('pastes'); + $_POST['private'] = 1; + $_POST['snipurl'] = 0; + $ret_url = $this->pastes->createPaste(); + echo $ret_url; + } + else + { + echo 'E_CAPTCHA'; + } } function raw() @@ -725,7 +762,11 @@ class Main extends CI_Controller if (config_item('enable_captcha') && $this->session->userdata('is_human') === null) { - $this->form_validation->set_message('_valid_captcha', lang('captcha')); + + if (isset($this->form_validation)) + { + $this->form_validation->set_message('_valid_captcha', lang('captcha')); + } if ($this->use_recaptcha) { diff --git a/htdocs/application/controllers/Spamadmin.php b/htdocs/application/controllers/Spamadmin.php index aea4744..6fb8ee1 100644 --- a/htdocs/application/controllers/Spamadmin.php +++ b/htdocs/application/controllers/Spamadmin.php @@ -74,7 +74,7 @@ class Spamadmin extends CI_Controller { $this->db->insert('blocked_ips', array( 'ip_address' => $ip_address, - 'blocked_at' => mktime() , + 'blocked_at' => time() , 'spam_attempts' => $paste_count, )); } @@ -85,8 +85,20 @@ class Spamadmin extends CI_Controller $data = $this->pastes->getSpamLists('spamadmin/' . $ip_address, $seg = 3, $ip_address); $data['ip_address'] = $ip_address; $ip = explode('.', $ip_address); - $ip_firstpart = $ip[0] . '.' . $ip[1] . '.'; - $data['ip_range'] = $ip_firstpart . '*.*'; + + if (count($ip) > 1) + { + $ip_firstpart = $ip[0] . '.' . $ip[1] . '.'; + $data['ip_range'] = $ip_firstpart . '*.*'; + } + else + { + + // ipv6 + $ip = explode(':', $ip_address); + $ip_firstpart = $ip[0] . ':' . $ip[1] . ':' . $ip[2] . ':' . $ip[3] . ':' . $ip[4] . ':' . $ip[5] . ':' . $ip[6]; + $data['ip_range'] = $ip_firstpart . ':*'; + } //view $this->load->view('spam_detail', $data); diff --git a/htdocs/application/core/MY_Loader.php b/htdocs/application/core/MY_Loader.php index cd89e4d..1b1f1da 100644 --- a/htdocs/application/core/MY_Loader.php +++ b/htdocs/application/core/MY_Loader.php @@ -39,7 +39,7 @@ class MY_Loader extends CI_Loader //return return $this->_ci_load(array( '_ci_view' => $view_path, - '_ci_vars' => $this->_ci_object_to_array($vars) , + '_ci_vars' => $this->_ci_prepare_view_vars($vars) , '_ci_return' => $return )); } diff --git a/htdocs/application/libraries/geshi/contrib/aliased.php b/htdocs/application/libraries/geshi/contrib/aliased.php index 0d4b283..fb8c4fb 100644 --- a/htdocs/application/libraries/geshi/contrib/aliased.php +++ b/htdocs/application/libraries/geshi/contrib/aliased.php @@ -18,11 +18,23 @@ // Your config here define("SOURCE_ROOT", "/var/www/your/source/root/"); -// Assume you've put geshi in the include_path already -require_once("geshi.php"); +if (file_exists(__DIR__ . '/../vendor/autoload.php')) { + //composer install + require __DIR__ . '/../vendor/autoload.php'; +} else if (file_exists(__DIR__ . '/../src/geshi.php')) { + //git checkout + require __DIR__ . '/../src/geshi.php'; +} else { + // Assume you've put geshi in the include_path already + require_once("geshi.php"); +} + +if (!isset($_SERVER['PATH_INFO'])) { + die("No file name given.\n"); +} // Get path info -$path = SOURCE_ROOT.$_SERVER['PATH_INFO']; +$path = SOURCE_ROOT . $_SERVER['PATH_INFO']; // Check for dickheads trying to use '../' to get to sensitive areas $base_path_len = strlen(SOURCE_ROOT); diff --git a/htdocs/application/libraries/geshi/contrib/cssgen.php b/htdocs/application/libraries/geshi/contrib/cssgen.php index d0dac0f..6de4346 100644 --- a/htdocs/application/libraries/geshi/contrib/cssgen.php +++ b/htdocs/application/libraries/geshi/contrib/cssgen.php @@ -4,7 +4,7 @@ * ---------- * Author: Nigel McNie (nigel@geshi.org) * Copyright: (c) 2004 Nigel McNie - * Release Version: 1.0.8.12 + * Release Version: 1.0.9.0 * Date Started: 2004/05/20 * * Application to generate custom CSS files for GeSHi (based on an idea by Andreas @@ -30,7 +30,6 @@ * ************************************************************************************/ -set_magic_quotes_runtime(0); // // Functions // @@ -165,21 +164,23 @@ if ( !$step || $step == 1 ) $geshi_lang_path = get_var('geshi-lang-path'); if(strstr($geshi_path, '..')) { - unset($geshi_path); + $geshi_path = null; } if(strstr($geshi_lang_path, '..')) { - unset($geshi_lang_path); + $geshi_lang_path = null; } if ( !$geshi_path ) { - $geshi_path = '../geshi.php'; + $geshi_path = '../src/geshi.php'; } if ( !$geshi_lang_path ) { - $geshi_lang_path = '../geshi/'; + $geshi_lang_path = '../src/geshi/'; } + $no_geshi_dot_php_error = false; + $no_lang_dir_error = false; if ( is_file($geshi_path) && is_readable($geshi_path) ) { // Get file contents and see if GeSHi is in here diff --git a/htdocs/application/libraries/geshi/contrib/cssgen2.php b/htdocs/application/libraries/geshi/contrib/cssgen2.php index cc3c39c..72a2b0f 100644 --- a/htdocs/application/libraries/geshi/contrib/cssgen2.php +++ b/htdocs/application/libraries/geshi/contrib/cssgen2.php @@ -28,19 +28,19 @@ * */ -require dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'geshi.php'; -$geshi = new GeSHi; - -$languages = array(); -if ($handle = opendir($geshi->language_path)) { - while (($file = readdir($handle)) !== false) { - $pos = strpos($file, '.'); - if ($pos > 0 && substr($file, $pos) == '.php') { - $languages[] = substr($file, 0, $pos); - } - } - closedir($handle); +if (file_exists(__DIR__ . '/../vendor/autoload.php')) { + //composer install + require __DIR__ . '/../vendor/autoload.php'; +} else if (file_exists(__DIR__ . '/../src/geshi.php')) { + //git checkout + require __DIR__ . '/../src/geshi.php'; +} else { + // Assume you've put geshi in the include_path already + require_once "geshi.php"; } + +$geshi = new GeSHi(); +$languages = $geshi->get_supported_languages(); sort($languages); header('Content-Type: application/octet-stream'); diff --git a/htdocs/application/libraries/geshi/contrib/example.php b/htdocs/application/libraries/geshi/contrib/example.php index 1ad923d..c5c1cc1 100644 --- a/htdocs/application/libraries/geshi/contrib/example.php +++ b/htdocs/application/libraries/geshi/contrib/example.php @@ -15,14 +15,16 @@ error_reporting(E_ALL); // Rudimentary checking of where GeSHi is. In a default install it will be in ../, but // it could be in the current directory if the include_path is set. There's nowhere else // we can reasonably guess. -if (is_readable('../geshi.php')) { - $path = '../'; -} elseif (is_readable('geshi.php')) { - $path = './'; +if (file_exists(__DIR__ . '/../vendor/autoload.php')) { + //composer install + require __DIR__ . '/../vendor/autoload.php'; +} else if (file_exists(__DIR__ . '/../src/geshi.php')) { + //git checkout + require __DIR__ . '/../src/geshi.php'; } else { - die('Could not find geshi.php - make sure it is in your include path!'); + // Assume you've put geshi in the include_path already + require_once("geshi.php"); } -require $path . 'geshi.php'; $fill_source = false; if (isset($_POST['submit'])) { @@ -94,6 +96,7 @@ if (isset($_POST['submit'])) { } else { // make sure we don't preselect any language $_POST['language'] = null; + $geshi = new GeSHi(); } ?> '."\n"; + $form .= ''."\n"; } } + // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites + if ($CI->config->item('csrf_protection') === TRUE && strpos($action, $CI->config->base_url()) !== FALSE && ! stripos($form, 'method="get"')) + { + // Prepend/append random-length "white noise" around the CSRF + // token input, as a form of protection against BREACH attacks + if (FALSE !== ($noise = $CI->security->get_random_bytes(1))) + { + list(, $noise) = unpack('c', $noise); + } + else + { + $noise = mt_rand(-128, 127); + } + + // Prepend if $noise has a negative value, append if positive, do nothing for zero + $prepend = $append = ''; + if ($noise < 0) + { + $prepend = str_repeat(" ", abs($noise)); + } + elseif ($noise > 0) + { + $append = str_repeat(" ", $noise); + } + + $form .= sprintf( + '%s%s%s', + $prepend, + $CI->security->get_csrf_token_name(), + $CI->security->get_csrf_hash(), + $append, + "\n" + ); + } + return $form; } } @@ -568,7 +597,7 @@ if ( ! function_exists('form_label')) * * @param string The text to appear onscreen * @param string The id the label applies to - * @param array Additional attributes + * @param mixed Additional attributes * @return string */ function form_label($label_text = '', $id = '', $attributes = array()) @@ -581,13 +610,7 @@ if ( ! function_exists('form_label')) $label .= ' for="'.$id.'"'; } - if (is_array($attributes) && count($attributes) > 0) - { - foreach ($attributes as $key => $val) - { - $label .= ' '.$key.'="'.$val.'"'; - } - } + $label .= _attributes_to_string($attributes); return $label.'>'.$label_text.''; } diff --git a/htdocs/system/helpers/html_helper.php b/htdocs/system/helpers/html_helper.php index fdc463f..87a5f9b 100644 --- a/htdocs/system/helpers/html_helper.php +++ b/htdocs/system/helpers/html_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -192,7 +192,7 @@ if ( ! function_exists('img')) foreach ($src as $k => $v) { - if ($k === 'src' && ! preg_match('#^([a-z]+:)?//#i', $v)) + if ($k === 'src' && ! preg_match('#^(data:[a-z,;])|(([a-z]+:)?(? '\1\2tatus', '/(c)hildren$/' => '\1\2hild', '/(n)ews$/' => '\1\2ews', + '/(quiz)zes$/' => '\1', '/([^us])s$/' => '\1' ); @@ -238,8 +239,37 @@ if ( ! function_exists('is_countable')) return ! in_array( strtolower($word), array( - 'equipment', 'information', 'rice', 'money', - 'species', 'series', 'fish', 'meta' + 'audio', + 'bison', + 'chassis', + 'compensation', + 'coreopsis', + 'data', + 'deer', + 'education', + 'emoji', + 'equipment', + 'fish', + 'furniture', + 'gold', + 'information', + 'knowledge', + 'love', + 'rain', + 'money', + 'moose', + 'nutrition', + 'offspring', + 'plankton', + 'pokemon', + 'police', + 'rice', + 'series', + 'sheep', + 'species', + 'swine', + 'traffic', + 'wheat' ) ); } diff --git a/htdocs/system/helpers/language_helper.php b/htdocs/system/helpers/language_helper.php index 3721164..d26cf5b 100644 --- a/htdocs/system/helpers/language_helper.php +++ b/htdocs/system/helpers/language_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/helpers/number_helper.php b/htdocs/system/helpers/number_helper.php index e7810c7..cc8a776 100644 --- a/htdocs/system/helpers/number_helper.php +++ b/htdocs/system/helpers/number_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/helpers/path_helper.php b/htdocs/system/helpers/path_helper.php index 6c846a2..6896cb9 100644 --- a/htdocs/system/helpers/path_helper.php +++ b/htdocs/system/helpers/path_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/helpers/security_helper.php b/htdocs/system/helpers/security_helper.php index 4eb6388..5e2970a 100644 --- a/htdocs/system/helpers/security_helper.php +++ b/htdocs/system/helpers/security_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/helpers/smiley_helper.php b/htdocs/system/helpers/smiley_helper.php index 688ca24..2c9a3b4 100644 --- a/htdocs/system/helpers/smiley_helper.php +++ b/htdocs/system/helpers/smiley_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/helpers/string_helper.php b/htdocs/system/helpers/string_helper.php index db531fa..93446b8 100644 --- a/htdocs/system/helpers/string_helper.php +++ b/htdocs/system/helpers/string_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -195,9 +195,7 @@ if ( ! function_exists('reduce_multiples')) if ( ! function_exists('random_string')) { /** - * Create a Random String - * - * Useful for generating passwords or hashes. + * Create a "Random" String * * @param string type of random string. basic, alpha, alnum, numeric, nozero, unique, md5, encrypt and sha1 * @param int number of characters diff --git a/htdocs/system/helpers/text_helper.php b/htdocs/system/helpers/text_helper.php index 4f9210f..217729b 100644 --- a/htdocs/system/helpers/text_helper.php +++ b/htdocs/system/helpers/text_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -102,7 +102,7 @@ if ( ! function_exists('character_limiter')) } // a bit complicated, but faster than preg_replace with \s+ - $str = preg_replace('/ {2,}/', ' ', str_replace(array("\r", "\n", "\t", "\x0B", "\x0C"), ' ', $str)); + $str = preg_replace('/ {2,}/', ' ', str_replace(array("\r", "\n", "\t", "\v", "\f"), ' ', $str)); if (mb_strlen($str) <= $n) { @@ -138,7 +138,10 @@ if ( ! function_exists('ascii_to_entities')) function ascii_to_entities($str) { $out = ''; - for ($i = 0, $s = strlen($str) - 1, $count = 1, $temp = array(); $i <= $s; $i++) + $length = defined('MB_OVERLOAD_STRING') + ? mb_strlen($str, '8bit') - 1 + : strlen($str) - 1; + for ($i = 0, $count = 1, $temp = array(); $i <= $length; $i++) { $ordinal = ord($str[$i]); @@ -176,7 +179,7 @@ if ( ! function_exists('ascii_to_entities')) $temp = array(); } // If this is the last iteration, just output whatever we have - elseif ($i === $s) + elseif ($i === $length) { $out .= '&#'.implode(';', $temp).';'; } diff --git a/htdocs/system/helpers/typography_helper.php b/htdocs/system/helpers/typography_helper.php index 928cb6d..183e117 100644 --- a/htdocs/system/helpers/typography_helper.php +++ b/htdocs/system/helpers/typography_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/helpers/url_helper.php b/htdocs/system/helpers/url_helper.php index fd7b5e1..84023af 100644 --- a/htdocs/system/helpers/url_helper.php +++ b/htdocs/system/helpers/url_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/helpers/xml_helper.php b/htdocs/system/helpers/xml_helper.php index 3489da9..a12ee25 100644 --- a/htdocs/system/helpers/xml_helper.php +++ b/htdocs/system/helpers/xml_helper.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/calendar_lang.php b/htdocs/system/language/english/calendar_lang.php index 8af5e80..77911e9 100644 --- a/htdocs/system/language/english/calendar_lang.php +++ b/htdocs/system/language/english/calendar_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/date_lang.php b/htdocs/system/language/english/date_lang.php index 39af5a2..bb454ed 100644 --- a/htdocs/system/language/english/date_lang.php +++ b/htdocs/system/language/english/date_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/db_lang.php b/htdocs/system/language/english/db_lang.php index ed93452..b44bda9 100644 --- a/htdocs/system/language/english/db_lang.php +++ b/htdocs/system/language/english/db_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/email_lang.php b/htdocs/system/language/english/email_lang.php index 84fb091..22dc0fa 100644 --- a/htdocs/system/language/english/email_lang.php +++ b/htdocs/system/language/english/email_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/form_validation_lang.php b/htdocs/system/language/english/form_validation_lang.php index 92d6d5e..aa9ff33 100644 --- a/htdocs/system/language/english/form_validation_lang.php +++ b/htdocs/system/language/english/form_validation_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/ftp_lang.php b/htdocs/system/language/english/ftp_lang.php index 9e72bce..eada3e5 100644 --- a/htdocs/system/language/english/ftp_lang.php +++ b/htdocs/system/language/english/ftp_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/imglib_lang.php b/htdocs/system/language/english/imglib_lang.php index 7f23233..218874c 100644 --- a/htdocs/system/language/english/imglib_lang.php +++ b/htdocs/system/language/english/imglib_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -51,6 +51,7 @@ $lang['imglib_libpath_invalid'] = 'The path to your image library is not correct $lang['imglib_image_process_failed'] = 'Image processing failed. Please verify that your server supports the chosen protocol and that the path to your image library is correct.'; $lang['imglib_rotation_angle_required'] = 'An angle of rotation is required to rotate the image.'; $lang['imglib_invalid_path'] = 'The path to the image is not correct.'; +$lang['imglib_invalid_image'] = 'The provided image is not valid.'; $lang['imglib_copy_failed'] = 'The image copy routine failed.'; $lang['imglib_missing_font'] = 'Unable to find a font to use.'; $lang['imglib_save_failed'] = 'Unable to save the image. Please make sure the image and file directory are writable.'; diff --git a/htdocs/system/language/english/migration_lang.php b/htdocs/system/language/english/migration_lang.php index bce9210..1684960 100644 --- a/htdocs/system/language/english/migration_lang.php +++ b/htdocs/system/language/english/migration_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 diff --git a/htdocs/system/language/english/number_lang.php b/htdocs/system/language/english/number_lang.php index 0aaf51e..9723ce5 100644 --- a/htdocs/system/language/english/number_lang.php +++ b/htdocs/system/language/english/number_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/pagination_lang.php b/htdocs/system/language/english/pagination_lang.php index 4d36bde..d24dd04 100644 --- a/htdocs/system/language/english/pagination_lang.php +++ b/htdocs/system/language/english/pagination_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/profiler_lang.php b/htdocs/system/language/english/profiler_lang.php index 2d8fa51..20949a2 100644 --- a/htdocs/system/language/english/profiler_lang.php +++ b/htdocs/system/language/english/profiler_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/unit_test_lang.php b/htdocs/system/language/english/unit_test_lang.php index 29a4137..a89cb2d 100644 --- a/htdocs/system/language/english/unit_test_lang.php +++ b/htdocs/system/language/english/unit_test_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/language/english/upload_lang.php b/htdocs/system/language/english/upload_lang.php index 058dca9..ec611f9 100644 --- a/htdocs/system/language/english/upload_lang.php +++ b/htdocs/system/language/english/upload_lang.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/libraries/Cache/Cache.php b/htdocs/system/libraries/Cache/Cache.php index 349af15..267dffb 100644 --- a/htdocs/system/libraries/Cache/Cache.php +++ b/htdocs/system/libraries/Cache/Cache.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 2.0.0 diff --git a/htdocs/system/libraries/Cache/drivers/Cache_apc.php b/htdocs/system/libraries/Cache/drivers/Cache_apc.php index fb8df03..f2b61ad 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_apc.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_apc.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 2.0.0 diff --git a/htdocs/system/libraries/Cache/drivers/Cache_dummy.php b/htdocs/system/libraries/Cache/drivers/Cache_dummy.php index 4323a68..c6d9a61 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_dummy.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_dummy.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 2.0 diff --git a/htdocs/system/libraries/Cache/drivers/Cache_file.php b/htdocs/system/libraries/Cache/drivers/Cache_file.php index e1ce16a..8a36e9d 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_file.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_file.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 2.0 @@ -120,7 +120,7 @@ class CI_Cache_file extends CI_Driver { */ public function delete($id) { - return file_exists($this->_cache_path.$id) ? unlink($this->_cache_path.$id) : FALSE; + return is_file($this->_cache_path.$id) ? unlink($this->_cache_path.$id) : FALSE; } // ------------------------------------------------------------------------ @@ -216,7 +216,7 @@ class CI_Cache_file extends CI_Driver { */ public function get_metadata($id) { - if ( ! file_exists($this->_cache_path.$id)) + if ( ! is_file($this->_cache_path.$id)) { return FALSE; } @@ -227,13 +227,13 @@ class CI_Cache_file extends CI_Driver { { $mtime = filemtime($this->_cache_path.$id); - if ( ! isset($data['ttl'])) + if ( ! isset($data['ttl'], $data['time'])) { return FALSE; } return array( - 'expire' => $mtime + $data['ttl'], + 'expire' => $data['time'] + $data['ttl'], 'mtime' => $mtime ); } diff --git a/htdocs/system/libraries/Cache/drivers/Cache_memcached.php b/htdocs/system/libraries/Cache/drivers/Cache_memcached.php index 836336d..b642a2c 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_memcached.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_memcached.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 2.0 @@ -110,7 +110,7 @@ class CI_Cache_memcached extends CI_Driver { if ($this->_memcached instanceof Memcache) { - // Third parameter is persistance and defaults to TRUE. + // Third parameter is persistence and defaults to TRUE. $this->_memcached->addServer( $cache_server['hostname'], $cache_server['port'], diff --git a/htdocs/system/libraries/Cache/drivers/Cache_redis.php b/htdocs/system/libraries/Cache/drivers/Cache_redis.php index d4d95eb..ac67be0 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_redis.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_redis.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 diff --git a/htdocs/system/libraries/Cache/drivers/Cache_wincache.php b/htdocs/system/libraries/Cache/drivers/Cache_wincache.php index d6a0d4f..f296a5e 100644 --- a/htdocs/system/libraries/Cache/drivers/Cache_wincache.php +++ b/htdocs/system/libraries/Cache/drivers/Cache_wincache.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 diff --git a/htdocs/system/libraries/Calendar.php b/htdocs/system/libraries/Calendar.php index 1f8ef81..edb0fb4 100644 --- a/htdocs/system/libraries/Calendar.php +++ b/htdocs/system/libraries/Calendar.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/libraries/Cart.php b/htdocs/system/libraries/Cart.php index 44d87e0..734c434 100644 --- a/htdocs/system/libraries/Cart.php +++ b/htdocs/system/libraries/Cart.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/libraries/Driver.php b/htdocs/system/libraries/Driver.php index 38c6aef..00e8416 100644 --- a/htdocs/system/libraries/Driver.php +++ b/htdocs/system/libraries/Driver.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/libraries/Email.php b/htdocs/system/libraries/Email.php index be89d65..0e9cf05 100644 --- a/htdocs/system/libraries/Email.php +++ b/htdocs/system/libraries/Email.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -374,6 +374,13 @@ class CI_Email { 5 => '5 (Lowest)' ); + /** + * mbstring.func_overload flag + * + * @var bool + */ + protected static $func_overload; + // -------------------------------------------------------------------- /** @@ -390,6 +397,8 @@ class CI_Email { $this->initialize($config); $this->_safe_mode = ( ! is_php('5.4') && ini_get('safe_mode')); + isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')); + log_message('info', 'Email Class Initialized'); } @@ -449,7 +458,6 @@ class CI_Email { $this->_headers = array(); $this->_debug_msg = array(); - $this->set_header('User-Agent', $this->useragent); $this->set_header('Date', $this->_set_date()); if ($clear_attachments !== FALSE) @@ -905,18 +913,13 @@ class CI_Email { /** * Get Mail Protocol * - * @param bool * @return mixed */ - protected function _get_protocol($return = TRUE) + protected function _get_protocol() { $this->protocol = strtolower($this->protocol); in_array($this->protocol, $this->_protocols, TRUE) OR $this->protocol = 'mail'; - - if ($return === TRUE) - { - return $this->protocol; - } + return $this->protocol; } // -------------------------------------------------------------------- @@ -924,25 +927,21 @@ class CI_Email { /** * Get Mail Encoding * - * @param bool * @return string */ - protected function _get_encoding($return = TRUE) + protected function _get_encoding() { in_array($this->_encoding, $this->_bit_depths) OR $this->_encoding = '8bit'; foreach ($this->_base_charsets as $charset) { - if (strpos($charset, $this->charset) === 0) + if (strpos($this->charset, $charset) === 0) { $this->_encoding = '7bit'; } } - if ($return === TRUE) - { - return $this->_encoding; - } + return $this->_encoding; } // -------------------------------------------------------------------- @@ -1037,7 +1036,7 @@ class CI_Email { { if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@')) { - $email = substr($email, 0, ++$atpos).idn_to_ascii(substr($email, $atpos)); + $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos)); } return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); @@ -1154,7 +1153,7 @@ class CI_Email { { // Is the line within the allowed character count? // If so we'll join it to the output and continue - if (mb_strlen($line) <= $charlim) + if (self::strlen($line) <= $charlim) { $output .= $line.$this->newline; continue; @@ -1170,10 +1169,10 @@ class CI_Email { } // Trim the word down - $temp .= mb_substr($line, 0, $charlim - 1); - $line = mb_substr($line, $charlim - 1); + $temp .= self::substr($line, 0, $charlim - 1); + $line = self::substr($line, $charlim - 1); } - while (mb_strlen($line) > $charlim); + while (self::strlen($line) > $charlim); // If $temp contains data it means we had to split up an over-length // word into smaller chunks so we'll add it back to our current line @@ -1202,10 +1201,11 @@ class CI_Email { /** * Build final headers * - * @return string + * @return void */ protected function _build_headers() { + $this->set_header('User-Agent', $this->useragent); $this->set_header('X-Sender', $this->clean_email($this->_headers['From'])); $this->set_header('X-Mailer', $this->useragent); $this->set_header('X-Priority', $this->_priorities[$this->priority]); @@ -1385,7 +1385,7 @@ class CI_Email { $this->_header_str .= $hdr; } - strlen($body) && $body .= $this->newline.$this->newline; + self::strlen($body) && $body .= $this->newline.$this->newline; $body .= $this->_get_mime_message().$this->newline.$this->newline .'--'.$last_boundary.$this->newline @@ -1468,7 +1468,8 @@ class CI_Email { .'Content-Type: '.$this->_attachments[$i]['type'].'; name="'.$name.'"'.$this->newline .'Content-Disposition: '.$this->_attachments[$i]['disposition'].';'.$this->newline .'Content-Transfer-Encoding: base64'.$this->newline - .(empty($this->_attachments[$i]['cid']) ? '' : 'Content-ID: <'.$this->_attachments[$i]['cid'].'>'.$this->newline.$this->newline) + .(empty($this->_attachments[$i]['cid']) ? '' : 'Content-ID: <'.$this->_attachments[$i]['cid'].'>'.$this->newline) + .$this->newline .$this->_attachments[$i]['content'].$this->newline; } @@ -1514,14 +1515,7 @@ class CI_Email { // which only works with "\n". if ($this->crlf === "\r\n") { - if (is_php('5.3')) - { - return quoted_printable_encode($str); - } - elseif (function_exists('imap_8bit')) - { - return imap_8bit($str); - } + return quoted_printable_encode($str); } // Reduce multiple spaces & remove nulls @@ -1538,7 +1532,7 @@ class CI_Email { foreach (explode("\n", $str) as $line) { - $length = strlen($line); + $length = self::strlen($line); $temp = ''; // Loop through each character in the line to add soft-wrap @@ -1573,7 +1567,7 @@ class CI_Email { // If we're at the character limit, add the line to the output, // reset our temp variable, and keep on chuggin' - if ((strlen($temp) + strlen($char)) >= 76) + if ((self::strlen($temp) + self::strlen($char)) >= 76) { $output .= $temp.$escape.$this->crlf; $temp = ''; @@ -1588,7 +1582,7 @@ class CI_Email { } // get rid of extra CRLF tacked onto the end - return substr($output, 0, strlen($this->crlf) * -1); + return self::substr($output, 0, self::strlen($this->crlf) * -1); } // -------------------------------------------------------------------- @@ -1630,7 +1624,7 @@ class CI_Email { // iconv_mime_encode() will always put a header field name. // We've passed it an empty one, but it still prepends our // encoded string with ': ', so we need to strip it. - return substr($output, 2); + return self::substr($output, 2); } $chars = iconv_strlen($str, 'UTF-8'); @@ -1642,10 +1636,10 @@ class CI_Email { } // We might already have this set for UTF-8 - isset($chars) OR $chars = strlen($str); + isset($chars) OR $chars = self::strlen($str); $output = '=?'.$this->charset.'?Q?'; - for ($i = 0, $length = strlen($output); $i < $chars; $i++) + for ($i = 0, $length = self::strlen($output); $i < $chars; $i++) { $chr = ($this->charset === 'UTF-8' && ICONV_ENABLED === TRUE) ? '='.implode('=', str_split(strtoupper(bin2hex(iconv_substr($str, $i, 1, $this->charset))), 2)) @@ -1653,11 +1647,11 @@ class CI_Email { // RFC 2045 sets a limit of 76 characters per line. // We'll append ?= to the end of each line though. - if ($length + ($l = strlen($chr)) > 74) + if ($length + ($l = self::strlen($chr)) > 74) { $output .= '?='.$this->crlf // EOL .' =?'.$this->charset.'?Q?'.$chr; // New line - $length = 6 + strlen($this->charset) + $l; // Reset the length for the new line + $length = 6 + self::strlen($this->charset) + $l; // Reset the length for the new line } else { @@ -1750,14 +1744,14 @@ class CI_Email { if ($i === $float) { - $chunk[] = substr($set, 1); + $chunk[] = self::substr($set, 1); $float += $this->bcc_batch_size; $set = ''; } if ($i === $c-1) { - $chunk[] = substr($set, 1); + $chunk[] = self::substr($set, 1); } } @@ -1826,19 +1820,47 @@ class CI_Email { { $this->_unwrap_specials(); - $method = '_send_with_'.$this->_get_protocol(); + $protocol = $this->_get_protocol(); + $method = '_send_with_'.$protocol; if ( ! $this->$method()) { - $this->_set_error_message('lang:email_send_failure_'.($this->_get_protocol() === 'mail' ? 'phpmail' : $this->_get_protocol())); + $this->_set_error_message('lang:email_send_failure_'.($protocol === 'mail' ? 'phpmail' : $protocol)); return FALSE; } - $this->_set_error_message('lang:email_sent', $this->_get_protocol()); + $this->_set_error_message('lang:email_sent', $protocol); return TRUE; } // -------------------------------------------------------------------- + /** + * Validate email for shell + * + * Applies stricter, shell-safe validation to email addresses. + * Introduced to prevent RCE via sendmail's -f option. + * + * @see https://github.com/bcit-ci/CodeIgniter/issues/4963 + * @see https://gist.github.com/Zenexer/40d02da5e07f151adeaeeaa11af9ab36 + * @license https://creativecommons.org/publicdomain/zero/1.0/ CC0 1.0, Public Domain + * + * Credits for the base concept go to Paul Buonopane + * + * @param string $email + * @return bool + */ + protected function _validate_email_for_shell(&$email) + { + if (function_exists('idn_to_ascii') && $atpos = strpos($email, '@')) + { + $email = self::substr($email, 0, ++$atpos).idn_to_ascii(self::substr($email, $atpos)); + } + + return (filter_var($email, FILTER_VALIDATE_EMAIL) === $email && preg_match('#\A[a-z0-9._+-]+@[a-z0-9.-]{1,253}\z#i', $email)); + } + + // -------------------------------------------------------------------- + /** * Send using mail() * @@ -1851,7 +1873,11 @@ class CI_Email { $this->_recipients = implode(', ', $this->_recipients); } - if ($this->_safe_mode === TRUE) + // _validate_email_for_shell() below accepts by reference, + // so this needs to be assigned to a variable + $from = $this->clean_email($this->_headers['Return-Path']); + + if ($this->_safe_mode === TRUE || ! $this->_validate_email_for_shell($from)) { return mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str); } @@ -1859,7 +1885,7 @@ class CI_Email { { // most documentation of sendmail using the "-f" flag lacks a space after it, however // we've encountered servers that seem to require it to be in place. - return mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str, '-f '.$this->clean_email($this->_headers['Return-Path'])); + return mail($this->_recipients, $this->_subject, $this->_finalbody, $this->_header_str, '-f '.$from); } } @@ -1872,13 +1898,22 @@ class CI_Email { */ protected function _send_with_sendmail() { - // is popen() enabled? - if ( ! function_usable('popen') - OR FALSE === ($fp = @popen( - $this->mailpath.' -oi -f '.$this->clean_email($this->_headers['From']).' -t' - , 'w')) - ) // server probably has popen disabled, so nothing we can do to get a verbose error. + // _validate_email_for_shell() below accepts by reference, + // so this needs to be assigned to a variable + $from = $this->clean_email($this->_headers['From']); + if ($this->_validate_email_for_shell($from)) { + $from = '-f '.$from; + } + else + { + $from = ''; + } + + // is popen() enabled? + if ( ! function_usable('popen') OR FALSE === ($fp = @popen($this->mailpath.' -oi '.$from.' -t', 'w'))) + { + // server probably has popen disabled, so nothing we can do to get a verbose error. return FALSE; } @@ -2052,7 +2087,7 @@ class CI_Email { * * @param string * @param string - * @return string + * @return bool */ protected function _send_command($cmd, $data = '') { @@ -2115,7 +2150,7 @@ class CI_Email { $this->_debug_msg[] = '
'.$cmd.': '.$reply.'
'; - if ((int) substr($reply, 0, 3) !== $resp) + if ((int) self::substr($reply, 0, 3) !== $resp) { $this->_set_error_message('lang:email_smtp_error', $reply); return FALSE; @@ -2202,9 +2237,9 @@ class CI_Email { protected function _send_data($data) { $data .= $this->newline; - for ($written = $timestamp = 0, $length = strlen($data); $written < $length; $written += $result) + for ($written = $timestamp = 0, $length = self::strlen($data); $written < $length; $written += $result) { - if (($result = fwrite($this->_smtp_connect, substr($data, $written))) === FALSE) + if (($result = fwrite($this->_smtp_connect, self::substr($data, $written))) === FALSE) { break; } @@ -2388,4 +2423,44 @@ class CI_Email { { is_resource($this->_smtp_connect) && $this->_send_command('quit'); } + + // -------------------------------------------------------------------- + + /** + * Byte-safe strlen() + * + * @param string $str + * @return int + */ + protected static function strlen($str) + { + return (self::$func_overload) + ? mb_strlen($str, '8bit') + : strlen($str); + } + + // -------------------------------------------------------------------- + + /** + * Byte-safe substr() + * + * @param string $str + * @param int $start + * @param int $length + * @return string + */ + protected static function substr($str, $start, $length = NULL) + { + if (self::$func_overload) + { + // mb_substr($str, $start, null, '8bit') returns an empty + // string on PHP 5.3 + isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start); + return mb_substr($str, $start, $length, '8bit'); + } + + return isset($length) + ? substr($str, $start, $length) + : substr($str, $start); + } } diff --git a/htdocs/system/libraries/Encrypt.php b/htdocs/system/libraries/Encrypt.php index 1372a31..ebcc6e8 100644 --- a/htdocs/system/libraries/Encrypt.php +++ b/htdocs/system/libraries/Encrypt.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -122,7 +122,7 @@ class CI_Encrypt { $key = config_item('encryption_key'); - if ( ! strlen($key)) + if ( ! self::strlen($key)) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } @@ -252,7 +252,7 @@ class CI_Encrypt { $string = $this->_xor_merge($string, $key); $dec = ''; - for ($i = 0, $l = strlen($string); $i < $l; $i++) + for ($i = 0, $l = self::strlen($string); $i < $l; $i++) { $dec .= ($string[$i++] ^ $string[$i]); } @@ -275,7 +275,8 @@ class CI_Encrypt { { $hash = $this->hash($key); $str = ''; - for ($i = 0, $ls = strlen($string), $lh = strlen($hash); $i < $ls; $i++) + + for ($i = 0, $ls = self::strlen($string), $lh = self::strlen($hash); $i < $ls; $i++) { $str .= $string[$i] ^ $hash[($i % $lh)]; } @@ -295,7 +296,7 @@ class CI_Encrypt { public function mcrypt_encode($data, $key) { $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); - $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND); + $init_vect = mcrypt_create_iv($init_size, MCRYPT_DEV_URANDOM); return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key); } @@ -313,13 +314,14 @@ class CI_Encrypt { $data = $this->_remove_cipher_noise($data, $key); $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); - if ($init_size > strlen($data)) + if ($init_size > self::strlen($data)) { return FALSE; } - $init_vect = substr($data, 0, $init_size); - $data = substr($data, $init_size); + $init_vect = self::substr($data, 0, $init_size); + $data = self::substr($data, $init_size); + return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0"); } @@ -339,7 +341,7 @@ class CI_Encrypt { $key = $this->hash($key); $str = ''; - for ($i = 0, $j = 0, $ld = strlen($data), $lk = strlen($key); $i < $ld; ++$i, ++$j) + for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j) { if ($j >= $lk) { @@ -369,7 +371,7 @@ class CI_Encrypt { $key = $this->hash($key); $str = ''; - for ($i = 0, $j = 0, $ld = strlen($data), $lk = strlen($key); $i < $ld; ++$i, ++$j) + for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j) { if ($j >= $lk) { @@ -477,4 +479,43 @@ class CI_Encrypt { return hash($this->_hash_type, $str); } + // -------------------------------------------------------------------- + + /** + * Byte-safe strlen() + * + * @param string $str + * @return int + */ + protected static function strlen($str) + { + return defined('MB_OVERLOAD_STRING') + ? mb_strlen($str, '8bit') + : strlen($str); + } + + // -------------------------------------------------------------------- + + /** + * Byte-safe substr() + * + * @param string $str + * @param int $start + * @param int $length + * @return string + */ + protected static function substr($str, $start, $length = NULL) + { + if (defined('MB_OVERLOAD_STRING')) + { + // mb_substr($str, $start, null, '8bit') returns an empty + // string on PHP 5.3 + isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start); + return mb_substr($str, $start, $length, '8bit'); + } + + return isset($length) + ? substr($str, $start, $length) + : substr($str, $start); + } } diff --git a/htdocs/system/libraries/Encryption.php b/htdocs/system/libraries/Encryption.php index a10a5c2..c1e454d 100644 --- a/htdocs/system/libraries/Encryption.php +++ b/htdocs/system/libraries/Encryption.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 @@ -135,11 +135,11 @@ class CI_Encryption { ); /** - * mbstring.func_override flag + * mbstring.func_overload flag * * @var bool */ - protected static $func_override; + protected static $func_overload; // -------------------------------------------------------------------- @@ -152,10 +152,8 @@ class CI_Encryption { public function __construct(array $params = array()) { $this->_drivers = array( - 'mcrypt' => defined('MCRYPT_DEV_URANDOM'), - // While OpenSSL is available for PHP 5.3.0, an IV parameter - // for the encrypt/decrypt functions is only available since 5.3.3 - 'openssl' => (is_php('5.3.3') && extension_loaded('openssl')) + 'mcrypt' => defined('MCRYPT_DEV_URANDOM'), + 'openssl' => extension_loaded('openssl') ); if ( ! $this->_drivers['mcrypt'] && ! $this->_drivers['openssl']) @@ -163,7 +161,7 @@ class CI_Encryption { show_error('Encryption: Unable to find an available encryption driver.'); } - isset(self::$func_override) OR self::$func_override = (extension_loaded('mbstring') && ini_get('mbstring.func_override')); + isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')); $this->initialize($params); if ( ! isset($this->_key) && self::strlen($key = config_item('encryption_key')) > 0) @@ -909,11 +907,11 @@ class CI_Encryption { * Byte-safe strlen() * * @param string $str - * @return integer + * @return int */ protected static function strlen($str) { - return (self::$func_override) + return (self::$func_overload) ? mb_strlen($str, '8bit') : strlen($str); } @@ -930,7 +928,7 @@ class CI_Encryption { */ protected static function substr($str, $start, $length = NULL) { - if (self::$func_override) + if (self::$func_overload) { // mb_substr($str, $start, null, '8bit') returns an empty // string on PHP 5.3 diff --git a/htdocs/system/libraries/Form_validation.php b/htdocs/system/libraries/Form_validation.php index 04445f5..71d0e64 100644 --- a/htdocs/system/libraries/Form_validation.php +++ b/htdocs/system/libraries/Form_validation.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -1200,7 +1200,7 @@ class CI_Form_validation { { return FALSE; } - elseif ( ! in_array($matches[1], array('http', 'https'), TRUE)) + elseif ( ! in_array(strtolower($matches[1]), array('http', 'https'), TRUE)) { return FALSE; } @@ -1216,18 +1216,7 @@ class CI_Form_validation { $str = 'ipv6.host'.substr($str, strlen($matches[1]) + 2); } - $str = 'http://'.$str; - - // There's a bug affecting PHP 5.2.13, 5.3.2 that considers the - // underscore to be a valid hostname character instead of a dash. - // Reference: https://bugs.php.net/bug.php?id=51192 - if (version_compare(PHP_VERSION, '5.2.13', '==') OR version_compare(PHP_VERSION, '5.3.2', '==')) - { - sscanf($str, 'http://%[^/]', $host); - $str = substr_replace($str, strtr($host, array('_' => '-', '-' => '_')), 7, strlen($host)); - } - - return (filter_var($str, FILTER_VALIDATE_URL) !== FALSE); + return (filter_var('http://'.$str, FILTER_VALIDATE_URL) !== FALSE); } // -------------------------------------------------------------------- @@ -1240,9 +1229,9 @@ class CI_Form_validation { */ public function valid_email($str) { - if (function_exists('idn_to_ascii') && $atpos = strpos($str, '@')) + if (function_exists('idn_to_ascii') && preg_match('#\A([^@]+)@(.+)\z#', $str, $matches)) { - $str = substr($str, 0, ++$atpos).idn_to_ascii(substr($str, $atpos)); + $str = $matches[1].'@'.idn_to_ascii($matches[2]); } return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); diff --git a/htdocs/system/libraries/Ftp.php b/htdocs/system/libraries/Ftp.php index 88f2658..86e5b8f 100644 --- a/htdocs/system/libraries/Ftp.php +++ b/htdocs/system/libraries/Ftp.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -486,7 +486,7 @@ class CI_FTP { { for ($i = 0, $c = count($list); $i < $c; $i++) { - // If we can't delete the item it's probaly a directory, + // If we can't delete the item it's probably a directory, // so we'll recursively call delete_dir() if ( ! preg_match('#/\.\.?$#', $list[$i]) && ! @ftp_delete($this->conn_id, $list[$i])) { diff --git a/htdocs/system/libraries/Image_lib.php b/htdocs/system/libraries/Image_lib.php index 24fe8c6..88c9e7e 100644 --- a/htdocs/system/libraries/Image_lib.php +++ b/htdocs/system/libraries/Image_lib.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -392,6 +392,16 @@ class CI_Image_lib { $this->initialize($props); } + /** + * A work-around for some improperly formatted, but + * usable JPEGs; known to be produced by Samsung + * smartphones' front-facing cameras. + * + * @see https://github.com/bcit-ci/CodeIgniter/issues/4967 + * @see https://bugs.php.net/bug.php?id=72404 + */ + ini_set('gd.jpeg_ignore_warning', 1); + log_message('info', 'Image Lib Class Initialized'); } @@ -544,37 +554,30 @@ class CI_Image_lib { */ if ($this->new_image === '') { - $this->dest_image = $this->source_image; + $this->dest_image = $this->source_image; $this->dest_folder = $this->source_folder; } - elseif (strpos($this->new_image, '/') === FALSE) + elseif (strpos($this->new_image, '/') === FALSE && strpos($this->new_image, '\\') === FALSE) { + $this->dest_image = $this->new_image; $this->dest_folder = $this->source_folder; - $this->dest_image = $this->new_image; } else { - if (strpos($this->new_image, '/') === FALSE && strpos($this->new_image, '\\') === FALSE) + // Is there a file name? + if ( ! preg_match('#\.(jpg|jpeg|gif|png)$#i', $this->new_image)) { - $full_dest_path = str_replace('\\', '/', realpath($this->new_image)); + $this->dest_image = $this->source_image; + $this->dest_folder = $this->new_image; } else { - $full_dest_path = $this->new_image; + $x = explode('/', str_replace('\\', '/', $this->new_image)); + $this->dest_image = end($x); + $this->dest_folder = str_replace($this->dest_image, '', $this->new_image); } - // Is there a file name? - if ( ! preg_match('#\.(jpg|jpeg|gif|png)$#i', $full_dest_path)) - { - $this->dest_folder = $full_dest_path.'/'; - $this->dest_image = $this->source_image; - } - else - { - $x = explode('/', $full_dest_path); - $this->dest_image = end($x); - $this->dest_folder = str_replace($this->dest_image, '', $full_dest_path); - } + $this->dest_folder = realpath($this->dest_folder).'/'; } /* Compile the finalized filenames/paths @@ -886,7 +889,7 @@ class CI_Image_lib { } } - $cmd .= ' "'.escapeshellarg($this->full_src_path).'" "'.escapeshellarg($this->full_dst_path).'" 2>&1'; + $cmd .= ' '.escapeshellarg($this->full_src_path).' '.escapeshellarg($this->full_dst_path).' 2>&1'; $retval = 1; // exec() might be disabled @@ -1646,25 +1649,31 @@ class CI_Image_lib { } $vals = getimagesize($path); + if ($vals === FALSE) + { + $this->set_error('imglib_invalid_image'); + return FALSE; + } + $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png'); - $mime = (isset($types[$vals[2]])) ? 'image/'.$types[$vals[2]] : 'image/jpg'; + $mime = isset($types[$vals[2]]) ? 'image/'.$types[$vals[2]] : 'image/jpg'; if ($return === TRUE) { return array( - 'width' => $vals[0], - 'height' => $vals[1], - 'image_type' => $vals[2], - 'size_str' => $vals[3], - 'mime_type' => $mime - ); + 'width' => $vals[0], + 'height' => $vals[1], + 'image_type' => $vals[2], + 'size_str' => $vals[3], + 'mime_type' => $mime + ); } - $this->orig_width = $vals[0]; - $this->orig_height = $vals[1]; - $this->image_type = $vals[2]; - $this->size_str = $vals[3]; - $this->mime_type = $mime; + $this->orig_width = $vals[0]; + $this->orig_height = $vals[1]; + $this->image_type = $vals[2]; + $this->size_str = $vals[3]; + $this->mime_type = $mime; return TRUE; } diff --git a/htdocs/system/libraries/Javascript.php b/htdocs/system/libraries/Javascript.php index dcf9337..7648526 100644 --- a/htdocs/system/libraries/Javascript.php +++ b/htdocs/system/libraries/Javascript.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/libraries/Javascript/Jquery.php b/htdocs/system/libraries/Javascript/Jquery.php index 9df1be1..ee5f9de 100644 --- a/htdocs/system/libraries/Javascript/Jquery.php +++ b/htdocs/system/libraries/Javascript/Jquery.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/libraries/Migration.php b/htdocs/system/libraries/Migration.php index 316c94a..2a87d9d 100644 --- a/htdocs/system/libraries/Migration.php +++ b/htdocs/system/libraries/Migration.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 @@ -288,10 +288,7 @@ class CI_Migration { $this->_error_string = sprintf($this->lang->line('migration_class_doesnt_exist'), $class); return FALSE; } - // method_exists() returns true for non-public methods, - // while is_callable() can't be used without instantiating. - // Only get_class_methods() satisfies both conditions. - elseif ( ! in_array($method, array_map('strtolower', get_class_methods($class)))) + elseif ( ! is_callable(array($class, $method))) { $this->_error_string = sprintf($this->lang->line('migration_missing_'.$method.'_method'), $class); return FALSE; diff --git a/htdocs/system/libraries/Pagination.php b/htdocs/system/libraries/Pagination.php index 44f848f..f26f8a4 100644 --- a/htdocs/system/libraries/Pagination.php +++ b/htdocs/system/libraries/Pagination.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -428,7 +428,7 @@ class CI_Pagination { { $get = $this->CI->input->get(); - // Unset the controll, method, old-school routing options + // Unset the control, method, old-school routing options unset($get['c'], $get['m'], $get[$this->query_string_segment]); } else diff --git a/htdocs/system/libraries/Parser.php b/htdocs/system/libraries/Parser.php index 22cffb2..fdd958b 100644 --- a/htdocs/system/libraries/Parser.php +++ b/htdocs/system/libraries/Parser.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 diff --git a/htdocs/system/libraries/Profiler.php b/htdocs/system/libraries/Profiler.php index cf455d3..9ea09a5 100644 --- a/htdocs/system/libraries/Profiler.php +++ b/htdocs/system/libraries/Profiler.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 @@ -316,7 +316,7 @@ class CI_Profiler { { is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'"; $val = (is_array($val) OR is_object($val)) - ? '
'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+					? '
'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset')).'
'
 					: htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
 
 				$output .= '$_GET['
@@ -356,7 +356,7 @@ class CI_Profiler {
 			{
 				is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'";
 				$val = (is_array($val) OR is_object($val))
-					? '
'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+					? '
'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset')).'
'
 					: htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
 
 				$output .= '$_POST['
@@ -368,7 +368,7 @@ class CI_Profiler {
 			{
 				is_int($key) OR $key = "'".htmlspecialchars($key, ENT_QUOTES, config_item('charset'))."'";
 				$val = (is_array($val) OR is_object($val))
-					? '
'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset'))
+					? '
'.htmlspecialchars(print_r($val, TRUE), ENT_QUOTES, config_item('charset')).'
'
 					: htmlspecialchars($val, ENT_QUOTES, config_item('charset'));
 
 				$output .= '$_FILES['
@@ -490,7 +490,7 @@ class CI_Profiler {
 			}
 
 			$output .= ''
-				.$config.'  '.htmlspecialchars($val)."\n";
+				.$config.'  '.htmlspecialchars($val, ENT_QUOTES, config_item('charset'))."\n";
 		}
 
 		return $output."\n";
@@ -522,7 +522,7 @@ class CI_Profiler {
 			}
 
 			$output .= ''
-				.$key.'  '.htmlspecialchars($val)."\n";
+				.$key.'  '.htmlspecialchars($val, ENT_QUOTES, config_item('charset'))."\n";
 		}
 
 		return $output."\n";
diff --git a/htdocs/system/libraries/Session/Session.php b/htdocs/system/libraries/Session/Session.php
index 3b391a8..eb433de 100644
--- a/htdocs/system/libraries/Session/Session.php
+++ b/htdocs/system/libraries/Session/Session.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 2.0.0
@@ -57,6 +57,7 @@ class CI_Session {
 
 	protected $_driver = 'files';
 	protected $_config;
+	protected $_sid_regexp;
 
 	// ------------------------------------------------------------------------
 
@@ -99,6 +100,7 @@ class CI_Session {
 
 		// Configuration ...
 		$this->_configure($params);
+		$this->_config['_sid_regexp'] = $this->_sid_regexp;
 
 		$class = new $class($this->_config);
 		if ($class instanceof SessionHandlerInterface)
@@ -131,7 +133,7 @@ class CI_Session {
 		if (isset($_COOKIE[$this->_config['cookie_name']])
 			&& (
 				! is_string($_COOKIE[$this->_config['cookie_name']])
-				OR ! preg_match('/^[0-9a-f]{40}$/', $_COOKIE[$this->_config['cookie_name']])
+				OR ! preg_match('#\A'.$this->_sid_regexp.'\z#', $_COOKIE[$this->_config['cookie_name']])
 			)
 		)
 		{
@@ -315,8 +317,82 @@ class CI_Session {
 		ini_set('session.use_strict_mode', 1);
 		ini_set('session.use_cookies', 1);
 		ini_set('session.use_only_cookies', 1);
-		ini_set('session.hash_function', 1);
-		ini_set('session.hash_bits_per_character', 4);
+
+		$this->_configure_sid_length();
+	}
+
+	// ------------------------------------------------------------------------
+
+	/**
+	 * Configure session ID length
+	 *
+	 * To make life easier, we used to force SHA-1 and 4 bits per
+	 * character on everyone. And of course, someone was unhappy.
+	 *
+	 * Then PHP 7.1 broke backwards-compatibility because ext/session
+	 * is such a mess that nobody wants to touch it with a pole stick,
+	 * and the one guy who does, nobody has the energy to argue with.
+	 *
+	 * So we were forced to make changes, and OF COURSE something was
+	 * going to break and now we have this pile of shit. -- Narf
+	 *
+	 * @return	void
+	 */
+	protected function _configure_sid_length()
+	{
+		if (PHP_VERSION_ID < 70100)
+		{
+			$hash_function = ini_get('session.hash_function');
+			if (ctype_digit($hash_function))
+			{
+				if ($hash_function !== '1')
+				{
+					ini_set('session.hash_function', 1);
+				}
+
+				$bits = 160;
+			}
+			elseif ( ! in_array($hash_function, hash_algos(), TRUE))
+			{
+				ini_set('session.hash_function', 1);
+				$bits = 160;
+			}
+			elseif (($bits = strlen(hash($hash_function, 'dummy', false)) * 4) < 160)
+			{
+				ini_set('session.hash_function', 1);
+				$bits = 160;
+			}
+
+			$bits_per_character = (int) ini_get('session.hash_bits_per_character');
+			$sid_length         = (int) ceil($bits / $bits_per_character);
+		}
+		else
+		{
+			$bits_per_character = (int) ini_get('session.sid_bits_per_character');
+			$sid_length         = (int) ini_get('session.sid_length');
+			if (($bits = $sid_length * $bits_per_character) < 160)
+			{
+				// Add as many more characters as necessary to reach at least 160 bits
+				$sid_length += (int) ceil((160 % $bits) / $bits_per_character);
+				ini_set('session.sid_length', $sid_length);
+			}
+		}
+
+		// Yes, 4,5,6 are the only known possible values as of 2016-10-27
+		switch ($bits_per_character)
+		{
+			case 4:
+				$this->_sid_regexp = '[0-9a-f]';
+				break;
+			case 5:
+				$this->_sid_regexp = '[0-9a-v]';
+				break;
+			case 6:
+				$this->_sid_regexp = '[0-9a-zA-Z,-]';
+				break;
+		}
+
+		$this->_sid_regexp .= '{'.$sid_length.'}';
 	}
 
 	// ------------------------------------------------------------------------
diff --git a/htdocs/system/libraries/Session/SessionHandlerInterface.php b/htdocs/system/libraries/Session/SessionHandlerInterface.php
index b3533dd..2eef61d 100644
--- a/htdocs/system/libraries/Session/SessionHandlerInterface.php
+++ b/htdocs/system/libraries/Session/SessionHandlerInterface.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
diff --git a/htdocs/system/libraries/Session/Session_driver.php b/htdocs/system/libraries/Session/Session_driver.php
index 55ddb25..f32f14a 100644
--- a/htdocs/system/libraries/Session/Session_driver.php
+++ b/htdocs/system/libraries/Session/Session_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
diff --git a/htdocs/system/libraries/Session/drivers/Session_database_driver.php b/htdocs/system/libraries/Session/drivers/Session_database_driver.php
index cb152f9..b519b78 100644
--- a/htdocs/system/libraries/Session/drivers/Session_database_driver.php
+++ b/htdocs/system/libraries/Session/drivers/Session_database_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -209,7 +209,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 		$this->_db->reset_query();
 
 		// Was the ID regenerated?
-		if ($session_id !== $this->_session_id)
+		if (isset($this->_session_id) && $session_id !== $this->_session_id)
 		{
 			if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
 			{
@@ -354,7 +354,7 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 	{
 		if ($this->_platform === 'mysql')
 		{
-			$arg = $session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : '');
+			$arg = md5($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''));
 			if ($this->_db->query("SELECT GET_LOCK('".$arg."', 300) AS ci_session_lock")->row()->ci_session_lock)
 			{
 				$this->_lock = $arg;
@@ -417,4 +417,4 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
 
 		return parent::_release_lock();
 	}
-}
\ No newline at end of file
+}
diff --git a/htdocs/system/libraries/Session/drivers/Session_files_driver.php b/htdocs/system/libraries/Session/drivers/Session_files_driver.php
index 57c3777..8860ef6 100644
--- a/htdocs/system/libraries/Session/drivers/Session_files_driver.php
+++ b/htdocs/system/libraries/Session/drivers/Session_files_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -76,6 +76,20 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 	 */
 	protected $_file_new;
 
+	/**
+	 * Validate SID regular expression
+	 *
+	 * @var	string
+	 */
+	protected $_sid_regexp;
+
+	/**
+	 * mbstring.func_overload flag
+	 *
+	 * @var	bool
+	 */
+	protected static $func_overload;
+
 	// ------------------------------------------------------------------------
 
 	/**
@@ -98,6 +112,10 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 			log_message('debug', 'Session: "sess_save_path" is empty; using "session.save_path" value from php.ini.');
 			$this->_config['save_path'] = rtrim(ini_get('session.save_path'), '/\\');
 		}
+
+		$this->_sid_regexp = $this->_config['_sid_regexp'];
+
+		isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
 	}
 
 	// ------------------------------------------------------------------------
@@ -149,18 +167,9 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 		// which re-reads session data
 		if ($this->_file_handle === NULL)
 		{
-			// Just using fopen() with 'c+b' mode would be perfect, but it is only
-			// available since PHP 5.2.6 and we have to set permissions for new files,
-			// so we'd have to hack around this ...
-			if (($this->_file_new = ! file_exists($this->_file_path.$session_id)) === TRUE)
-			{
-				if (($this->_file_handle = fopen($this->_file_path.$session_id, 'w+b')) === FALSE)
-				{
-					log_message('error', "Session: File '".$this->_file_path.$session_id."' doesn't exist and cannot be created.");
-					return $this->_failure;
-				}
-			}
-			elseif (($this->_file_handle = fopen($this->_file_path.$session_id, 'r+b')) === FALSE)
+			$this->_file_new = ! file_exists($this->_file_path.$session_id);
+
+			if (($this->_file_handle = fopen($this->_file_path.$session_id, 'c+b')) === FALSE)
 			{
 				log_message('error', "Session: Unable to open file '".$this->_file_path.$session_id."'.");
 				return $this->_failure;
@@ -196,7 +205,7 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 		}
 
 		$session_data = '';
-		for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += strlen($buffer))
+		for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += self::strlen($buffer))
 		{
 			if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE)
 			{
@@ -352,10 +361,13 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 
 		$ts = time() - $maxlifetime;
 
+		$pattern = ($this->_config['match_ip'] === TRUE)
+			? '[0-9a-f]{32}'
+			: '';
+
 		$pattern = sprintf(
-			'/^%s[0-9a-f]{%d}$/',
-			preg_quote($this->_config['cookie_name'], '/'),
-			($this->_config['match_ip'] === TRUE ? 72 : 40)
+			'#\A%s'.$pattern.$this->_sid_regexp.'\z#',
+			preg_quote($this->_config['cookie_name'])
 		);
 
 		while (($file = readdir($directory)) !== FALSE)
@@ -377,4 +389,18 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle
 		return $this->_success;
 	}
 
-}
\ No newline at end of file
+	// --------------------------------------------------------------------
+
+	/**
+	 * Byte-safe strlen()
+	 *
+	 * @param	string	$str
+	 * @return	int
+	 */
+	protected static function strlen($str)
+	{
+		return (self::$func_overload)
+			? mb_strlen($str, '8bit')
+			: strlen($str);
+	}
+}
diff --git a/htdocs/system/libraries/Session/drivers/Session_memcached_driver.php b/htdocs/system/libraries/Session/drivers/Session_memcached_driver.php
index 88eb4b3..2556bf0 100644
--- a/htdocs/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/htdocs/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -186,7 +186,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 	 */
 	public function write($session_id, $session_data)
 	{
-		if ( ! isset($this->_memcached))
+		if ( ! isset($this->_memcached, $this->_lock_key))
 		{
 			return $this->_fail();
 		}
@@ -202,32 +202,25 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 			$this->_session_id = $session_id;
 		}
 
-		if (isset($this->_lock_key))
+		$key = $this->_key_prefix.$session_id;
+
+		$this->_memcached->replace($this->_lock_key, time(), 300);
+		if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
 		{
-			$key = $this->_key_prefix.$session_id;
-
-			$this->_memcached->replace($this->_lock_key, time(), 300);
-			if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
-			{
-				if (
-					$this->_memcached->replace($key, $session_data, $this->_config['expiration'])
-					OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
-				)
-				{
-					$this->_fingerprint = $fingerprint;
-					return $this->_success;
-				}
-
-				return $this->_fail();
-			}
-
-			if (
-				$this->_memcached->touch($key, $this->_config['expiration'])
-				OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
-			)
+			if ($this->_memcached->set($key, $session_data, $this->_config['expiration']))
 			{
+				$this->_fingerprint = $fingerprint;
 				return $this->_success;
 			}
+
+			return $this->_fail();
+		}
+		elseif (
+			$this->_memcached->touch($key, $this->_config['expiration'])
+			OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
+		)
+		{
+			return $this->_success;
 		}
 
 		return $this->_fail();
@@ -379,4 +372,4 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
 
 		return TRUE;
 	}
-}
\ No newline at end of file
+}
diff --git a/htdocs/system/libraries/Session/drivers/Session_redis_driver.php b/htdocs/system/libraries/Session/drivers/Session_redis_driver.php
index 8db74c0..e220a29 100644
--- a/htdocs/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/htdocs/system/libraries/Session/drivers/Session_redis_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -51,7 +51,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 	/**
 	 * phpRedis instance
 	 *
-	 * @var	resource
+	 * @var	Redis
 	 */
 	protected $_redis;
 
@@ -199,7 +199,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 	 */
 	public function write($session_id, $session_data)
 	{
-		if ( ! isset($this->_redis))
+		if ( ! isset($this->_redis, $this->_lock_key))
 		{
 			return $this->_fail();
 		}
@@ -215,27 +215,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
 			$this->_session_id = $session_id;
 		}
 
-		if (isset($this->_lock_key))
+		$this->_redis->setTimeout($this->_lock_key, 300);
+		if ($this->_fingerprint !== ($fingerprint = md5($session_data)) OR $this->_key_exists === FALSE)
 		{
-			$this->_redis->setTimeout($this->_lock_key, 300);
-			if ($this->_fingerprint !== ($fingerprint = md5($session_data)) OR $this->_key_exists === FALSE)
+			if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
 			{
-				if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
-				{
-					$this->_fingerprint = $fingerprint;
-					$this->_key_exists = TRUE;
-					return $this->_success;
-				}
-
-				return $this->_fail();
+				$this->_fingerprint = $fingerprint;
+				$this->_key_exists = TRUE;
+				return $this->_success;
 			}
 
-			return ($this->_redis->setTimeout($this->_key_prefix.$session_id, $this->_config['expiration']))
-				? $this->_success
-				: $this->_fail();
+			return $this->_fail();
 		}
 
-		return $this->_fail();
+		return ($this->_redis->setTimeout($this->_key_prefix.$session_id, $this->_config['expiration']))
+			? $this->_success
+			: $this->_fail();
 	}
 
 	// ------------------------------------------------------------------------
diff --git a/htdocs/system/libraries/Table.php b/htdocs/system/libraries/Table.php
index 3bce294..50c5e35 100644
--- a/htdocs/system/libraries/Table.php
+++ b/htdocs/system/libraries/Table.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.3.1
@@ -277,6 +277,7 @@ class CI_Table {
 	public function set_caption($caption)
 	{
 		$this->caption = $caption;
+		return $this;
 	}
 
 	// --------------------------------------------------------------------
@@ -434,7 +435,7 @@ class CI_Table {
 	/**
 	 * Set table data from a database result object
 	 *
-	 * @param	CI_DB_result	$db_result	Database result object
+	 * @param	CI_DB_result	$object	Database result object
 	 * @return	void
 	 */
 	protected function _set_from_db_result($object)
diff --git a/htdocs/system/libraries/Trackback.php b/htdocs/system/libraries/Trackback.php
index a9b2564..55e9a0e 100644
--- a/htdocs/system/libraries/Trackback.php
+++ b/htdocs/system/libraries/Trackback.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.0.0
@@ -370,7 +370,7 @@ class CI_Trackback {
 	{
 		$url = trim($url);
 
-		if (strpos($url, 'http') !== 0)
+		if (stripos($url, 'http') !== 0)
 		{
 			$url = 'http://'.$url;
 		}
diff --git a/htdocs/system/libraries/Typography.php b/htdocs/system/libraries/Typography.php
index c45398b..b25d8fd 100644
--- a/htdocs/system/libraries/Typography.php
+++ b/htdocs/system/libraries/Typography.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.0.0
@@ -241,7 +241,7 @@ class CI_Typography {
 						// Clean up stray paragraph tags that appear before block level elements
 						'#
<('.$this->block_elements.')#'	=> '<$1',
 
-						// Clean up stray non-breaking spaces preceeding block elements
+						// Clean up stray non-breaking spaces preceding block elements
 						'#( \s*)+<('.$this->block_elements.')#'	=> '  <$2',
 
 						// Replace the temporary markers we added earlier
diff --git a/htdocs/system/libraries/Unit_test.php b/htdocs/system/libraries/Unit_test.php
index 3ac6af7..38e0fbd 100644
--- a/htdocs/system/libraries/Unit_test.php
+++ b/htdocs/system/libraries/Unit_test.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.3.1
@@ -154,7 +154,6 @@ class CI_Unit_test {
 
 		if (in_array($expected, array('is_object', 'is_string', 'is_bool', 'is_true', 'is_false', 'is_int', 'is_numeric', 'is_float', 'is_double', 'is_array', 'is_null', 'is_resource'), TRUE))
 		{
-			$expected = str_replace('is_double', 'is_float', $expected);
 			$result = $expected($test);
 			$extype = str_replace(array('true', 'false'), 'bool', str_replace('is_', '', $expected));
 		}
@@ -291,7 +290,7 @@ class CI_Unit_test {
 				{
 					continue;
 				}
-				elseif (in_array($key, array('test_name', 'test_datatype', 'test_res_datatype', 'result'), TRUE))
+				elseif (in_array($key, array('test_name', 'test_datatype', 'res_datatype', 'result'), TRUE))
 				{
 					if (FALSE !== ($line = $CI->lang->line(strtolower('ut_'.$val), FALSE)))
 					{
diff --git a/htdocs/system/libraries/Upload.php b/htdocs/system/libraries/Upload.php
index 056f6de..b37cc2f 100644
--- a/htdocs/system/libraries/Upload.php
+++ b/htdocs/system/libraries/Upload.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.0.0
@@ -1083,16 +1083,27 @@ class CI_Upload {
 			return FALSE;
 		}
 
-		if (memory_get_usage() && ($memory_limit = ini_get('memory_limit')))
+		if (memory_get_usage() && ($memory_limit = ini_get('memory_limit')) > 0)
 		{
-			$memory_limit *= 1024 * 1024;
-
-			// There was a bug/behavioural change in PHP 5.2, where numbers over one million get output
-			// into scientific notation. number_format() ensures this number is an integer
-			// http://bugs.php.net/bug.php?id=43053
-
-			$memory_limit = number_format(ceil(filesize($file) + $memory_limit), 0, '.', '');
+			$memory_limit = str_split($memory_limit, strspn($memory_limit, '1234567890'));
+			if ( ! empty($memory_limit[1]))
+			{
+				switch ($memory_limit[1][0])
+				{
+					case 'g':
+					case 'G':
+						$memory_limit[0] *= 1024 * 1024 * 1024;
+						break;
+					case 'm':
+					case 'M':
+						$memory_limit[0] *= 1024 * 1024;
+						break;
+					default:
+						break;
+				}
+			}
 
+			$memory_limit = (int) ceil(filesize($file) + $memory_limit[0]);
 			ini_set('memory_limit', $memory_limit); // When an integer is used, the value is measured in bytes. - PHP.net
 		}
 
@@ -1207,10 +1218,13 @@ class CI_Upload {
 		// We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii)
 		$regexp = '/^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/';
 
-		/* Fileinfo extension - most reliable method
+		/**
+		 * Fileinfo extension - most reliable method
 		 *
-		 * Unfortunately, prior to PHP 5.3 - it's only available as a PECL extension and the
-		 * more convenient FILEINFO_MIME_TYPE flag doesn't exist.
+		 * Apparently XAMPP, CentOS, cPanel and who knows what
+		 * other PHP distribution channels EXPLICITLY DISABLE
+		 * ext/fileinfo, which is otherwise enabled by default
+		 * since PHP 5.3 ...
 		 */
 		if (function_exists('finfo_file'))
 		{
diff --git a/htdocs/system/libraries/User_agent.php b/htdocs/system/libraries/User_agent.php
index 60d1599..cda3ef0 100644
--- a/htdocs/system/libraries/User_agent.php
+++ b/htdocs/system/libraries/User_agent.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.0.0
diff --git a/htdocs/system/libraries/Xmlrpc.php b/htdocs/system/libraries/Xmlrpc.php
index f965858..6fa7918 100644
--- a/htdocs/system/libraries/Xmlrpc.php
+++ b/htdocs/system/libraries/Xmlrpc.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.0.0
@@ -238,7 +238,7 @@ class CI_Xmlrpc {
 	public $result;
 
 	/**
-	 * XML-RPC Reponse
+	 * XML-RPC Response
 	 *
 	 * @var	array
 	 */
@@ -352,7 +352,7 @@ class CI_Xmlrpc {
 	 */
 	public function server($url, $port = 80, $proxy = FALSE, $proxy_port = 8080)
 	{
-		if (strpos($url, 'http') !== 0)
+		if (stripos($url, 'http') !== 0)
 		{
 			$url = 'http://'.$url;
 		}
@@ -460,7 +460,7 @@ class CI_Xmlrpc {
 			{
 				if (is_array($value[0]) && ($value[1] === 'struct' OR $value[1] === 'array'))
 				{
-					while (list($k) = each($value[0]))
+					foreach (array_keys($value[0]) as $k)
 					{
 						$value[0][$k] = $this->values_parsing($value[0][$k]);
 					}
@@ -735,6 +735,8 @@ class XML_RPC_Client extends CI_Xmlrpc
 			.'Content-Length: '.strlen($msg->payload).$r.$r
 			.$msg->payload;
 
+		stream_set_timeout($fp, $this->timeout); // set timeout for subsequent operations
+
 		for ($written = $timestamp = 0, $length = strlen($op); $written < $length; $written += $result)
 		{
 			if (($result = fwrite($fp, substr($op, $written))) === FALSE)
@@ -753,9 +755,6 @@ class XML_RPC_Client extends CI_Xmlrpc
 					$result = FALSE;
 					break;
 				}
-
-				usleep(250000);
-				continue;
 			}
 			else
 			{
@@ -932,15 +931,15 @@ class XML_RPC_Response
 
 		if (is_array($array))
 		{
-			while (list($key) = each($array))
+			foreach ($array as $key => &$value)
 			{
-				if (is_array($array[$key]))
+				if (is_array($value))
 				{
-					$array[$key] = $this->decode($array[$key]);
+					$array[$key] = $this->decode($value);
 				}
 				elseif ($this->xss_clean)
 				{
-					$array[$key] = $CI->security->xss_clean($array[$key]);
+					$array[$key] = $CI->security->xss_clean($value);
 				}
 			}
 
@@ -994,10 +993,11 @@ class XML_RPC_Response
 			reset($xmlrpc_val->me['struct']);
 			$arr = array();
 
-			while (list($key,$value) = each($xmlrpc_val->me['struct']))
+			foreach ($xmlrpc_val->me['struct'] as $key => &$value)
 			{
 				$arr[$key] = $this->xmlrpc_decoder($value);
 			}
+
 			return $arr;
 		}
 	}
@@ -1563,17 +1563,17 @@ class XML_RPC_Message extends CI_Xmlrpc
 
 		if ( ! empty($array))
 		{
-			while (list($key) = each($array))
+			foreach ($array as $key => &$value)
 			{
-				if (is_array($array[$key]))
+				if (is_array($value))
 				{
-					$array[$key] = $this->output_parameters($array[$key]);
+					$array[$key] = $this->output_parameters($value);
 				}
 				elseif ($key !== 'bits' && $this->xss_clean)
 				{
 					// 'bits' is for the MetaWeblog API image bits
 					// @todo - this needs to be made more general purpose
-					$array[$key] = $CI->security->xss_clean($array[$key]);
+					$array[$key] = $CI->security->xss_clean($value);
 				}
 			}
 
@@ -1633,7 +1633,7 @@ class XML_RPC_Message extends CI_Xmlrpc
 			reset($param->me['struct']);
 			$arr = array();
 
-			while (list($key,$value) = each($param->me['struct']))
+			foreach ($param->me['struct'] as $key => &$value)
 			{
 				$arr[$key] = $this->decode_message($value);
 			}
@@ -1824,7 +1824,7 @@ class XML_RPC_Values extends CI_Xmlrpc
 				// struct
 				$rs .= "\n";
 				reset($val);
-				while (list($key2, $val2) = each($val))
+				foreach ($val as $key2 => &$val2)
 				{
 					$rs .= "\n{$key2}\n".$this->serializeval($val2)."\n";
 				}
@@ -1885,11 +1885,9 @@ class XML_RPC_Values extends CI_Xmlrpc
 	 */
 	public function serializeval($o)
 	{
-		$ar = $o->me;
-		reset($ar);
-
-		list($typ, $val) = each($ar);
-		return "\n".$this->serializedata($typ, $val)."\n";
+		$array = $o->me;
+		list($value, $type) = array(reset($array), key($array));
+		return "\n".$this->serializedata($type, $value)."\n";
 	}
 
 	// --------------------------------------------------------------------
@@ -1901,8 +1899,7 @@ class XML_RPC_Values extends CI_Xmlrpc
 	 */
 	public function scalarval()
 	{
-		reset($this->me);
-		return current($this->me);
+		return reset($this->me);
 	}
 
 	// --------------------------------------------------------------------
diff --git a/htdocs/system/libraries/Xmlrpcs.php b/htdocs/system/libraries/Xmlrpcs.php
index afcdbe6..0274f13 100644
--- a/htdocs/system/libraries/Xmlrpcs.php
+++ b/htdocs/system/libraries/Xmlrpcs.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.0.0
@@ -339,11 +339,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc {
 		//-------------------------------------
 
 		$method_parts = explode('.', $this->methods[$methName]['function']);
-		$objectCall = (isset($method_parts[1]) && $method_parts[1] !== '');
+		$objectCall   = ! empty($method_parts[1]);
 
 		if ($system_call === TRUE)
 		{
-			if ( ! is_callable(array($this,$method_parts[1])))
+			if ( ! is_callable(array($this, $method_parts[1])))
 			{
 				return new XML_RPC_Response(0, $this->xmlrpcerr['unknown_method'], $this->xmlrpcstr['unknown_method']);
 			}
@@ -400,11 +400,11 @@ class CI_Xmlrpcs extends CI_Xmlrpc {
 			}
 			elseif ($this->object === FALSE)
 			{
-				return get_instance()->$method_parts[1]($m);
+				return get_instance()->{$method_parts[1]}($m);
 			}
 			else
 			{
-				return $this->object->$method_parts[1]($m);
+				return $this->object->{$method_parts[1]}($m);
 			}
 		}
 		else
@@ -584,7 +584,7 @@ class CI_Xmlrpcs extends CI_Xmlrpc {
 			return $this->multicall_error('nomethod');
 		}
 
-		list($scalar_type, $scalar_value) = each($methName->me);
+		list($scalar_value, $scalar_type) = array(reset($methName->me), key($methName->me));
 		$scalar_type = $scalar_type === $this->xmlrpcI4 ? $this->xmlrpcInt : $scalar_type;
 
 		if ($methName->kindOf() !== 'scalar' OR $scalar_type !== 'string')
@@ -604,7 +604,7 @@ class CI_Xmlrpcs extends CI_Xmlrpc {
 			return $this->multicall_error('notarray');
 		}
 
-		list($a, $b) = each($params->me);
+		list($b, $a) = array(reset($params->me), key($params->me));
 
 		$msg = new XML_RPC_Message($scalar_value);
 		for ($i = 0, $numParams = count($b); $i < $numParams; $i++)
diff --git a/htdocs/system/libraries/Zip.php b/htdocs/system/libraries/Zip.php
index 140ad72..2c71e1f 100644
--- a/htdocs/system/libraries/Zip.php
+++ b/htdocs/system/libraries/Zip.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
+ * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -29,7 +29,7 @@
  * @package	CodeIgniter
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright	Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 1.0.0
@@ -105,6 +105,13 @@ class CI_Zip {
 	 */
 	public $compression_level = 2;
 
+	/**
+	 * mbstring.func_overload flag
+	 *
+	 * @var	bool
+	 */
+	protected static $func_overload;
+
 	/**
 	 * Initialize zip compression class
 	 *
@@ -112,6 +119,8 @@ class CI_Zip {
 	 */
 	public function __construct()
 	{
+		isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
+
 		$this->now = time();
 		log_message('info', 'Zip Compression Class Initialized');
 	}
@@ -182,7 +191,7 @@ class CI_Zip {
 			.pack('V', 0) // crc32
 			.pack('V', 0) // compressed filesize
 			.pack('V', 0) // uncompressed filesize
-			.pack('v', strlen($dir)) // length of pathname
+			.pack('v', self::strlen($dir)) // length of pathname
 			.pack('v', 0) // extra field length
 			.$dir
 			// below is "data descriptor" segment
@@ -197,7 +206,7 @@ class CI_Zip {
 			.pack('V',0) // crc32
 			.pack('V',0) // compressed filesize
 			.pack('V',0) // uncompressed filesize
-			.pack('v', strlen($dir)) // length of pathname
+			.pack('v', self::strlen($dir)) // length of pathname
 			.pack('v', 0) // extra field length
 			.pack('v', 0) // file comment length
 			.pack('v', 0) // disk number start
@@ -206,7 +215,7 @@ class CI_Zip {
 			.pack('V', $this->offset) // relative offset of local header
 			.$dir;
 
-		$this->offset = strlen($this->zipdata);
+		$this->offset = self::strlen($this->zipdata);
 		$this->entries++;
 	}
 
@@ -255,10 +264,10 @@ class CI_Zip {
 	{
 		$filepath = str_replace('\\', '/', $filepath);
 
-		$uncompressed_size = strlen($data);
+		$uncompressed_size = self::strlen($data);
 		$crc32  = crc32($data);
-		$gzdata = substr(gzcompress($data, $this->compression_level), 2, -4);
-		$compressed_size = strlen($gzdata);
+		$gzdata = self::substr(gzcompress($data, $this->compression_level), 2, -4);
+		$compressed_size = self::strlen($gzdata);
 
 		$this->zipdata .=
 			"\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00"
@@ -267,7 +276,7 @@ class CI_Zip {
 			.pack('V', $crc32)
 			.pack('V', $compressed_size)
 			.pack('V', $uncompressed_size)
-			.pack('v', strlen($filepath)) // length of filename
+			.pack('v', self::strlen($filepath)) // length of filename
 			.pack('v', 0) // extra field length
 			.$filepath
 			.$gzdata; // "file data" segment
@@ -279,7 +288,7 @@ class CI_Zip {
 			.pack('V', $crc32)
 			.pack('V', $compressed_size)
 			.pack('V', $uncompressed_size)
-			.pack('v', strlen($filepath)) // length of filename
+			.pack('v', self::strlen($filepath)) // length of filename
 			.pack('v', 0) // extra field length
 			.pack('v', 0) // file comment length
 			.pack('v', 0) // disk number start
@@ -288,7 +297,7 @@ class CI_Zip {
 			.pack('V', $this->offset) // relative offset of local header
 			.$filepath;
 
-		$this->offset = strlen($this->zipdata);
+		$this->offset = self::strlen($this->zipdata);
 		$this->entries++;
 		$this->file_num++;
 	}
@@ -401,8 +410,8 @@ class CI_Zip {
 			.$this->directory."\x50\x4b\x05\x06\x00\x00\x00\x00"
 			.pack('v', $this->entries) // total # of entries "on this disk"
 			.pack('v', $this->entries) // total # of entries overall
-			.pack('V', strlen($this->directory)) // size of central dir
-			.pack('V', strlen($this->zipdata)) // offset to start of central dir
+			.pack('V', self::strlen($this->directory)) // size of central dir
+			.pack('V', self::strlen($this->zipdata)) // offset to start of central dir
 			."\x00\x00"; // .zip file comment length
 	}
 
@@ -425,9 +434,9 @@ class CI_Zip {
 
 		flock($fp, LOCK_EX);
 
-		for ($result = $written = 0, $data = $this->get_zip(), $length = strlen($data); $written < $length; $written += $result)
+		for ($result = $written = 0, $data = $this->get_zip(), $length = self::strlen($data); $written < $length; $written += $result)
 		{
-			if (($result = fwrite($fp, substr($data, $written))) === FALSE)
+			if (($result = fwrite($fp, self::substr($data, $written))) === FALSE)
 			{
 				break;
 			}
@@ -481,4 +490,43 @@ class CI_Zip {
 		return $this;
 	}
 
+	// --------------------------------------------------------------------
+
+	/**
+	 * Byte-safe strlen()
+	 *
+	 * @param	string	$str
+	 * @return	int
+	 */
+	protected static function strlen($str)
+	{
+		return (self::$func_overload)
+			? mb_strlen($str, '8bit')
+			: strlen($str);
+	}
+
+	// --------------------------------------------------------------------
+
+	/**
+	 * Byte-safe substr()
+	 *
+	 * @param	string	$str
+	 * @param	int	$start
+	 * @param	int	$length
+	 * @return	string
+	 */
+	protected static function substr($str, $start, $length = NULL)
+	{
+		if (self::$func_overload)
+		{
+			// mb_substr($str, $start, null, '8bit') returns an empty
+			// string on PHP 5.3
+			isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
+			return mb_substr($str, $start, $length, '8bit');
+		}
+
+		return isset($length)
+			? substr($str, $start, $length)
+			: substr($str, $start);
+	}
 }
diff --git a/htdocs/themes/bootstrap/js/stikked.js b/htdocs/themes/bootstrap/js/stikked.js
index 628e788..b89e601 100644
--- a/htdocs/themes/bootstrap/js/stikked.js
+++ b/htdocs/themes/bootstrap/js/stikked.js
@@ -38,24 +38,24 @@ ST.spamadmin = function() {
         return this.add(selector == null ? this.prevObject : this.prevObject.filter(selector));
     }
 
-    $('.selectable>tbody').selectable({
-        filter: 'tr',
-        cancel: 'a',
-        stop: function() {
-            var $deletestack = $(".paste_deletestack");
-            var $input = $("input[name=pastes_to_delete]");
-            $('.inv').show();
-            $deletestack.empty();
-            $input.empty();
-            var res = [];
-            $(".ui-selected").each(function(i, el) {
-                var id = $('a', el).attr('href').split('view/')[1];
-                res.push(id);
-            });
-            $deletestack.text(res.join(' '));
-            $input.val(res.join(' '));
-        }
-    });
+    // $('.selectable>tbody').selectable({
+    //     filter: 'tr',
+    //     cancel: 'a',
+    //     stop: function() {
+    //         var $deletestack = $(".paste_deletestack");
+    //         var $input = $("input[name=pastes_to_delete]");
+    //         $('.inv').show();
+    //         $deletestack.empty();
+    //         $input.empty();
+    //         var res = [];
+    //         $(".ui-selected").each(function(i, el) {
+    //             var id = $('a', el).attr('href').split('view/')[1];
+    //             res.push(id);
+    //         });
+    //         $deletestack.text(res.join(' '));
+    //         $input.val(res.join(' '));
+    //     }
+    // });
 };
 
 ST.line_highlighter = function() {
@@ -128,9 +128,6 @@ ST.crypto = function() {
     $('#create_encrypted').on('click', function() {
         var $code = $('#code');
 
-        // save CM into textarea
-        CM.editor.save();
-
         // encrypt the paste
         var key = ST.crypto_generate_key(32);
         var plaintext = $code.val();
@@ -147,10 +144,14 @@ ST.crypto = function() {
                 'code': encrypted,
                 'lang': $('#lang').val(),
                 'expire': $('#expire').val(),
+                'captcha': $('#captcha').val(),
                 'reply': $('input[name=reply]').val()
             },
             function(redirect_url) {
-                if (redirect_url.indexOf('invalid') > -1) {
+                if (redirect_url.indexOf('E_CAPTCHA') > -1) {
+                    $('.container .message').remove();
+                    $('.container:eq(1)').prepend('
The captcha is incorrect.
');
+                } else if (redirect_url.indexOf('invalid') > -1) {
                     $('#create_encrypted').parent().html('
' + redirect_url + '#' + key + '
');
                 } else {
                     window.location.href = base_url + redirect_url + '#' + key;
@@ -190,14 +191,16 @@ ST.crypto = function() {
                     .replace(/{{{breaking_space}}}/g, ' ')
                     .replace(/\n/g, '
')
 
-                $('section blockquote.CodeMirror div').html(decrypted);
+                $('.row .span12 .CodeMirror').html(decrypted);
 
                 // kick out potential dangerous and unnecessary stuff
-                $('section blockquote.CodeMirror div').css('background', '#efe');
+                $('.text_formatted').css('background', '#efe');
                 $('.replies').hide();
-                for (var i = 2; i <= 5; i++) {
+                for (var i = 2; i <= 7; i++) {
                     $('.meta .detail:nth-child(' + i + ')').hide();
                 }
+                $('.meta .spacer:first').hide();
+                $('.qr').hide();
             } catch (e) {}
         }
     }
diff --git a/htdocs/themes/bootstrap/views/defaults/paste_form.php b/htdocs/themes/bootstrap/views/defaults/paste_form.php
index d6fea40..f2874fe 100644
--- a/htdocs/themes/bootstrap/views/defaults/paste_form.php
+++ b/htdocs/themes/bootstrap/views/defaults/paste_form.php
@@ -1,4 +1,3 @@
-
 
 
 

@@ -43,7 +42,7 @@
 			

 			

 				

-					
+					
 				

 			

 
@@ -85,7 +84,6 @@
 						
 						 lang('exp_burn'),
                                         "5" => lang('exp_5min'),
@@ -98,7 +96,7 @@
                             if(! config_item('disable_keep_forever')) {
                                 $options['0'] = lang('exp_forever');
                             }
-						echo form_dropdown('expire', $options, $default_expiration, $expire_extra); ?>
+						echo form_dropdown('expire', $options, $expire_set, $expire_extra); ?>
 					
 				
 			
@@ -125,6 +123,14 @@
 					
 					
 				
+				config->item('csrf_protection') === TRUE)
+				{
+					if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+						echo ''."\n";
+					}
+				}
+				?>
 			
 		
 	
diff --git a/htdocs/themes/bootstrap/views/view/view.php b/htdocs/themes/bootstrap/views/view/view.php
index f93596f..39f7fc4 100644
--- a/htdocs/themes/bootstrap/views/view/view.php
+++ b/htdocs/themes/bootstrap/views/view/view.php
@@ -25,7 +25,9 @@ if(isset($insert)){
 					
   
 
 				

+config->item('qr_enabled')) { ?>
                     
+
 				

 
     
diff --git a/htdocs/themes/cleanwhite/views/defaults/paste_form.php b/htdocs/themes/cleanwhite/views/defaults/paste_form.php
index f09b904..ad28bec 100644
--- a/htdocs/themes/cleanwhite/views/defaults/paste_form.php
+++ b/htdocs/themes/cleanwhite/views/defaults/paste_form.php
@@ -1,4 +1,3 @@
-
 
 
 

@@ -48,7 +47,7 @@
                 
 			
 			
-			
+			
 		
																											
 
 			config->item('enable_captcha') && $this->session->userdata('is_human') === null){ ?>
@@ -133,5 +132,13 @@
 
 		

 		

+		config->item('csrf_protection') === TRUE)
+		{
+			if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+				echo ''."\n";
+			}
+		}
+		?>
 	
 

diff --git a/htdocs/themes/default/js/stikked.js b/htdocs/themes/default/js/stikked.js
index e2f207d..eda19d8 100644
--- a/htdocs/themes/default/js/stikked.js
+++ b/htdocs/themes/default/js/stikked.js
@@ -173,10 +173,14 @@ ST.crypto = function() {
                 'code': encrypted,
                 'lang': $('#lang').val(),
                 'expire': $('#expire').val(),
+                'captcha': $('#captcha').val(),
                 'reply': $('input[name=reply]').val()
             },
             function(redirect_url) {
-                if (redirect_url.indexOf('invalid') > -1) {
+                if (redirect_url.indexOf('E_CAPTCHA') > -1) {
+                    $('.content .container .message').remove();
+                    $('.content .container').prepend('
The captcha is incorrect.
');
+                } else if (redirect_url.indexOf('invalid') > -1) {
                     $('#create_encrypted').parent().html('
' + redirect_url + '#' + key + '
');
                 } else {
                     window.location.href = base_url + redirect_url + '#' + key;
diff --git a/htdocs/themes/default/views/defaults/paste_form.php b/htdocs/themes/default/views/defaults/paste_form.php
index 5816287..38b7247 100644
--- a/htdocs/themes/default/views/defaults/paste_form.php
+++ b/htdocs/themes/default/views/defaults/paste_form.php
@@ -43,7 +43,7 @@
                 
 			
 
-			
+			
 
 		
 
@@ -86,7 +86,6 @@
 				
 				 lang('exp_burn'),
 									"5" => lang('exp_5min'),
@@ -99,7 +98,7 @@
                     if(! config_item('disable_keep_forever')) {
                         $options['0'] = lang('exp_forever');
                     }
-				echo form_dropdown('expire', $options, $default_expiration, $expire_extra); ?>
+				echo form_dropdown('expire', $options, $expire_set, $expire_extra); ?>
 			
 		
 
@@ -131,6 +130,15 @@
 ?>
 
 		

+		config->item('csrf_protection') === TRUE)
+		{
+			if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+				echo ''."\n";
+			}
+		}
+		?>
 		

+
 	
 
diff --git a/htdocs/themes/default/views/view/view.php b/htdocs/themes/default/views/view/view.php
index 0a88311..9604ca2 100644
--- a/htdocs/themes/default/views/view/view.php
+++ b/htdocs/themes/default/views/view/view.php
@@ -45,7 +45,9 @@ if(isset($insert)){
             
 		
 		

+config->item('qr_enabled')) { ?>
 			
+
 		

 	
 
diff --git a/htdocs/themes/geocities/views/defaults/paste_form.php b/htdocs/themes/geocities/views/defaults/paste_form.php
index 376e100..541d49a 100644
--- a/htdocs/themes/geocities/views/defaults/paste_form.php
+++ b/htdocs/themes/geocities/views/defaults/paste_form.php
@@ -1,4 +1,3 @@
-
 
 
 

@@ -50,7 +49,7 @@
 			

 			

 				

-					
+					
 				

 			

 
@@ -132,6 +131,14 @@
 					
 				
 			
+			config->item('csrf_protection') === TRUE)
+			{
+				if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+					echo ''."\n";
+				}
+			}
+			?>
 		
 	
 
diff --git a/htdocs/themes/geocities/views/view/view_footer.php b/htdocs/themes/geocities/views/view/view_footer.php
index eb97c0b..1a93e59 100644
--- a/htdocs/themes/geocities/views/view/view_footer.php
+++ b/htdocs/themes/geocities/views/view/view_footer.php
@@ -3,7 +3,14 @@
 ' . json_encode($codemirror_modes) . '';
+if(isset($codemirror_modes)){
+    echo '';
+}
+
+//ace modes
+if(isset($ace_modes)){
+    echo '';
+}
 
 //stats
 $this->load->view('defaults/stats');
diff --git a/htdocs/themes/i386/views/defaults/paste_form.php b/htdocs/themes/i386/views/defaults/paste_form.php
index 766063e..5a236e6 100644
--- a/htdocs/themes/i386/views/defaults/paste_form.php
+++ b/htdocs/themes/i386/views/defaults/paste_form.php
@@ -1,4 +1,3 @@
-
 
 
 

@@ -50,7 +49,7 @@
 			

 			

 				

-					
+					
 				

 			

 
@@ -92,7 +91,6 @@
 						
 						 lang('exp_burn'),
                                         "5" => lang('exp_5min'),
@@ -105,7 +103,7 @@
                             if(! config_item('disable_keep_forever')) {
                                 $options['0'] = lang('exp_forever');
                             }
-						echo form_dropdown('expire', $options, $default_expiration, $expire_extra); ?>
+						echo form_dropdown('expire', $options, $expire_set, $expire_extra); ?>
 					
 				
 			
@@ -134,6 +132,14 @@
 					
 					
 				
+				config->item('csrf_protection') === TRUE)
+				{
+					if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+						echo ''."\n";
+					}
+				}
+				?>
 			
 		
 	
diff --git a/htdocs/themes/i386/views/view/view_footer.php b/htdocs/themes/i386/views/view/view_footer.php
index 471e229..8170a6e 100644
--- a/htdocs/themes/i386/views/view/view_footer.php
+++ b/htdocs/themes/i386/views/view/view_footer.php
@@ -3,7 +3,14 @@
 ' . json_encode($codemirror_modes) . '';
+if(isset($codemirror_modes)){
+    echo '';
+}
+
+//ace modes
+if(isset($ace_modes)){
+    echo '';
+}
 
 //stats
 $this->load->view('defaults/stats');
diff --git a/htdocs/themes/stikkedizr/views/defaults/paste_form.php b/htdocs/themes/stikkedizr/views/defaults/paste_form.php
index 4849827..c0236f5 100644
--- a/htdocs/themes/stikkedizr/views/defaults/paste_form.php
+++ b/htdocs/themes/stikkedizr/views/defaults/paste_form.php
@@ -1,5 +1,4 @@
-
-
+
 
 

 	

@@ -49,7 +48,7 @@
 			

 			

 				

-					
+					
 				

 			

 
@@ -134,6 +133,14 @@
 					
 				
 			

+			config->item('csrf_protection') === TRUE)
+			{
+				if(isset($_COOKIE[$this->config->item('csrf_cookie_name')])) {
+					echo ''."\n";
+				}
+			}
+			?>
 		
 	
 
diff --git a/htdocs/themes/stikkedizr/views/view/view.php b/htdocs/themes/stikkedizr/views/view/view.php
index 3feb83f..f5ee807 100644
--- a/htdocs/themes/stikkedizr/views/view/view.php
+++ b/htdocs/themes/stikkedizr/views/view/view.php
@@ -44,7 +44,9 @@ if(isset($insert)){
 
 				
 				

+config->item('qr_enabled')) { ?>
 					
+
 				

 			
 		
diff --git a/htdocs/themes/stikkedizr/views/view/view_footer.php b/htdocs/themes/stikkedizr/views/view/view_footer.php
index e2cac07..43631bd 100644
--- a/htdocs/themes/stikkedizr/views/view/view_footer.php
+++ b/htdocs/themes/stikkedizr/views/view/view_footer.php
@@ -3,7 +3,14 @@
 ' . json_encode($codemirror_modes) . '';
+if(isset($codemirror_modes)){
+    echo '';
+}
+
+//ace modes
+if(isset($ace_modes)){
+    echo '';
+}
 
 //Javascript
 $this->carabiner->js('jquery.js');